Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Malware Infection (Frequent Desktop Lockups)


  • This topic is locked This topic is locked
10 replies to this topic

#1 Z_J_Dougan

Z_J_Dougan

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 11 July 2009 - 06:50 PM

Hello all,

I believe my system may be infected with some sort of malware. My system is frequently "locking up" when I am on the desktop or using Firefox. When I run programs that do not run in a windowed mode they frequently crash to the desktop and then shortly after, the desktop will lock up. When the lockups occur all processor activity seems to cease, and although the mouse still responds, I am unable to shutdown or restart the computer by any means other than the power button on my case. I've run full scans of my system with Symantec Endpoint Protection, Spybot, and AdAware. All of the scans failed to detect anything, but I am inexperienced at dealing with spyware/malware threats. Any advice would be greatly appreciated. Thank you in advance for your time and help.


DDS LOG:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Zach at 16:31:56.89 on Sat 07/11/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.532 [GMT -7:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *enabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
F:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Zach\Desktop\dds.scr

============== Pseudo HJT Report ===============

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\zach\applic~1\mozilla\firefox\profiles\b5jt83gr.default\
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-7-10 64160]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-17 108392]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-5-12 2440632]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2009-3-4 99352]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2009-3-4 555032]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2009-3-4 566296]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-20 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090710.067\NAVENG.SYS [2009-7-11 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090710.067\NAVEX15.SYS [2009-7-11 876144]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-11-18 23888]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2009-3-4 99352]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2009-6-17 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2009-3-4 555032]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2009-3-4 100888]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2009-3-4 100888]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2009-3-4 566296]

=============== Created Last 30 ================

2009-07-11 14:00 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-11 14:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-11 09:25 <DIR> --d----- C:\IMPORTANT (financial stuff by gabe for mom)
2009-07-10 23:09 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-07-10 23:07 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-10 23:07 <DIR> --d----- c:\program files\Lavasoft
2009-07-10 22:33 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-07-10 22:30 <DIR> --d----- c:\program files\Microsoft Streets & Trips
2009-07-10 22:30 <DIR> --d----- c:\program files\Microsoft Picture It! 7
2009-07-10 22:30 <DIR> --d----- c:\program files\Microsoft Encarta
2009-07-10 22:30 <DIR> --d----- c:\windows\ShellNew
2009-07-10 22:30 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-07-10 22:30 <DIR> --d----- c:\program files\Microsoft Works Suite 2003
2009-07-10 22:30 <DIR> --d----- c:\program files\Sony Online Entertainment
2009-07-10 22:30 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Sony Online Entertainment
2009-07-10 22:27 <DIR> --d----- c:\windows\system32\xlive
2009-07-10 22:27 <DIR> --d----- c:\program files\Microsoft Games for Windows - LIVE
2009-07-07 16:19 <DIR> --d----- c:\windows\pss
2009-07-01 14:38 <DIR> --d----- C:\SIERRA
2009-06-28 14:57 <DIR> --d----- c:\program files\Activision
2009-06-21 13:32 <DIR> --d----- C:\backup
2009-06-20 17:06 159,232 a------- c:\windows\system32\ptpusd.dll
2009-06-20 17:06 5,632 a------- c:\windows\system32\ptpusb.dll
2009-06-20 17:06 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-06-20 17:06 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-06-20 14:46 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-20 11:17 91,976 a------- c:\windows\system32\drivers\SysPlant.sys
2009-06-20 11:17 123,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-20 11:17 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-06-20 11:17 10,563 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-06-20 11:17 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-06-20 11:16 <DIR> --d----- c:\program files\Symantec
2009-06-20 11:16 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-20 11:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-06-18 03:30 11,564 a------- c:\windows\system32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
2009-06-17 23:31 4,931,577 a------- c:\windows\{00000004-00000000-00000001-00001102-00000004-10031102}.BAK
2009-06-17 23:31 4,931,577 a------- c:\windows\{00000004-00000000-00000001-00001102-00000004-10031102}.CDF
2009-06-17 23:28 <DIR> --d----- c:\program files\common files\Creative Labs Shared
2009-06-17 23:28 444,952 a------- c:\windows\system32\wrap_oal.dll
2009-06-17 23:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-06-17 23:19 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-06-15 20:15 82,774 a------- c:\windows\Uninstall Jade Empire.exe
2009-06-15 20:01 <DIR> --d----- c:\program files\Jade Empire
2009-06-12 22:06 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trymedia
2009-06-12 22:04 <DIR> --ds---- c:\documents and settings\zach\UserData
2009-06-12 21:33 306,688 a------- c:\windows\IsUninst.exe

==================== Find3M ====================

2009-06-17 23:28 109,080 a------- c:\windows\system32\OpenAL32.dll
2009-06-10 10:00 43,520 a------- c:\windows\system32\CmdLineExt03.dll
2009-06-08 10:54 87,263 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-06-07 01:32 1,700,352 a------- c:\windows\system32\gdiplus.dll
2009-06-07 01:30 34,222,113 a------- c:\documents and settings\zach\GTA4_Patch1.zip
2009-06-05 17:10 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-06-05 00:47 108,144 a------- c:\windows\system32\CmdLineExt.dll
2009-06-04 19:03 22,720 a------- c:\windows\system32\emptyregdb.dat
2009-06-04 18:39 558,142 a------- c:\windows\java\packages\D37H7FP7.ZIP
2009-06-04 18:39 2,678 a------- c:\windows\java\packages\data\VRZDF5BL.DAT
2009-06-04 18:39 155,995 a------- c:\windows\java\packages\LVPZFH3H.ZIP
2009-06-04 18:39 2,678 a------- c:\windows\java\packages\data\D7FVVDZP.DAT
2009-06-04 18:39 2,678 a------- c:\windows\java\packages\data\S417HBDZ.DAT
2009-06-04 18:39 2,678 a------- c:\windows\java\packages\data\LBLBDVDF.DAT
2009-06-04 18:39 2,678 a------- c:\windows\java\packages\data\5BV9RZHZ.DAT
2009-05-29 13:36 2,060,288 a------- c:\windows\system32\usbaaplrc.dll
2009-05-29 13:36 39,424 a------- c:\windows\system32\drivers\usbaapl.sys
2009-05-12 21:56 42,312 a------- c:\windows\system32\drivers\WPSDRVnt.sys
2009-05-12 21:56 357,704 a------- c:\windows\system32\sysfer.dll
2009-05-12 21:56 107,848 a------- c:\windows\system32\SymVPN.dll
2009-05-12 21:55 49,480 a------- c:\windows\system32\FwsVpn.dll
2009-05-07 08:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 00:31 1,657,376 a------- c:\windows\system32\nwiz.exe
2009-05-01 00:31 449,056 a------- c:\windows\system32\nvappbar.exe
2009-05-01 00:31 436,768 a------- c:\windows\system32\keystone.exe
2009-05-01 00:31 1,724,416 a------- c:\windows\system32\nvwdmcpl.dll
2009-05-01 00:31 1,507,328 a------- c:\windows\system32\nview.dll
2009-05-01 00:31 1,101,824 a------- c:\windows\system32\nvwimg.dll
2009-05-01 00:31 466,944 a------- c:\windows\system32\nvshell.dll
2009-04-30 22:02 9,994,240 a------- c:\windows\system32\nvoglnt.dll
2009-04-30 22:02 5,896,320 a------- c:\windows\system32\nv4_disp.dll
2009-04-30 22:02 1,720,320 a------- c:\windows\system32\nvcuda.dll
2009-04-30 22:02 1,579,630 a------- c:\windows\system32\nvdata.bin
2009-04-30 22:02 1,314,816 a------- c:\windows\system32\nvcuvenc.dll
2009-04-30 22:02 806,912 a------- c:\windows\system32\nvapi.dll
2009-04-30 22:02 663,552 a------- c:\windows\system32\nvcuvid.dll
2009-04-30 22:02 457,248 a------- c:\windows\system32\nvudisp.exe
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcodins.dll
2009-04-30 22:02 143,360 a------- c:\windows\system32\nvcod.dll
2009-04-28 21:46 666,624 a------- c:\windows\system32\wininet.dll
2009-04-28 21:46 81,920 a------- c:\windows\system32\ieencode.dll
2009-04-27 00:42 457,248 a------- c:\windows\system32\NVUNINST.EXE
2009-04-17 05:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 07:51 585,216 a------- c:\windows\system32\rpcrt4.dll

============= FINISH: 16:32:24.62 ===============


Again, thank you for your help.

BC AdBot (Login to Remove)

 


m

#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 AM

Posted 20 July 2009 - 04:30 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 Z_J_Dougan

Z_J_Dougan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 20 July 2009 - 05:33 PM

Here are the requested logs.

MBAM LOG:

Malwarebytes' Anti-Malware 1.39
Database version: 2468
Windows 5.1.2600 Service Pack 3

7/20/2009 3:19:16 PM
mbam-log-2009-07-20 (15-19-16).txt

Scan type: Full Scan (C:\|F:\|H:\|)
Objects scanned: 273483
Time elapsed: 1 hour(s), 19 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



LOG.TXT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Zach at 2009-07-20 15:27:51
Microsoft Windows XP Professional Service Pack 3
System drive C: has 64 GB (42%) free of 153 GB
Total RAM: 1022 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:13 PM, on 7/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Zach\Desktop\RSIT.exe
F:\Program Files\Trend Micro\HijackThis\Zach.exe

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 3813 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-03-17 115560]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-06-10 13758464]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-06-10 86016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"=C:\Program Files\Microsoft Money\System\mnyexpr.exe [2003-06-18 200704]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Iomega\Discovery Tool Pro\Iomega NAS Discovery.exe"="C:\Program Files\Iomega\Discovery Tool Pro\Iomega NAS Discovery.exe:*:Enabled:Iomega NAS Discovery Tool"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD"
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater"
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe"="C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe"="C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe"="C:\Program Files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe"="C:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-07-20 15:27:51 ----D---- C:\rsit
2009-07-20 13:57:54 ----D---- C:\Documents and Settings\Zach\Application Data\Malwarebytes
2009-07-20 13:57:48 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-20 13:57:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-17 12:00:05 ----D---- C:\Program Files\DAEMON Tools Lite
2009-07-16 13:47:27 ----A---- C:\CDmage.ini
2009-07-15 01:42:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 01:42:11 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 01:40:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-11 20:45:39 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-07-11 14:00:55 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-11 14:00:55 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-11 09:25:25 ----D---- C:\IMPORTANT (financial stuff by gabe for mom)
2009-07-10 23:07:44 ----HDC---- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-07-10 23:07:34 ----D---- C:\Program Files\Lavasoft
2009-07-10 23:07:34 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-07-10 22:30:55 ----D---- C:\Program Files\Microsoft Streets & Trips
2009-07-10 22:30:53 ----D---- C:\Program Files\Microsoft Picture It! 7
2009-07-10 22:30:46 ----D---- C:\Program Files\Microsoft Encarta
2009-07-10 22:30:42 ----D---- C:\WINDOWS\ShellNew
2009-07-10 22:30:42 ----D---- C:\Program Files\Common Files\Designer
2009-07-10 22:30:41 ----D---- C:\Program Files\Microsoft Office
2009-07-10 22:30:41 ----D---- C:\Program Files\Microsoft ActiveSync
2009-07-10 22:30:26 ----D---- C:\Program Files\Microsoft Works Suite 2003
2009-07-10 22:30:16 ----D---- C:\Program Files\Sony Online Entertainment
2009-07-10 22:30:16 ----D---- C:\Documents and Settings\All Users\Application Data\Sony Online Entertainment
2009-07-10 22:27:15 ----D---- C:\WINDOWS\system32\xlive
2009-07-10 22:27:15 ----D---- C:\Program Files\Microsoft Games for Windows - LIVE
2009-07-10 14:10:52 ----D---- C:\Config.Msi
2009-07-08 11:35:14 ----A---- C:\WINDOWS\Doom 3 Uninstall Log.txt
2009-07-07 16:19:56 ----D---- C:\WINDOWS\pss
2009-07-01 14:38:57 ----D---- C:\SIERRA
2009-06-28 14:57:04 ----D---- C:\Program Files\Activision
2009-06-21 13:32:01 ----D---- C:\backup

======List of files/folders modified in the last 1 months======

2009-07-20 15:27:58 ----D---- C:\WINDOWS\Prefetch
2009-07-20 15:26:46 ----D---- C:\Program Files\Mozilla Firefox
2009-07-20 15:24:24 ----D---- C:\WINDOWS\Temp
2009-07-20 15:22:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-20 13:57:49 ----D---- C:\WINDOWS\system32\drivers
2009-07-20 13:57:47 ----RD---- C:\Program Files
2009-07-20 09:44:22 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-18 12:38:41 ----D---- C:\Program Files\Steam
2009-07-18 00:04:13 ----D---- C:\Documents and Settings\Zach\Application Data\uTorrent
2009-07-16 20:54:46 ----D---- C:\Program Files\uTorrent
2009-07-16 13:44:57 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-16 12:22:57 ----D---- C:\WINDOWS
2009-07-16 12:22:20 ----D---- C:\WINDOWS\system32
2009-07-16 12:20:08 ----SHD---- C:\WINDOWS\Installer
2009-07-16 12:19:45 ----D---- C:\WINDOWS\Help
2009-07-16 12:18:59 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-16 12:18:43 ----HD---- C:\WINDOWS\inf
2009-07-16 12:18:43 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-16 12:18:11 ----D---- C:\NVIDIA
2009-07-16 12:04:36 ----A---- C:\WINDOWS\system32\CmdLineExt.dll
2009-07-16 10:20:15 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-15 01:42:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-15 01:42:15 ----A---- C:\WINDOWS\imsins.BAK
2009-07-11 23:00:50 ----A---- C:\WINDOWS\avisplitter.ini
2009-07-11 13:55:04 ----A---- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-10031102}.BAK
2009-07-11 11:51:13 ----D---- C:\Program Files\Common Files
2009-07-11 09:17:58 ----D---- C:\Program Files\Microsoft Money
2009-07-11 09:17:50 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-10 23:09:42 ----SD---- C:\WINDOWS\Tasks
2009-07-10 23:09:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-10 23:07:27 ----D---- C:\WINDOWS\WinSxS
2009-07-10 22:33:28 ----D---- C:\WINDOWS\system32\config
2009-07-10 22:33:13 ----D---- C:\WINDOWS\system32\wbem
2009-07-10 22:33:13 ----D---- C:\WINDOWS\Registration
2009-07-10 22:31:27 ----D---- C:\Program Files\Microsoft Works
2009-07-10 22:31:14 ----RSD---- C:\WINDOWS\Fonts
2009-07-10 22:31:12 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-10 22:28:05 ----D---- C:\Program Files\Bethesda Softworks
2009-07-10 22:27:03 ----D---- C:\Downloads
2009-07-10 14:08:59 ----D---- C:\WINDOWS\system32\Restore
2009-07-07 18:29:24 ----A---- C:\WINDOWS\win.ini
2009-07-07 18:29:24 ----A---- C:\WINDOWS\system.ini
2009-07-07 16:02:13 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-07 08:10:56 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-04 00:02:15 ----D---- C:\Program Files\LucasArts
2009-06-30 22:30:59 ----SD---- C:\Documents and Settings\Zach\Application Data\Microsoft
2009-06-21 11:33:21 ----D---- C:\Documents and Settings\Zach\Application Data\Bioshock
2009-06-21 08:46:58 ----A---- C:\WINDOWS\system32\NVUNINST.EXE

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-03-04 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-03-04 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2008-08-21 191536]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 b57w2k;Broadcom NetXtreme 57xx Gigabit Controller; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2004-04-29 186112]
R3 COMMONFX.SYS;COMMONFX.SYS; C:\WINDOWS\System32\drivers\COMMONFX.SYS [2009-03-04 99352]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2009-03-04 511000]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2009-03-04 528408]
R3 CTAUDFX.SYS;CTAUDFX.SYS; C:\WINDOWS\System32\drivers\CTAUDFX.SYS [2009-03-04 555032]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2009-03-04 14360]
R3 CTSBLFX.SYS;CTSBLFX.SYS; C:\WINDOWS\System32\drivers\CTSBLFX.SYS [2009-03-04 566296]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2009-03-04 157208]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2009-03-04 92696]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2009-03-04 798744]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\System32\drivers\hap16v2k.sys [2009-03-04 162840]
R3 IntelC51;IntelC51; C:\WINDOWS\system32\DRIVERS\IntelC51.sys [2004-03-05 1233525]
R3 IntelC52;IntelC52; C:\WINDOWS\system32\DRIVERS\IntelC52.sys [2004-03-05 647929]
R3 IntelC53;IntelC53; C:\WINDOWS\system32\DRIVERS\IntelC53.sys [2004-03-05 60949]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mohfilt;mohfilt; C:\WINDOWS\system32\DRIVERS\mohfilt.sys [2004-03-05 37048]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090719.004\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090719.004\NAVEX15.SYS []
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-06-10 8087712]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2009-03-04 127512]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2008-08-21 27696]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2008-10-14 49536]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 aalcvhns;aalcvhns; C:\WINDOWS\system32\drivers\aalcvhns.sys []
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 COMMONFX;COMMONFX; C:\WINDOWS\system32\drivers\COMMONFX.SYS [2009-03-04 99352]
S3 CTAUDFX;CTAUDFX; C:\WINDOWS\system32\drivers\CTAUDFX.SYS [2009-03-04 555032]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\System32\drivers\ctdvda2k.sys [2009-03-04 347080]
S3 CTERFXFX.SYS;CTERFXFX.SYS; C:\WINDOWS\System32\drivers\CTERFXFX.SYS [2009-03-04 100888]
S3 CTERFXFX;CTERFXFX; C:\WINDOWS\system32\drivers\CTERFXFX.SYS [2009-03-04 100888]
S3 CTSBLFX;CTSBLFX; C:\WINDOWS\system32\drivers\CTSBLFX.SYS [2009-03-04 566296]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2009-03-04 189464]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-03-04 319920]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-05-29 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2009-05-12 91976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-05-29 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-17 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-03-17 108392]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2009-01-08 307200]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-03 1029456]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-06-10 168004]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-05-12 1803592]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-05-12 2440632]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\system32\MsPMSPSv.exe [2000-06-26 53520]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-17 79360]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2009-03-20 3093880]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-02-01 320840]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-13 44032]
S4 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-05-30 541992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------



INFO.TXT:
Record Number: 1341
Source Name: Userenv
Time Written: 20090709082115.000000-420
Event Type: warning
User: JOHN-M6PNT5VJS2\Zach

Computer Name: JOHN-M6PNT5VJS2
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01bf1d86.

Record Number: 1319
Source Name: Application Error
Time Written: 20090708190005.000000-420
Event Type: error
User:

Computer Name: JOHN-M6PNT5VJS2
Event Code: 1000
Message: Faulting application swkotor.exe, version 1.0.3.0, faulting module unknown, version 0.0.0.0, fault address 0x0109d859.

Record Number: 1318
Source Name: Application Error
Time Written: 20090708165933.000000-420
Event Type: error
User:

Computer Name: JOHN-M6PNT5VJS2
Event Code: 1517
Message: Windows saved user JOHN-M6PNT5VJS2\Zach registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1287
Source Name: Userenv
Time Written: 20090708115247.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JOHN-M6PNT5VJS2
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 1286
Source Name: Userenv
Time Written: 20090708115246.000000-420
Event Type: warning
User: JOHN-M6PNT5VJS2\Zach

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------


Again, thank you for your help.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 AM

Posted 20 July 2009 - 11:52 PM

Hi Z_J_Dougan,

The info.txt log you posted is incomplete, it should have a list of the programs you have installed. Please
post the log again it will be located here:

C:\rsit\info.txt


We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop:
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs, as this process may crash your computer.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with gmer's driver.
  • Double click on Gmer to run it.
  • Allow the gmer.sys driver to load if asked.
  • You may see a rootkit warning window, If you do, click No.
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

unite.jpg


#5 Z_J_Dougan

Z_J_Dougan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 21 July 2009 - 04:14 PM

Hey, apologies about the info.txt file... dunno what went wrong in the copy/paste process. The GMER log follows after the info.txt

Hopefully this is the complete file:

INFO.TXT:

info.txt logfile of random's system information tool 1.06 2009-07-20 15:28:16

======Uninstall list======

-->"C:\Program Files\Creative\SBAudigy2\Program\SETUP.EXE" /S /U /W /L:ENG
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CDDF96A-BC34-4D72-9ABA-E1FFF0C39977}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{77ACE67A-0D21-4CEF-8A97-ED20A61B978B}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7A900EAB-DA37-4554-AF19-9C337476D05D}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9A4D2983-4662-4387-BE3D-4CFC2FA9C100}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C6866B7D-ACFD-4C49-B77B-3B2F8CF54B96}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EE6699B3-E5AD-4E59-8F2B-207DF630670C}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FD851F7E-F887-405D-9E1C-488811113EF3}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CC3D3A93-C433-4329-AC3A-7EFC52A332C2}\setup.exe" -l0x9 /remove
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Across Lite 2.0-->C:\PROGRA~1\Litsoft\ACROSS~1.0\UNWISE.EXE C:\PROGRA~1\Litsoft\ACROSS~1.0\INSTALL.LOG
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Apple Mobile Device Support-->MsiExec.exe /I{659B48CD-0608-4ED5-94C0-0B6C87114F10}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
BioShock-->C:\Program Files\InstallShield Installation Information\{E280923D-C5D9-4728-8C79-AC9A0DC75875}\Setup.exe -runfromtemp -l0x0009 -removeonly
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Gigabit Integrated Controller-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE6890C7-31EF-478C-812E-1E2899ABFCA9} /l1033
Creative Audio Console-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\setup.exe" -l0x9 /remove
Creative MediaSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56F3E1FF-54FE-4384-A153-6CCABA097814}\SETUP.EXE" -l0x9 /remove
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Driver Detective-->MsiExec.exe /X{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}
Fallout 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x9 -removeonly
Half-Life 2: Episode One-->"C:\Program Files\Steam\steam.exe" steam://uninstall/380
Half-Life 2: Episode Two-->"C:\Program Files\Steam\steam.exe" steam://uninstall/420
Half-Life 2-->"C:\Program Files\Steam\steam.exe" steam://uninstall/220
HijackThis 2.0.2-->"F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Icewind Dale II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{588C135F-0B15-4A02-8F2D-04697BE2904E}\Setup.exe" -l0x9
Intel® 537EP V9x DF PCI Modem-->rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP V9x DF PCI Modem"
Iomega Discovery Tool Pro-->MsiExec.exe /X{389D45C9-AA08-4034-A256-2A38C311999D}
iTunes-->MsiExec.exe /I{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}
Jade Empire-->C:\WINDOWS\Uninstall Jade Empire.exe
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
JEOPARDY! (remove only)-->"C:\Program Files\Sony Online Entertainment\JEOPARDY!\Uninstall JEOPARDY!.exe"
K-Lite Codec Pack 4.1.6 (Full)-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
LiveUpdate 3.3 (Symantec Corporation)-->"C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Encarta Encyclopedia Standard 2003-->MsiExec.exe /I{03410014-3975-4267-9F39-1DC4745090B7}
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{FD052FB9-FE90-4438-B355-15EDC89D8FB1}
Microsoft Money 2004 System Pack-->MsiExec.exe /I{8C64E145-54BA-11D6-91B1-00500462BE80}
Microsoft Money 2004-->MsiExec.exe /I{1D643CD7-4DD6-11D7-A4E0-000874180BB3}
Microsoft Picture It! Photo 7.0-->MsiExec.exe /I{369B36BE-3D64-4641-9AEA-808D436FE132}
Microsoft Streets and Trips 2002-->MsiExec.exe /I{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Word 2002-->MsiExec.exe /I{911B0409-6000-11D3-8CFE-0050048383C9}
Microsoft Works 2003 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2003\Setup\Launcher.exe D:\
Microsoft Works 7.0-->MsiExec.exe /I{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}
Microsoft Works Suite Add-in for Microsoft Word-->MsiExec.exe /I{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}
Mozilla Firefox (3.0.11)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Neverwinter Nights 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\SETUP.exe" -l0x9 -removeonly
Neverwinter Nights-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Setup.exe" -l0x9
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Oblivion-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x9 -removeonly
Portal-->"C:\Program Files\Steam\steam.exe" steam://uninstall/400
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Samsung ML-1710 Series-->C:\WINDOWS\Samsung\ML1710\Setup.exe /l9
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Sid Meier's Pirates!-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}
Sound Blaster Audigy 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E82BF103-904F-49C0-B77F-6EC110B71E87}\SETUP.EXE" -l0x9
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Star Wars Jedi Knight Jedi Academy-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0D994CC5-819F-4657-84DD-397B8FE1EA80}\Setup.exe" -l0x9
Star Wars® Knights of the Old Republic® II: The Sith Lords™-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{629F65FB-7F3C-4D66-A1C0-20722744B7B6}\setup.exe" -l0x9 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec Endpoint Protection-->MsiExec.exe /I{D689B418-235A-4290-A0A5-A75E490E0351}
Tron 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "F:\Program Files\Buena Vista Interactive\Tron 2.0\Setup.EXE" -l0x9
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
X-COM: UFO Defense-->"C:\Program Files\Steam\steam.exe" steam://uninstall/7760

=====HijackThis Backups=====

O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe [2009-07-10]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.1.4/ [2009-07-10]
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) [2009-07-10]
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [2009-07-10]
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll [2009-07-10]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2009-07-10]
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [2009-07-10]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local [2009-07-10]
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [2009-07-10]
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') [2009-07-11]
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName [2009-07-11]
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) [2009-07-11]
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC [2009-07-11]
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') [2009-07-11]
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') [2009-07-11]
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 [2009-07-11]
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC [2009-07-11]
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [2009-07-11]
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [2009-07-11]
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') [2009-07-11]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll [2009-07-11]
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) [2009-07-11]
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe [2009-07-11]
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll [2009-07-11]
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe [2009-07-11]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-07-11]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-07-11]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-07-11]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-07-11]
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe [2009-07-11]
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE [2009-07-11]
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2009-07-11]

======Security center information======

AV: Symantec Endpoint Protection
FW: Symantec Endpoint Protection

======System event log======

Computer Name: JOHN-M6PNT5VJS2
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 87
Source Name: Disk
Time Written: 20090717144359.000000-420
Event Type: warning
User:

Computer Name: JOHN-M6PNT5VJS2
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 86
Source Name: Disk
Time Written: 20090717141518.000000-420
Event Type: warning
User:

Computer Name: JOHN-M6PNT5VJS2
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 84
Source Name: Disk
Time Written: 20090717134348.000000-420
Event Type: warning
User:

Computer Name: JOHN-M6PNT5VJS2
Event Code: 51
Message: An error was detected on device \Device\Harddisk2\D during a paging operation.

Record Number: 83
Source Name: Disk
Time Written: 20090717132559.000000-420
Event Type: warning
User:

Computer Name: JOHN-M6PNT5VJS2
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 23
Source Name: Tcpip
Time Written: 20090717120501.000000-420
Event Type: warning
User:

=====Application event log=====

Computer Name: JOHN-M6PNT5VJS2
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 1341
Source Name: Userenv
Time Written: 20090709082115.000000-420
Event Type: warning
User: JOHN-M6PNT5VJS2\Zach

Computer Name: JOHN-M6PNT5VJS2
Event Code: 1000
Message: Faulting application iexplore.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01bf1d86.

Record Number: 1319
Source Name: Application Error
Time Written: 20090708190005.000000-420
Event Type: error
User:

Computer Name: JOHN-M6PNT5VJS2
Event Code: 1000
Message: Faulting application swkotor.exe, version 1.0.3.0, faulting module unknown, version 0.0.0.0, fault address 0x0109d859.

Record Number: 1318
Source Name: Application Error
Time Written: 20090708165933.000000-420
Event Type: error
User:

Computer Name: JOHN-M6PNT5VJS2
Event Code: 1517
Message: Windows saved user JOHN-M6PNT5VJS2\Zach registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1287
Source Name: Userenv
Time Written: 20090708115247.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: JOHN-M6PNT5VJS2
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 1286
Source Name: Userenv
Time Written: 20090708115246.000000-420
Event Type: warning
User: JOHN-M6PNT5VJS2\Zach

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\j2re1.4.2_03\lib\ext\QTJava.zip

-----------------EOF-----------------


GMER.LOG:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-21 13:09:57
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 864C25B8 ZwAlertResumeThread
SSDT 864A86E8 ZwAlertThread
SSDT 8647D728 ZwAllocateVirtualMemory
SSDT 8647CD80 ZwConnectPort
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF759487E]
SSDT 864BF3F8 ZwCreateMutant
SSDT 86D74008 ZwCreateThread
SSDT spch.sys ZwEnumerateKey [0xF7421CA4]
SSDT spch.sys ZwEnumerateValueKey [0xF7422032]
SSDT 864BC420 ZwFreeVirtualMemory
SSDT 8643C420 ZwImpersonateAnonymousToken
SSDT 864BF8C8 ZwImpersonateThread
SSDT 864BA730 ZwMapViewOfSection
SSDT 864A7448 ZwOpenEvent
SSDT spch.sys ZwOpenKey [0xF74030C0]
SSDT 864C73D8 ZwOpenProcessToken
SSDT 8649E590 ZwOpenThreadToken
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation) ZwProtectVirtualMemory [0xF7689840]
SSDT spch.sys ZwQueryKey [0xF742210A]
SSDT spch.sys ZwQueryValueKey [0xF7421F8A]
SSDT 8649EEC8 ZwResumeThread
SSDT 86E07798 ZwSetContextThread
SSDT 864BD460 ZwSetInformationProcess
SSDT 864A9700 ZwSetInformationThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7594BFE]
SSDT 864B88F0 ZwSuspendProcess
SSDT 864BA250 ZwSuspendThread
SSDT 86458248 ZwTerminateProcess
SSDT 864A8268 ZwTerminateThread
SSDT 864BB738 ZwUnmapViewOfSection
SSDT 864AC718 ZwWriteVirtualMemory

INT 0x62 ? 86F66BF8
INT 0x74 ? 86FD5BF8
INT 0x84 ? 86FD5BF8
INT 0x94 ? 86FD5BF8
INT 0xA4 ? 86F66BF8

---- Kernel code sections - GMER 1.0.15 ----

? spch.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F651C8AC 5 Bytes JMP 86FD51D8
.text a6398v9h.SYS F6201386 35 Bytes [00, 00, 00, 00, 00, 00, 20, ...]
.text a6398v9h.SYS F62013AA 24 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text a6398v9h.SYS F62013C4 3 Bytes [00, 70, 02] {ADD [EAX+0x2], DH}
.text a6398v9h.SYS F62013C9 1 Byte [30]
.text a6398v9h.SYS F62013C9 11 Bytes [30, 00, 00, 00, 5C, 02, 00, ...] {XOR [EAX], AL; ADD [EAX], AL; POP ESP; ADD AL, [EAX]; ADD [EAX], AL; ADD [EAX], AL}
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[660] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00CD2B80
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[660] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00CD2B3D
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[660] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00CD2B01
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[660] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CD2AE6
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[660] ws2_32.dll!send 71AB4C27 5 Bytes JMP 00CD2972
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[660] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CD2A64
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[660] ws2_32.dll!recv 71AB676F 5 Bytes JMP 00CD29AA
.text C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe[660] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CD29E2
.text C:\Program Files\Bonjour\mDNSResponder.exe[1752] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00C12AE6
.text C:\Program Files\Bonjour\mDNSResponder.exe[1752] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00C12972
.text C:\Program Files\Bonjour\mDNSResponder.exe[1752] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00C12A64
.text C:\Program Files\Bonjour\mDNSResponder.exe[1752] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00C129AA
.text C:\Program Files\Bonjour\mDNSResponder.exe[1752] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00C129E2
.text C:\Program Files\Bonjour\mDNSResponder.exe[1752] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00C12B80
.text C:\Program Files\Bonjour\mDNSResponder.exe[1752] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00C12B3D
.text C:\Program Files\Bonjour\mDNSResponder.exe[1752] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00C12B01
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[2040] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 044A2B80
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[2040] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 044A2B3D
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[2040] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 044A2B01
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[2040] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 044A2AE6
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[2040] WS2_32.dll!send 71AB4C27 5 Bytes JMP 044A2972
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[2040] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 044A2A64
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[2040] WS2_32.dll!recv 71AB676F 5 Bytes JMP 044A29AA
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe[2040] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 044A29E2
.text C:\WINDOWS\system32\wuauclt.exe[2108] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 02882B80
.text C:\WINDOWS\system32\wuauclt.exe[2108] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 02882B3D
.text C:\WINDOWS\system32\wuauclt.exe[2108] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 02882B01
.text C:\WINDOWS\system32\wuauclt.exe[2108] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02882AE6
.text C:\WINDOWS\system32\wuauclt.exe[2108] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02882972
.text C:\WINDOWS\system32\wuauclt.exe[2108] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02882A64
.text C:\WINDOWS\system32\wuauclt.exe[2108] WS2_32.dll!recv 71AB676F 5 Bytes JMP 028829AA
.text C:\WINDOWS\system32\wuauclt.exe[2108] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 028829E2
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2228] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 01442B80
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2228] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 01442B3D
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2228] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 01442B01
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2228] ws2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01442AE6
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2228] ws2_32.dll!send 71AB4C27 5 Bytes JMP 01442972
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2228] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01442A64
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2228] ws2_32.dll!recv 71AB676F 5 Bytes JMP 014429AA
.text C:\Program Files\Common Files\Symantec Shared\ccApp.exe[2228] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 014429E2
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2272] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 017B2B80
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2272] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 017B2B3D
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2272] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 017B2B01
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2272] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 017B2AE6
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2272] WS2_32.dll!send 71AB4C27 5 Bytes JMP 017B2972
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2272] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 017B2A64
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2272] WS2_32.dll!recv 71AB676F 5 Bytes JMP 017B29AA
.text C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe[2272] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 017B29E2
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2696] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 01C52B80
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2696] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 01C52B3D
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2696] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 01C52B01
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2696] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 01C52AE6
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2696] WS2_32.dll!send 71AB4C27 5 Bytes JMP 01C52972
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2696] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 01C52A64
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2696] WS2_32.dll!recv 71AB676F 5 Bytes JMP 01C529AA
.text C:\Program Files\DAEMON Tools Lite\daemon.exe[2696] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 01C529E2
.text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00B72B80
.text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00B72B3D
.text C:\WINDOWS\System32\alg.exe[3160] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00B72B01
.text C:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00B72AE6
.text C:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00B72972
.text C:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00B72A64
.text C:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00B729AA
.text C:\WINDOWS\System32\alg.exe[3160] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00B729E2
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00E42B80
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00E42B3D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3168] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00E42B01
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3168] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00E42AE6
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3168] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00E42972
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3168] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00E42A64
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3168] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00E429AA
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3168] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00E429E2
.text C:\WINDOWS\Explorer.EXE[3712] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 015E2B80
.text C:\WINDOWS\Explorer.EXE[3712] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 015E2B3D
.text C:\WINDOWS\Explorer.EXE[3712] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 015E2B01
.text C:\WINDOWS\Explorer.EXE[3712] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 015E2AE6
.text C:\WINDOWS\Explorer.EXE[3712] WS2_32.dll!send 71AB4C27 5 Bytes JMP 015E2972
.text C:\WINDOWS\Explorer.EXE[3712] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 015E2A64
.text C:\WINDOWS\Explorer.EXE[3712] WS2_32.dll!recv 71AB676F 5 Bytes JMP 015E29AA
.text C:\WINDOWS\Explorer.EXE[3712] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 015E29E2
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3804] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 02892B80
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3804] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 02892B3D
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3804] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 02892B01
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3804] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 02892AE6
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3804] WS2_32.dll!send 71AB4C27 5 Bytes JMP 02892972
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3804] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 02892A64
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3804] WS2_32.dll!recv 71AB676F 5 Bytes JMP 028929AA
.text C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe[3804] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 028929E2
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3900] ADVAPI32.dll!CryptDestroyKey 77DE9EBC 7 Bytes JMP 00DC2B80
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3900] ADVAPI32.dll!CryptDecrypt 77DEA129 7 Bytes JMP 00DC2B3D
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3900] ADVAPI32.dll!CryptEncrypt 77DEE360 7 Bytes JMP 00DC2B01
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3900] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DC2AE6
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3900] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DC2972
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3900] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DC2A64
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3900] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DC29AA
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3900] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DC29E2

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86F692D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F7434C4C] spch.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7434CA0] spch.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7404042] spch.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F740413E] spch.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F74040C0] spch.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7404800] spch.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F74046D6] spch.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 86FD52D8
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7413E9C] spch.sys
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlInitUnicodeString] 8800001C
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!swprintf] 001CB286
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeSetEvent] C61AEB00
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoCreateSymbolicLink] 001C8186
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoGetConfigurationInformation] 86C61200
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoDeleteSymbolicLink] 00001C83
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmFreeMappingAddress] 8E868801
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoFreeErrorLogEntry] 8800001C
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoDisconnectInterrupt] 001CAA86
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmUnmapIoSpace] 80968B00
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!ObReferenceObjectByPointer] 8900001C
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IofCompleteRequest] 001C9C96
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlCompareUnicodeString] C6168B00
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IofCallDriver] 001CB986
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmAllocateMappingAddress] 428A0A00
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoAllocateErrorLogEntry] BA86880C
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoConnectInterrupt] 8B00001C
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoDetachDevice] 24A48DFA
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeWaitForSingleObject] 00000000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeInitializeEvent] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeCancelTimer] 8D3F0304
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlAnsiStringToUnicodeString] CB033043
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlInitAnsiString] 0673C13B
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoBuildDeviceIoControlRequest] C13B0003
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoQueueWorkItem] 8366FA72
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmMapIoSpace] 75000E7B
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoInvalidateDeviceRelations] 0B7D80E3
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoReportDetectedDevice] 307B8D00
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoReportResourceForDetection] 00AA840F
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlxAnsiStringToUnicodeSize] 83660000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!NlsMbCodePageTag] 6A000E7A
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!PoRequestPowerIrp] C6647400
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeInsertByKeyDeviceQueue] 001CBB86
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!PoRegisterDeviceForIdleDetection] 4F8B0200
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!sprintf] 968D5140
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmMapLockedPagesSpecifyCache] 00001C90
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!ObfDereferenceObject] 2266E852
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoGetAttachedDeviceReference] 478B0000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoInvalidateDeviceState] 50016A40
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!ZwClose] 1CAC8E8D
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!ObReferenceObjectByHandle] E8510000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!ZwCreateDirectoryObject] 00002254
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoBuildSynchronousFsdRequest] 6A18538B
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!PoStartNextPowerIrp] 868D5200
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoCreateDevice] 00001C98
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlCopyUnicodeString] 2242E850
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoAllocateDriverObjectExtension] 4B8B0000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlQueryRegistryValues] 51016A18
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!ZwOpenKey] 1CB4968D
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlFreeUnicodeString] E8520000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoStartTimer] 00002230
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeInitializeTimer] 8A05478A
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoInitializeTimer] 001CBB8E
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeInitializeDpc] 30C48300
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeInitializeSpinLock] 1CBD8688
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoInitializeIrp] 80E90000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!ZwCreateKey] C6000000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlAppendUnicodeStringToString] 001CBB86
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlIntegerToUnicodeString] 438B0100
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!ZwSetValueKey] 8E8D5018
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeInsertQueueDpc] 00001C90
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KefAcquireSpinLockAtDpcLevel] 2202E851
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoStartPacket] 538B0000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KefReleaseSpinLockFromDpcLevel] 52016A18
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoBuildAsynchronousFsdRequest] 1CAC868D
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoFreeMdl] E8500000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmUnlockPages] 000021F0
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoWriteErrorLogEntry] 8A05478A
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeRemoveByKeyDeviceQueue] 001CBB8E
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmMapLockedPagesWithReservedMapping] 18C48300
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmUnmapReservedMapping] 1CBD8688
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeSynchronizeExecution] 43EB0000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoStartNextPacket] 320C538A
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeBugCheckEx] 88F93BC0
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeRemoveDeviceQueue] 001CBB96
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeSetTimer] [F6317300] \SystemRoot\system32\DRIVERS\IntelC51.sys (Modem DSP Driver/Intel Corporation)
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!_allmul] 74070647
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmProbeAndLockPages] 75C0841A
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!_except_handler3] 05578A0B
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!PoSetPowerState] 968801B0
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoOpenDeviceRegistryKey] 00001CBD
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlWriteRegistryValue] 57B60F66
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlDeleteRegistryValue] 533B6604
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!_aulldiv] 03087408
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!strstr] 72F93B3F
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!_strupr] 8A09EBDA
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeQuerySystemTime] 86880547
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoWMIRegistrationControl] 00001CBD
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!KeTickCount] 88084B8A
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoAttachDeviceToDeviceStack] 001CBE8E
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoDeleteDevice] 40578B00
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!ExAllocatePoolWithTag] 8D52006A
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoAllocateWorkItem] 001CC086
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoAllocateIrp] 81E85000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoAllocateMdl] 8B000021
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmBuildMdlForNonPagedPool] 001CB88E
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmLockPagableDataSection] BC968B00
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoGetDriverObjectExtension] 8900001C
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmUnlockPagableImageSection] 001CC48E
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!ExFreePoolWithTag] C8968900
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoFreeIrp] 8B00001C
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!IoFreeWorkItem] 016A4047
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!InitSafeBootMode] CCC68150
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!RtlCompareMemory] 5600001C
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!PoCallDriver] 002157E8
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!memmove] 18C48300
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[ntoskrnl.exe!MmHighestUserAddress] 5D5B5E5F
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!KfAcquireSpinLock] 18C4830E
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!READ_PORT_UCHAR] 1C8D9E88
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!KeGetCurrentIrql] 9E880000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!KfRaiseIrql] 00001CA9
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!KfLowerIrql] 0E798366
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!HalGetInterruptVector] 74AAB000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!HalTranslateBusAddress] 8186C636
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!KeStallExecutionProcessor] 1A00001C
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!KfReleaseSpinLock] 1C8386C6
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] C6020000
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!READ_PORT_USHORT] 001C8E86
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 86C60200
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[HAL.dll!WRITE_PORT_UCHAR] 00001CAA
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[WMILIB.SYS!WmiSystemControl] 8800001C
IAT \SystemRoot\System32\Drivers\a6398v9h.SYS[WMILIB.SYS!WmiCompleteRequest] 001CB19E

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86FD41F8
Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\usbuhci \Device\USBPDO-0 86DAC1F8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 86FD61F8
Device \Driver\dmio \Device\DmControl\DmConfig 86FD61F8
Device \Driver\dmio \Device\DmControl\DmPnP 86FD61F8
Device \Driver\dmio \Device\DmControl\DmInfo 86FD61F8
Device \Driver\usbuhci \Device\USBPDO-1 86DAC1F8
Device \Driver\usbuhci \Device\USBPDO-2 86DAC1F8
Device \Driver\usbuhci \Device\USBPDO-3 86DAC1F8
Device \Driver\usbehci \Device\USBPDO-4 86D951F8
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86F671F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 86F671F8
Device \Driver\Cdrom \Device\CdRom0 86C551F8
Device \Driver\PCI_PNP8880 \Device\00000059 spch.sys
Device \Driver\Ftdisk \Device\HarddiskVolume3 86F671F8
Device \Driver\Cdrom \Device\CdRom1 86C551F8
Device \Driver\atapi \Device\Ide\IdePort0 85A05460
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 85A05460
Device \Driver\atapi \Device\Ide\IdePort1 85A05460
Device \Driver\atapi \Device\Ide\IdePort2 85A05460
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 85A05460
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-17 85A05460
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-22 85A05460
Device \Driver\Cdrom \Device\CdRom2 86C551F8
Device \Driver\Ftdisk \Device\HarddiskVolume4 86F671F8
Device \Driver\USBSTOR \Device\00000080 86463500
Device \Driver\USBSTOR \Device\00000080 85A05460
Device \Driver\NetBT \Device\NetBt_Wins_Export 86458500
Device \Driver\NetBT \Device\NetbiosSmb 86458500
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{EE7E630D-D477-469F-9B2D-31469FA50422} 86458500
Device \Driver\usbuhci \Device\USBFDO-0 86DAC1F8
Device \Driver\usbuhci \Device\USBFDO-1 86DAC1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86465500
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (Symantec CMC Firewall WPS/Symantec Corporation)
Device \Driver\usbuhci \Device\USBFDO-2 86DAC1F8
Device 86465500
Device \Driver\USBSTOR \Device\0000007c 86463500
Device \Driver\USBSTOR \Device\0000007c 85A05460
Device \Driver\usbuhci \Device\USBFDO-3 86DAC1F8
Device \Driver\USBSTOR \Device\0000007d 86463500
Device \Driver\USBSTOR \Device\0000007d 85A05460
Device \Driver\usbehci \Device\USBFDO-4 86D951F8
Device \Driver\Ftdisk \Device\FtControl 86F671F8
Device \Driver\sptd \Device\4112403880 spch.sys
Device \Driver\USBSTOR \Device\0000007f 86463500
Device \Driver\USBSTOR \Device\0000007f 85A05460
Device \Driver\a6398v9h \Device\Scsi\a6398v9h1Port3Path0Target0Lun0 86C4F1F8
Device \Driver\a6398v9h \Device\Scsi\a6398v9h1 86C4F1F8
Device 852DE1F8
Device B665F297

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread System [4:1060] 85A3B110
Thread System [4:1064] 85A25F0F
Thread System [4:1068] 85A59487
Thread System [4:1072] 85A28B81
Thread System [4:2312] 85A3B110
Thread System [4:2316] 85A25F0F
Thread System [4:2320] 85A59487
Thread System [4:2324] 85A28B81
Thread System [4:220] 85A3B110
Thread System [4:236] 85A25F0F
Thread System [4:240] 85A59487
Thread System [4:244] 85A28B81
Thread System [4:232] 85A3B110
Thread System [4:260] 85A25F0F
Thread System [4:276] 85A59487
Thread System [4:280] 85A28B81

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0xDE 0xB6 0xD8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0xC9 0x03 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0xD3 0x58 0xD2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0xDE 0xB6 0xD8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0xC9 0x03 0x25 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x68 0x76 0x1C 0x39 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC9 0xDE 0xB6 0xD8 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x79 0xC9 0x03 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0xD3 0x58 0xD2 ...

---- EOF - GMER 1.0.15 ----


Again, thank you for the help. It is greatly appreciated.

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 AM

Posted 21 July 2009 - 04:35 PM

Hi,

I don't see anything bad their can you tell me what problems you are currently having? I have noticed that you have fixed alot
of entries with HijackThis and they all look legit, you should not be using hijackthis if you don't no how to use it, doing so can
cause problems.


Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

|Next

Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Thanks

unite.jpg


#7 Z_J_Dougan

Z_J_Dougan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 22 July 2009 - 02:46 PM

I apologize about the difficulties with the Hijack This entries being deleted. This computer is used by my entire family of 5, and I have only returned to the house recently after a long stay abroad, so I can't speak as to what some of my other family members may have done in their own efforts to disinfect the machine.

The symptoms I am experiencing are frequent program crashes (this occurs mostly with programs that are running in a fullscreen mode), and frequent "freezes". When the computer freezes I retain mouse control, but I am unable to do anything (I cannot open or close programs, enlarge the start menu, etc.). When it freezes I am unable to open task manager, and all other windows keyboard shortcuts I know cease to function. The machine also has a greatly increased boottime (varying between 1 and 5 minutes), and occasionally the system will fail to boot at all. When this occurs the system remains on a black screen with a white blinking underscore in the top right of the screen (like a DOS prompt without any writing).
Other members of my family have also had various popups appear attempting to solicit credit card and social security information. I have not had this occur personally however, so I don't know much about these.

Here is the Kaspersky Scan log.


Wednesday, July 22, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 22, 2009 02:46:01
Records in database: 2509757
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
A:\
C:\
D:\
E:\
F:\
G:\
Scan statistics
Files scanned 134923
Threat name 1
Infected objects 2
Suspicious objects 0
Duration of the scan 01:57:32

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\095C0000\4B5F285D.VBN Infected: Trojan-Downloader.JS.PdfSploit 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\Quarantine\095C0001\4B5F2876.VBN Infected: Trojan-Downloader.JS.PdfSploit 1
The selected area was scanned.


Again, thank you for your help.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 AM

Posted 23 July 2009 - 12:22 AM

Im still not seeing anything bad in your logs, let's do one last check, it could be that your problems are not malware related.


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the "File scans" section, change the "file age" to 90 Days.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

unite.jpg


#9 Z_J_Dougan

Z_J_Dougan
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 23 July 2009 - 03:07 AM

Hello again. The reason I've been assuming the problems on the system stem from a malware infection is that this system in particular was reformatted about one and a half months ago by my younger sister. Since then she has been doing a lot of peer-to-peer file transferring/'torrenting', and my understanding is that this commonly results in malware infection. I apologize if I have been mistaken and inadvertantly posted in the wrong forum.

Anyways, here are the two logs as asked for; the forums are telling me that altogether the post is too long, so I will split it into two replies.


OTL.TXT:
OTL logfile created on: 7/23/2009 12:46:46 AM - Run 1
OTL by OldTimer - Version 3.0.10.0 Folder = C:\Documents and Settings\Zach\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 465.37 Mb Available Physical Memory | 45.53% Memory free
2.41 Gb Paging File | 1.96 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 62.07 Gb Free Space | 41.66% Space Free | Partition Type: NTFS
Drive D: | 677.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 650.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 279.46 Gb Total Space | 265.93 Gb Free Space | 95.16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 15.54 Gb Free Space | 3.34% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: JOHN-M6PNT5VJS2
Current User Name: Zach
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/06/10 08:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/05/12 21:55:28 | 01,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009/03/17 01:25:36 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/07/03 07:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2009/01/08 09:35:36 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/07/21 18:05:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/05/12 23:12:36 | 02,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe
PRC - [2002/09/03 13:00:08 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/14 05:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/12 21:55:30 | 01,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009/03/17 01:25:56 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/21 18:05:14 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/04/23 06:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009/07/23 00:44:24 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/23 00:46:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zach\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/29 13:41:26 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/17 01:25:36 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr [Auto | Running])
SRV - [2009/03/17 01:25:36 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/06/17 23:28:36 | 00,079,360 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service [On_Demand | Stopped])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Disabled | Stopped])
SRV - [2009/01/08 09:35:36 | 00,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 05:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/05/30 12:30:20 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2009/07/21 18:05:14 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/07/03 07:49:06 | 01,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2009/03/20 19:10:15 | 03,093,880 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/06/10 08:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/05/12 21:55:28 | 01,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService [Auto | Running])
SRV - [2009/02/01 22:43:02 | 00,320,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC [On_Demand | Stopped])
SRV - [2009/05/12 23:12:36 | 02,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2000/06/26 07:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MsPMSPSv.exe -- (WMDM PMSP Service [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2004/04/29 18:55:42 | 00,186,112 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2004/12/13 14:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped])
DRV - [2008/11/18 18:17:08 | 00,023,888 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\COH_Mon.sys -- (COH_Mon [On_Demand | Stopped])
DRV - [2009/03/04 14:42:16 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX [On_Demand | Stopped])
DRV - [2009/03/04 14:42:16 | 00,099,352 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\COMMONFX.SYS -- (COMMONFX.SYS [On_Demand | Running])
DRV - [2009/03/04 14:44:26 | 00,511,000 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctac32k.sys -- (ctac32k [On_Demand | Running])
DRV - [2009/03/04 14:44:38 | 00,528,408 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctaud2k.sys -- (ctaud2k [On_Demand | Running])
DRV - [2009/03/04 14:42:30 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX [On_Demand | Stopped])
DRV - [2009/03/04 14:42:30 | 00,555,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTAUDFX.SYS -- (CTAUDFX.SYS [On_Demand | Running])
DRV - [2009/03/04 14:44:54 | 00,347,080 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctdvda2k.sys -- (ctdvda2k [On_Demand | Stopped])
DRV - [2009/03/04 14:42:56 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX [On_Demand | Stopped])
DRV - [2009/03/04 14:42:56 | 00,100,888 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTERFXFX.SYS -- (CTERFXFX.SYS [On_Demand | Stopped])
DRV - [2009/03/04 14:45:46 | 00,014,360 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctprxy2k.sys -- (ctprxy2k [On_Demand | Running])
DRV - [2009/03/04 14:42:42 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX [On_Demand | Stopped])
DRV - [2009/03/04 14:42:42 | 00,566,296 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\CTSBLFX.SYS -- (CTSBLFX.SYS [On_Demand | Running])
DRV - [2009/03/04 14:46:00 | 00,157,208 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ctsfm2k.sys -- (ctsfm2k [On_Demand | Running])
DRV - [2009/04/15 02:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/03/04 14:46:26 | 00,092,696 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\emupia2k.sys -- (emupia [On_Demand | Running])
DRV - [2009/04/15 02:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/03/04 14:46:38 | 00,798,744 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\ha10kx2k.sys -- (ha10kx2k [On_Demand | Running])
DRV - [2009/03/04 14:46:48 | 00,162,840 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap16v2k.sys -- (hap16v2k [On_Demand | Running])
DRV - [2009/03/04 14:46:56 | 00,189,464 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\drivers\hap17v2k.sys -- (hap17v2k [On_Demand | Stopped])
DRV - [2004/03/05 22:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Running])
DRV - [2004/03/05 22:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Running])
DRV - [2004/03/05 22:13:52 | 00,060,949 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Running])
DRV - [2009/07/03 07:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2004/03/05 22:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Running])
DRV - [2009/07/13 01:00:00 | 00,087,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090722.035\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/07/13 01:00:00 | 00,875,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090722.035\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009/06/10 06:03:00 | 08,087,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI [System | Running])
DRV - [2009/03/04 14:45:34 | 00,127,512 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\ctoss2k.sys -- (ossrv [On_Demand | Running])
DRV - [2004/08/04 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/13 22:09:16 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/09/09 14:54:42 | 00,421,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2009/06/05 17:10:15 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009/03/04 14:07:52 | 00,280,112 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSP.SYS -- (SRTSP [System | Running])
DRV - [2009/03/04 14:07:52 | 00,319,920 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPL.SYS -- (SRTSPL [On_Demand | Stopped])
DRV - [2009/03/04 14:07:52 | 00,043,824 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SRTSPX.SYS -- (SRTSPX [System | Running])
DRV - [2009/06/20 11:17:33 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2008/08/21 11:13:56 | 00,027,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2008/08/21 11:13:56 | 00,191,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2009/05/12 21:58:06 | 00,091,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant [Disabled | Stopped])
DRV - [2008/10/14 12:24:18 | 00,049,536 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\DRIVERS\teefer2.sys -- (Teefer2 [On_Demand | Running])
DRV - [2009/05/29 13:36:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/14 00:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2009/05/12 21:56:32 | 00,042,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys -- (WPS [System | Running])
DRV - [2009/04/20 22:12:14 | 00,149,768 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WpsHelper.sys -- (WpsHelper [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1004\S-1-5-21-1085031214-362288127-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-362288127-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-1085031214-362288127-682003330-1006\S-1-5-21-1085031214-362288127-682003330-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/08 10:33:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/21 18:05:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/23 00:44:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/23 00:44:30 | 00,000,000 | ---D | M]

[2009/06/05 00:25:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\mozilla\Extensions
[2009/06/05 00:25:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/05 00:25:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zach\Application Data\mozilla\Firefox\Profiles\b5jt83gr.default\extensions
[2009/07/22 18:14:35 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/23 00:44:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/21 18:05:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/23 00:44:24 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/23 00:44:24 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2002/01/09 02:26:38 | 00,032,768 | ---- | M] (Macromedia, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/07/21 18:05:15 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/23 00:44:26 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/05 16:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/05 16:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/05 16:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/05 16:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/05 16:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/05 16:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/05 16:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/06/22 11:19:59 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/22 11:19:59 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/22 11:19:59 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/22 11:19:59 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/22 11:19:59 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/22 11:19:59 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/22 11:19:59 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1085031214-362288127-682003330-1004..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKU\S-1-5-21-1085031214-362288127-682003330-1004..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1085031214-362288127-682003330-1006..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1085031214-362288127-682003330-1006..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-362288127-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-362288127-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/04 18:39:45 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/06/14 13:27:24 | 00,914,498 | R--- | M] () - D:\Autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2002/04/11 16:02:58 | 00,192,512 | R--- | M] (Interplay Entertainment Corp.) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002/06/13 17:49:22 | 00,000,141 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003/07/09 12:02:10 | 00,098,304 | R--- | M] () - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2003/07/09 12:02:10 | 00,002,238 | R--- | M] () - E:\AUTORUN.ICO -- [ CDFS ]
O32 - AutoRun File - [2003/07/09 12:02:10 | 00,000,049 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 90 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/07/23 00:46:01 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Zach\Desktop\OTL.exe
[2009/07/22 21:48:41 | 00,002,585 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\Dell Driver Download Manager.lnk
[2009/07/22 21:48:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Dell
[2009/07/22 21:46:25 | 03,192,144 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Zach\My Documents\R91894.EXE
[2009/07/22 21:45:24 | 00,257,936 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Zach\My Documents\R90425.EXE
[2009/07/22 21:44:48 | 00,543,649 | ---- | C] () -- C:\Documents and Settings\Zach\My Documents\DXPS3A07.EXE
[2009/07/22 21:44:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Deployment
[2009/07/22 20:32:59 | 05,190,926 | ---- | C] (Black Isle ) -- C:\Documents and Settings\Zach\Desktop\IWD2Patch201.exe
[2009/07/22 20:23:01 | 00,000,849 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Icewind Dale II.lnk
[2009/07/22 00:12:21 | 00,003,291 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\kspersky.html
[2009/07/21 18:05:31 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/21 18:05:31 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/21 18:05:31 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/21 18:05:31 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/21 18:05:31 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/21 18:00:31 | 16,254,360 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Zach\Desktop\jre-6u14-windows-i586.exe
[2009/07/21 10:38:43 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\5idkeon4.exe
[2009/07/20 15:27:51 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/20 15:27:38 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\RSIT.exe
[2009/07/20 13:57:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Malwarebytes
[2009/07/20 13:57:52 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/20 13:57:49 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/20 13:57:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/20 13:57:47 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/20 13:57:47 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/20 13:57:14 | 03,775,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Zach\Desktop\mbam-setup.exe
[2009/07/19 11:52:53 | 54,607,328 | ---- | C] (Monolith Productions ) -- C:\Documents and Settings\Zach\Desktop\tron-update_v1x042cxp(2).exe
[2009/07/18 22:26:44 | 00,000,227 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\tron-update_v1x042cxp.exe
[2009/07/18 12:37:27 | 00,001,618 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\X-COM UFO Defense.lnk
[2009/07/17 12:00:09 | 00,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2009/07/17 12:00:05 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/07/17 11:56:17 | 07,658,952 | ---- | C] (DT Soft Ltd.) -- C:\Documents and Settings\Zach\Desktop\daemon4304-lite.exe
[2009/07/16 22:28:50 | 15,705,5254 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\ShadowlordsDreamcatcherDemon.exe
[2009/07/16 13:47:27 | 00,001,457 | ---- | C] () -- C:\CDmage.ini
[2009/07/16 13:27:15 | 00,571,392 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\CDmage1-01-5.exe
[2009/07/16 12:17:37 | 00,051,573 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\dimension_E310_system_xp.zip
[2009/07/16 12:15:35 | 84,458,632 | ---- | C] (NVIDIA Corporation ) -- C:\Documents and Settings\Zach\Desktop\186.18_desktop_winxp_32bit_english_whql.exe
[2009/07/16 11:07:40 | 12,822,831 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\sw_pc_english_from200424_to210427.exe
[2009/07/16 11:05:21 | 00,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk
[2009/07/16 10:20:26 | 00,000,891 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Tron 2.0.lnk
[2009/07/14 11:59:26 | 32,490,2344 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\NWNEnglish1.69HotUUpdate.exe
[2009/07/14 11:49:52 | 00,000,659 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\Neverwinter Nights.lnk
[2009/07/14 11:49:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/07/11 20:45:39 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/11 16:30:41 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\dds.scr
[2009/07/11 14:00:55 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/11 14:00:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/07/11 13:37:34 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Zach\Desktop\spybotsd162.exe
[2009/07/11 11:50:27 | 02,359,296 | ---- | C] () -- C:\Documents and Settings\Zach\My Documents\My Money.mny
[2009/07/11 09:25:25 | 00,000,000 | ---D | C] -- C:\IMPORTANT (financial stuff by gabe for mom)
[2009/07/11 09:17:58 | 00,000,873 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Money 2004.lnk
[2009/07/10 23:09:42 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/10 23:09:19 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/10 23:07:44 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/07/10 23:07:43 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/10 23:07:34 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/07/10 23:07:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/07/10 23:06:06 | 00,000,815 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\HijackThis.lnk
[2009/07/10 23:05:52 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Zach\Desktop\HJTInstall.exe
[2009/07/10 22:55:37 | 60,857,536 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\Zach\Desktop\Ad-AwareAE.exe
[2009/07/10 22:30:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets & Trips
[2009/07/10 22:30:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Picture It! 7
[2009/07/10 22:30:46 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Encarta
[2009/07/10 22:30:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2009/07/10 22:30:42 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2009/07/10 22:30:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/07/10 22:30:41 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/07/10 22:30:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works Suite 2003
[2009/07/10 22:30:16 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Online Entertainment
[2009/07/10 22:30:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony Online Entertainment
[2009/07/10 22:29:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Desktop\Content
[2009/07/10 22:27:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2009/07/10 22:27:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2009/07/10 14:10:52 | 00,000,000 | ---D | C] -- C:\Config.Msi
[2009/07/07 16:19:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/07/03 18:21:02 | 00,668,766 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\Friends.mbf
[2009/07/01 14:38:57 | 00,000,000 | ---D | C] -- C:\SIERRA
[2009/06/30 22:30:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Identities
[2009/06/28 14:57:04 | 00,000,000 | ---D | C] -- C:\Program Files\Activision
[2009/06/22 11:23:46 | 04,112,384 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Friends3.M10
[2009/06/22 08:52:07 | 04,112,384 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Friends2.M10
[2009/06/22 08:44:29 | 04,112,384 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Friends1.M10
[2009/06/22 08:44:03 | 04,112,384 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Friends0.mbf
[2009/06/22 08:38:39 | 04,112,384 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Friends.M10
[2009/06/21 13:32:01 | 00,000,000 | ---D | C] -- C:\backup
[2009/06/20 17:06:50 | 00,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2009/06/20 17:06:50 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2009/06/20 17:06:49 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbscan.sys
[2009/06/20 17:06:49 | 00,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2009/06/20 14:46:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/06/20 11:59:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Symantec
[2009/06/20 11:36:58 | 02,065,269 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\My Money Backup 0.mbf
[2009/06/20 11:17:43 | 00,091,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2009/06/20 11:17:23 | 00,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/06/20 11:17:23 | 00,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/06/20 11:17:23 | 00,010,563 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/06/20 11:17:23 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/06/20 11:16:31 | 00,511,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2009/06/20 11:16:23 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/06/20 11:16:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2009/06/20 11:16:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/06/18 03:30:29 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2009/06/18 00:38:32 | 24,539,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/06/17 23:31:20 | 04,931,577 | ---- | C] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-10031102}.BAK
[2009/06/17 23:31:17 | 04,931,577 | ---- | C] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-10031102}.CDF
[2009/06/17 23:28:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative Labs Shared
[2009/06/17 23:28:10 | 00,444,952 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/06/17 23:26:23 | 39,752,136 | ---- | C] (Creative Technology Ltd) -- C:\Documents and Settings\Zach\Desktop\SBAX_PCDRV_LB_2_18_0010.exe
[2009/06/17 23:21:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\PC_Drivers_Headquarters
[2009/06/17 23:20:00 | 00,002,198 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2009/06/17 23:19:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/06/17 23:19:56 | 00,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2009/06/17 23:18:32 | 01,045,536 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Zach\Desktop\DriverDetective.exe
[2009/06/16 18:10:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Fallout3
[2009/06/16 18:04:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2009/06/16 16:23:04 | 00,000,647 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\JadeEmpire.lnk
[2009/06/16 07:36:30 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/06/16 07:36:30 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/06/15 20:15:59 | 00,082,774 | ---- | C] (BioWare Corp.) -- C:\WINDOWS\Uninstall Jade Empire.exe
[2009/06/15 20:01:54 | 00,000,000 | ---D | C] -- C:\Program Files\Jade Empire
[2009/06/12 22:06:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/06/12 22:06:23 | 00,000,994 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\JEOPARDY!.lnk
[2009/06/12 22:05:53 | 06,967,543 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\JEOPARDY!_Setup_s.exe
[2009/06/12 21:33:24 | 00,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\WINDOWS\IsUninst.exe
[2009/06/10 12:55:34 | 00,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2009/06/10 08:29:34 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 08:29:34 | 01,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/10 08:29:34 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 08:29:34 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 08:29:34 | 00,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/10 08:29:34 | 00,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/10 08:29:32 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/06/10 08:29:32 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2009/06/10 08:29:30 | 01,194,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe
[2009/06/10 08:29:30 | 00,420,384 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.cpl
[2009/06/10 08:29:20 | 00,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2009/06/10 08:29:12 | 03,117,056 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll
[2009/06/10 08:29:06 | 04,038,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll
[2009/06/10 08:29:02 | 01,282,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll
[2009/06/10 08:29:00 | 00,188,416 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll
[2009/06/10 08:28:58 | 03,510,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll
[2009/06/10 08:28:52 | 04,022,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll
[2009/06/10 08:28:50 | 13,758,464 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2009/06/10 08:28:50 | 00,168,004 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
[2009/06/10 08:28:50 | 00,143,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2009/06/10 08:28:50 | 00,086,016 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2009/06/10 08:28:50 | 00,064,777 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/06/10 08:28:48 | 00,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2009/06/09 21:53:48 | 00,001,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
[2009/06/09 21:47:52 | 00,000,000 | ---D | C] -- C:\Program Files\Bethesda Softworks
[2009/06/09 21:47:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Oblivion
[2009/06/09 10:39:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/06/09 08:47:43 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/06/08 23:31:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Sun
[2009/06/08 21:07:46 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/06/08 21:07:46 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/06/08 21:07:44 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2009/06/08 21:07:44 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2009/06/08 21:07:35 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2009/06/08 21:07:35 | 00,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbaudio.sys
[2009/06/08 21:07:31 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccgp.sys
[2009/06/08 21:07:31 | 00,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2009/06/08 11:19:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\My Documents\Rockstar Games
[2009/06/08 11:10:06 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/06/08 11:09:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/06/08 10:51:59 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2009/06/08 10:51:59 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2009/06/08 10:51:58 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/06/08 10:51:58 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/06/08 10:51:58 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/06/08 10:51:58 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/06/08 10:51:57 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/06/08 10:51:57 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/06/08 10:51:57 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/06/08 10:51:57 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/06/08 10:51:57 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/06/08 10:51:57 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/06/08 10:51:57 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/06/08 10:51:57 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/06/08 10:51:57 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/06/08 10:51:57 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/06/08 10:51:57 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2009/06/08 10:51:57 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2009/06/08 10:51:56 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/06/08 10:51:56 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/06/08 10:51:56 | 00,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2009/06/08 10:51:56 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/06/08 10:51:56 | 00,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2009/06/08 10:51:56 | 00,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2009/06/08 10:51:56 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/06/08 10:51:56 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/06/08 10:51:56 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/06/08 10:51:56 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/06/08 10:51:56 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/06/08 10:51:56 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/06/08 10:51:56 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/06/08 10:51:56 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/06/08 10:51:56 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/06/08 10:51:56 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/06/08 10:51:56 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/06/08 10:51:56 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/06/08 10:51:56 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/06/08 10:51:56 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/06/08 10:51:56 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/06/08 10:51:56 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/06/08 10:51:56 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/06/08 10:51:56 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/06/08 10:51:56 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/06/08 10:51:56 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2009/06/08 10:51:56 | 00,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2009/06/08 10:51:56 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/06/08 10:51:56 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/06/08 10:51:56 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/06/08 10:51:56 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/06/08 10:51:56 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/06/08 10:51:56 | 00,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2009/06/08 10:51:56 | 00,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2009/06/08 10:51:56 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/06/08 10:51:56 | 00,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2009/06/08 10:51:55 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/06/08 10:51:55 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2009/06/08 10:51:55 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/06/08 10:51:55 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/06/08 10:51:55 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/06/08 10:51:55 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/06/08 10:51:55 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/06/08 10:51:55 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/06/08 10:51:55 | 00,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2009/06/08 10:51:55 | 00,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2009/06/08 10:51:55 | 00,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2009/06/08 10:51:55 | 00,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2009/06/08 10:51:55 | 00,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2009/06/08 10:51:55 | 00,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2009/06/08 10:51:55 | 00,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2009/06/08 10:51:55 | 00,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2009/06/08 10:51:55 | 00,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2009/06/08 10:51:55 | 00,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2009/06/08 10:51:55 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/06/08 10:51:54 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/06/08 10:51:54 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/06/08 10:51:54 | 00,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2009/06/08 10:51:54 | 00,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2009/06/08 10:51:54 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/06/08 10:51:54 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/06/08 10:51:54 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/06/08 10:51:54 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/06/08 10:51:54 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/06/08 10:51:54 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/06/08 10:51:54 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/06/08 10:51:54 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/06/08 10:51:54 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/06/08 10:51:54 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/06/08 10:51:42 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2009/06/08 10:51:42 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/06/08 10:51:42 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/06/08 10:51:42 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2009/06/08 10:51:38 | 00,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2009/06/08 10:51:38 | 00,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2009/06/08 10:51:38 | 00,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2009/06/08 10:51:38 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/06/08 10:51:37 | 01,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2009/06/08 10:51:37 | 00,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2009/06/08 10:51:37 | 00,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2009/06/08 10:51:37 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2009/06/08 10:51:37 | 00,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2009/06/08 10:51:37 | 00,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2009/06/08 10:51:37 | 00,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2009/06/08 10:51:37 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/06/08 10:51:36 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2009/06/08 10:51:36 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2009/06/08 10:51:36 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2009/06/08 10:51:36 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2009/06/08 10:51:36 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2009/06/08 10:51:36 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2009/06/08 10:51:36 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2009/06/08 10:51:36 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2009/06/08 10:51:36 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2009/06/08 10:51:36 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2009/06/08 10:51:35 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2009/06/08 10:51:35 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2009/06/08 10:51:35 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2009/06/08 10:51:35 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2009/06/08 10:51:35 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2009/06/08 10:51:35 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2009/06/08 10:51:35 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2009/06/08 10:51:35 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2009/06/08 10:51:35 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2009/06/08 10:51:34 | 00,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2009/06/08 10:51:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2009/06/08 10:51:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2009/06/08 10:51:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2009/06/08 10:51:33 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2009/06/08 10:51:32 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2009/06/08 10:51:32 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2009/06/08 10:51:32 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2009/06/08 10:51:32 | 00,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2009/06/08 10:51:32 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2009/06/08 10:51:32 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2009/06/08 10:51:32 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2009/06/08 10:51:30 | 01,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2009/06/08 10:51:30 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2009/06/08 10:51:30 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2009/06/08 10:51:30 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2009/06/08 10:51:30 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2009/06/08 10:51:30 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2009/06/08 10:51:30 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2009/06/08 10:51:30 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2009/06/08 10:51:30 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2009/06/08 10:51:29 | 00,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2009/06/08 10:51:29 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/06/08 10:51:29 | 00,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2009/06/08 10:51:29 | 00,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2009/06/08 10:51:29 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2009/06/08 10:51:29 | 00,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2009/06/08 10:51:29 | 00,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2009/06/08 10:51:29 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2009/06/08 10:51:29 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2009/06/08 10:51:29 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/06/08 10:51:29 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2009/06/08 10:51:29 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2009/06/08 10:51:29 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2009/06/08 10:51:29 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2009/06/08 10:51:29 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2009/06/08 10:51:27 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2009/06/08 10:51:25 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2009/06/08 10:51:25 | 00,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2009/06/08 10:51:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/06/08 10:51:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/06/08 10:51:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/06/08 10:51:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/06/08 10:48:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/06/08 10:48:15 | 00,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2009/06/08 10:46:25 | 00,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2009/06/08 10:46:25 | 00,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2009/06/08 10:46:25 | 00,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2009/06/08 10:46:25 | 00,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2009/06/08 10:46:25 | 00,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2009/06/08 10:46:25 | 00,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2009/06/08 10:46:25 | 00,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2009/06/08 10:46:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/06/08 10:46:24 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2009/06/08 10:46:24 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2009/06/08 10:46:24 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2009/06/08 10:46:24 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2009/06/08 10:46:24 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2009/06/08 10:46:24 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2009/06/08 10:46:24 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2009/06/08 10:46:24 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2009/06/08 10:46:24 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2009/06/08 10:46:24 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2009/06/08 10:46:24 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2009/06/08 10:46:24 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2009/06/08 10:46:24 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2009/06/08 10:46:24 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2009/06/08 10:46:24 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2009/06/08 10:46:24 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2009/06/08 10:46:24 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2009/06/08 10:46:24 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2009/06/08 10:46:24 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2009/06/08 10:46:24 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2009/06/08 10:46:24 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2009/06/08 10:46:23 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2009/06/08 10:46:23 | 00,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2009/06/08 10:46:23 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/06/08 10:46:23 | 00,101,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthpan.sys
[2009/06/08 10:46:23 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/06/08 10:46:23 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2009/06/08 10:46:23 | 00,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthmodem.sys
[2009/06/08 10:46:23 | 00,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2009/06/08 10:46:23 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidbth.sys
[2009/06/08 10:46:23 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2009/06/08 10:46:23 | 00,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2009/06/08 10:46:23 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidir.sys
[2009/06/08 10:46:23 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthusb.sys
[2009/06/08 10:46:23 | 00,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2009/06/08 10:46:23 | 00,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthenum.sys
[2009/06/08 10:46:23 | 00,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2009/06/08 10:46:23 | 00,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2009/06/08 10:46:23 | 00,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2009/06/08 10:46:22 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2009/06/08 10:46:22 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2009/06/08 10:46:22 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2009/06/08 10:46:22 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2009/06/08 10:46:22 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2009/06/08 10:46:22 | 00,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2009/06/08 10:46:22 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2009/06/08 10:46:21 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2009/06/08 10:46:21 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2009/06/08 10:46:21 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2009/06/08 10:46:21 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2009/06/08 10:46:21 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2009/06/08 10:46:21 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/06/08 10:46:21 | 00,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rfcomm.sys
[2009/06/08 10:46:21 | 00,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2009/06/08 10:46:21 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2009/06/08 10:46:21 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2009/06/08 10:46:21 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usb8023x.sys
[2009/06/08 10:46:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2009/06/08 10:46:21 | 00,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2009/06/08 10:46:21 | 00,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2009/06/08 10:46:20 | 00,121,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbvideo.sys
[2009/06/08 10:46:20 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2009/06/08 10:46:20 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2009/06/08 10:46:20 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wacompen.sys
[2009/06/08 10:46:20 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2009/06/08 10:46:20 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2009/06/08 10:46:20 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2009/06/08 10:46:20 | 00,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2009/06/08 10:46:20 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2009/06/08 10:41:39 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/06/08 10:31:09 | 00,000,000 | ---D | C] -- C:\206a2446dfb1ee6054
[2009/06/07 22:37:57 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/06/07 22:37:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Leadertech
[2009/06/07 22:37:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\My Documents\My Games
[2009/06/07 22:32:39 | 00,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2009/06/07 12:51:48 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/06/07 01:37:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Rockstar Games
[2009/06/07 01:35:01 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/06/07 01:32:30 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.DLL
[2009/06/07 01:32:29 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/06/07 01:30:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/06/07 01:30:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/06/07 01:29:39 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/06/07 01:29:08 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2009/06/07 01:18:49 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2009/06/07 01:18:45 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/06/07 01:18:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\umdf
[2009/06/07 01:16:38 | 00,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2009/06/07 01:16:38 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2009/06/07 01:16:38 | 00,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2009/06/07 01:16:37 | 03,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2009/06/07 01:16:37 | 01,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2009/06/07 01:16:37 | 00,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2009/06/07 01:16:37 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2009/06/07 01:16:36 | 00,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2009/06/07 01:16:36 | 00,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2009/06/07 01:16:35 | 01,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2009/06/07 01:16:35 | 00,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2009/06/07 01:16:35 | 00,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2009/06/07 01:16:34 | 03,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2009/06/07 01:16:34 | 00,267,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_10.dll
[2009/06/07 01:16:33 | 03,734,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_36.dll
[2009/06/07 01:16:33 | 01,374,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_36.dll
[2009/06/07 01:16:33 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_36.dll
[2009/06/07 01:16:32 | 01,358,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_35.dll
[2009/06/07 01:16:32 | 00,444,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_35.dll
[2009/06/07 01:16:32 | 00,267,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_9.dll
[2009/06/07 01:16:31 | 03,727,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_35.dll
[2009/06/07 01:15:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/06/06 19:14:53 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/06/06 19:13:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/06/06 19:12:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\My Documents\Neverwinter Nights 2
[2009/06/06 19:02:01 | 00,000,000 | ---D | C] -- C:\Program Files\Atari
[2009/06/06 12:08:16 | 00,001,751 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\Play Star Wars Jedi Knight Jedi Academy.lnk
[2009/06/06 12:08:16 | 00,000,000 | ---D | C] -- C:\Program Files\LucasArts
[2009/06/05 23:29:25 | 00,065,536 | ---- | C] () -- C:\Documents and Settings\Zach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/05 18:23:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/06/05 18:22:56 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/06/05 17:44:24 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/06/05 17:28:26 | 00,000,738 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\Shortcut to MassEffect.lnk
[2009/06/05 17:11:06 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/05 17:11:05 | 00,860,160 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2009/06/05 17:11:05 | 00,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2009/06/05 17:11:05 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/06/05 17:11:04 | 00,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2009/06/05 17:11:04 | 00,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2009/06/05 17:11:03 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/06/05 17:11:03 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/06/05 17:11:03 | 00,683,520 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2009/06/05 17:11:03 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/06/05 17:11:03 | 00,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2009/06/05 17:11:02 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCR71.DLL
[2009/06/05 17:11:02 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/05 17:11:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/06/05 17:11:01 | 00,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2009/06/05 17:10:14 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/06/05 17:10:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\DAEMON Tools Lite
[2009/06/05 17:08:54 | 14,160,286 | ---- | C] ( ) -- C:\Documents and Settings\Zach\Desktop\klcodec416f.exe
[2009/06/05 17:06:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Media Player Classic
[2009/06/05 16:50:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Apple Computer
[2009/06/05 16:50:27 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2009/06/05 16:50:27 | 00,023,400 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
[2009/06/05 16:50:06 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/05 16:49:55 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/05 16:49:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/06/05 16:49:41 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/06/05 16:49:13 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/06/05 16:49:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/06/05 16:48:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Apple
[2009/06/05 16:48:57 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/06/05 16:48:46 | 00,039,424 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/06/05 16:48:45 | 02,060,288 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/06/05 16:48:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/06/05 16:48:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/06/05 16:48:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/06/05 16:48:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Apple Computer
[2009/06/05 16:48:03 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\µTorrent.lnk
[2009/06/05 16:48:03 | 00,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/06/05 16:47:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\uTorrent
[2009/06/05 16:40:11 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/06/05 16:26:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MSMoney
[2009/06/05 16:26:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\mnybak
[2009/06/05 16:26:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/06/05 15:38:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/06/05 15:23:12 | 00,000,000 | ---D | C] -- C:\Program Files\Iomega
[2009/06/05 15:22:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/06/05 15:22:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\WinRAR
[2009/06/05 15:22:38 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/06/05 15:14:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Macromedia
[2009/06/05 15:13:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Adobe
[2009/06/05 15:13:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\AdobeUM
[2009/06/05 15:13:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\My Documents\My eBooks
[2009/06/05 15:13:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Adobe
[2009/06/05 15:13:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/06/05 03:13:46 | 00,030,912 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2009/06/05 03:13:46 | 00,030,912 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2009/06/05 03:13:46 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/06/05 03:13:46 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2009/06/05 03:13:46 | 00,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
[2009/06/05 03:13:46 | 00,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
[2009/06/05 01:22:16 | 00,001,582 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\Half-Life 2 Episode Two.lnk
[2009/06/05 01:19:42 | 00,001,582 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\Half-Life 2 Episode One.lnk
[2009/06/05 00:51:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\My Documents\Bioshock
[2009/06/05 00:51:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Bioshock
[2009/06/05 00:50:28 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Zach\Application Data\SecuROM
[2009/06/05 00:48:51 | 01,124,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_34.dll
[2009/06/05 00:48:51 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_34.dll
[2009/06/05 00:48:51 | 00,266,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_8.dll
[2009/06/05 00:48:51 | 00,017,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_2.dll
[2009/06/05 00:48:50 | 03,497,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_34.dll
[2009/06/05 00:48:50 | 00,081,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_3.dll
[2009/06/05 00:48:48 | 00,261,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_7.dll
[2009/06/05 00:48:47 | 01,123,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_33.dll
[2009/06/05 00:48:47 | 00,443,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_33.dll
[2009/06/05 00:48:45 | 03,495,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_33.dll
[2009/06/05 00:48:44 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/06/05 00:48:44 | 00,255,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_6.dll
[2009/06/05 00:48:44 | 00,251,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_5.dll
[2009/06/05 00:48:43 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_31.dll
[2009/06/05 00:48:43 | 00,237,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_4.dll
[2009/06/05 00:48:43 | 00,236,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_3.dll
[2009/06/05 00:48:43 | 00,015,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_1.dll
[2009/06/05 00:48:42 | 00,230,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_2.dll
[2009/06/05 00:48:42 | 00,062,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_2.dll
[2009/06/05 00:48:42 | 00,062,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput1_1.dll
[2009/06/05 00:48:41 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2009/06/05 00:48:41 | 00,230,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_0.dll
[2009/06/05 00:48:41 | 00,229,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine2_1.dll
[2009/06/05 00:48:41 | 00,014,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\x3daudio1_0.dll
[2009/06/05 00:48:40 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/06/05 00:48:39 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/06/05 00:48:39 | 00,061,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xinput9_1_0.dll
[2009/06/05 00:48:38 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2009/06/05 00:48:38 | 02,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2009/06/05 00:48:38 | 02,297,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_26.dll
[2009/06/05 00:48:37 | 02,222,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_24.dll
[2009/06/05 00:47:11 | 00,098,304 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/06/05 00:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\2K Games
[2009/06/05 00:37:04 | 00,001,548 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\Portal.lnk
[2009/06/05 00:36:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\InstallShield
[2009/06/05 00:36:17 | 00,001,558 | ---- | C] () -- C:\Documents and Settings\Zach\Desktop\Half-Life 2.lnk
[2009/06/05 00:34:01 | 00,030,120 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2009/06/05 00:34:01 | 00,030,120 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2009/06/05 00:30:50 | 00,000,000 | ---D | C] -- C:\Program Files\Steam
[2009/06/05 00:28:54 | 00,485,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2009/06/05 00:28:46 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/06/05 00:25:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Mozilla
[2009/06/05 00:25:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Mozilla
[2009/06/05 00:23:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Creative
[2009/06/05 00:20:35 | 00,090,112 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\Updreg.EXE
[2009/06/05 00:20:35 | 00,084,992 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\SFCVRT32.DLL
[2009/06/05 00:20:35 | 00,053,552 | ---- | C] (Creative® Technology Ltd.) -- C:\WINDOWS\CTCCW.DLL
[2009/06/05 00:20:35 | 00,024,976 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\CTRES.DLL
[2009/06/05 00:20:35 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/06/05 00:20:34 | 01,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2009/06/05 00:20:34 | 00,082,432 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTWFLT32.DLL
[2009/06/05 00:20:34 | 00,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.DLL
[2009/06/05 00:20:34 | 00,026,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CTL3D.DLL
[2009/06/05 00:20:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Defaults
[2009/06/05 00:20:22 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2009/06/05 00:20:20 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\dmusic.sys
[2009/06/05 00:19:59 | 00,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2009/06/05 00:19:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Data
[2009/06/05 00:19:54 | 00,007,406 | ---- | C] () -- C:\WINDOWS\System32\SBAudigy.ico
[2009/06/05 00:19:52 | 00,001,912 | ---- | C] () -- C:\WINDOWS\System32\Audigy.bmp
[2009/06/05 00:19:50 | 00,049,152 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\CTDCRES.DLL
[2009/06/05 00:19:49 | 00,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2009/06/05 00:19:49 | 00,176,128 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\READREG.EXE
[2009/06/05 00:19:49 | 00,109,080 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/06/05 00:19:48 | 00,094,208 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\DEVREG.DLL
[2009/06/05 00:19:48 | 00,049,152 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\MIDIDEF.EXE
[2009/06/05 00:19:48 | 00,020,480 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ENSDEF.EXE
[2009/06/05 00:19:48 | 00,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2009/06/05 00:19:47 | 02,259,067 | ---- | C] () -- C:\WINDOWS\System32\DEFAULT.ECW
[2009/06/05 00:19:44 | 00,008,704 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctagent.dll
[2009/06/05 00:19:43 | 02,167,684 | ---- | C] () -- C:\WINDOWS\System32\CT2MGM.SF2
[2009/06/05 00:19:43 | 01,048,576 | ---- | C] () -- C:\WINDOWS\System32\CT1MGM.ROM
[2009/06/05 00:19:42 | 00,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2009/06/05 00:19:41 | 00,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2009/06/05 00:19:39 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2009/06/05 00:19:30 | 00,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2009/06/05 00:19:30 | 00,077,824 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\ctdvda32.dll
[2009/06/05 00:19:24 | 00,032,768 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\AudioHQU.cpl
[2009/06/05 00:19:24 | 00,012,288 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\AHQCpURes.dll
[2009/06/05 00:18:12 | 00,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2009/06/05 00:17:56 | 00,062,976 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTDetres.dll
[2009/06/05 00:17:56 | 00,025,088 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSVCCTL.EXE
[2009/06/05 00:17:56 | 00,017,350 | ---- | C] () -- C:\WINDOWS\System32\CTDetect.hlp
[2009/06/05 00:17:56 | 00,000,641 | ---- | C] () -- C:\WINDOWS\System32\CTDetect.cnt
[2009/06/05 00:17:55 | 00,044,032 | ---- | C] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTSVCCDA.EXE
[2009/06/05 00:17:53 | 00,331,776 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTMEDENG.DLL
[2009/06/05 00:17:52 | 00,139,264 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\Video.skn
[2009/06/05 00:17:52 | 00,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CTMERes.DLL
[2009/06/05 00:17:25 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2009/06/05 00:12:21 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\getpntid.exe
[2009/06/05 00:12:21 | 00,014,002 | ---- | C] (Samsung Electronics.) -- C:\WINDOWS\System32\Ssgb1mon.dll
[2009/06/05 00:12:21 | 00,003,262 | ---- | C] () -- C:\WINDOWS\reinstall.ico
[2009/06/05 00:12:21 | 00,000,766 | ---- | C] () -- C:\WINDOWS\Uninstall.ico
[2009/06/05 00:12:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\samsung
[2009/06/05 00:08:38 | 00,000,000 | ---D | C] -- C:\Program Files\Litsoft
[2009/06/05 00:00:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/06/04 23:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Money
[2009/06/04 23:46:40 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/04 23:46:30 | 00,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/06/04 23:44:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/06/04 22:39:56 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/06/04 22:32:42 | 00,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbstor.sys
[2009/06/04 21:53:53 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/06/04 21:53:53 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/06/04 21:53:42 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/06/04 21:53:42 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/06/04 21:53:41 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/06/04 21:53:41 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/06/04 21:53:41 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/06/04 21:53:41 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/06/04 21:53:41 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/06/04 21:53:41 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/06/04 21:53:41 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/06/04 21:53:40 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/06/04 21:53:40 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/06/04 21:53:40 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/06/04 21:51:52 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/06/04 21:51:50 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/06/04 21:51:45 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/06/04 21:51:39 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/06/04 21:51:29 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/06/04 21:51:29 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/06/04 21:50:59 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/06/04 21:50:13 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/04 21:50:04 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/04 21:50:00 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/06/04 21:48:32 | 00,000,000 | ---D | C] -- C:\Downloads
[2009/06/04 21:46:29 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/06/04 21:46:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/06/04 21:46:17 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/06/04 21:46:03 | 00,013,728 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2009/06/04 21:41:18 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_DIM_XPSGEN3.MRK
[2009/06/04 21:41:18 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_DIM_XPSGEN3.MRK
[2009/06/04 21:40:06 | 00,446,464 | R--- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\hhactivex.dll
[2009/06/04 21:40:06 | 00,328,480 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\ssa3d30.ocx
[2009/06/04 21:40:06 | 00,176,128 | ---- | C] (Dell Computer Corporation) -- C:\WINDOWS\System32\RcdScan.dll
[2009/06/04 21:39:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/06/04 21:22:48 | 00,457,248 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2009/06/04 21:22:48 | 00,019,495 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/06/04 21:22:43 | 09,998,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2009/06/04 21:22:43 | 00,294,912 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrses.dll
[2009/06/04 21:22:43 | 00,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsit.dll
[2009/06/04 21:22:43 | 00,282,624 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsfr.dll
[2009/06/04 21:22:43 | 00,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsptb.dll
[2009/06/04 21:22:43 | 00,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsde.dll
[2009/06/04 21:22:43 | 00,200,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2009/06/04 21:22:43 | 00,200,704 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2009/06/04 21:22:43 | 00,196,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2009/06/04 21:22:43 | 00,192,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2009/06/04 21:22:43 | 00,192,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2009/06/04 21:22:43 | 00,192,512 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2009/06/04 21:22:43 | 00,184,320 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsja.dll
[2009/06/04 21:22:43 | 00,184,320 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2009/06/04 21:22:43 | 00,172,032 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsko.dll
[2009/06/04 21:22:43 | 00,172,032 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2009/06/04 21:22:43 | 00,086,016 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2009/06/04 21:22:43 | 00,012,288 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgfx.dll
[2009/06/04 21:22:42 | 00,151,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2009/06/04 21:22:42 | 00,151,552 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2009/06/04 21:22:42 | 00,004,598 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2009/06/04 21:22:41 | 08,087,712 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/06/04 21:22:41 | 08,087,712 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2009/06/04 21:22:41 | 05,908,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/06/04 21:22:41 | 03,739,648 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2009/06/04 21:22:41 | 00,147,456 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrszht.dll
[2009/06/04 21:22:41 | 00,143,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrszhc.dll
[2009/06/04 21:22:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/06/04 21:21:51 | 00,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2009/06/04 21:20:58 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mskssrv.sys
[2009/06/04 21:20:57 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspqm.sys
[2009/06/04 21:20:56 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mspclock.sys
[2009/06/04 21:20:51 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/06/04 21:20:51 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2009/06/04 21:20:51 | 00,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys
[2009/06/04 21:20:51 | 00,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2009/06/04 21:20:51 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/06/04 21:20:51 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2009/06/04 21:20:32 | 01,233,525 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\IntelC51.sys
[2009/06/04 21:20:32 | 00,647,929 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\IntelC52.sys
[2009/06/04 21:20:32 | 00,172,032 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\intelmoh.dll
[2009/06/04 21:20:32 | 00,060,949 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\IntelC53.sys
[2009/06/04 21:20:32 | 00,053,248 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\mhwt.dll
[2009/06/04 21:20:32 | 00,037,048 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\mohfilt.sys
[2009/06/04 21:20:32 | 00,034,293 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\IntelCci.dll
[2009/06/04 21:18:38 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/06/04 21:18:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/06/04 21:15:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/06/04 21:15:23 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/06/04 21:09:12 | 01,580,226 | -H-- | C] () -- C:\Documents and Settings\Zach\Local Settings\Application Data\IconCache.db


[2009/06/04 19:11:52 | 00,171,967 | ---- | C] () -- C:\WINDOWS\System32\Odbcjet.hlp
[2009/06/04 19:11:52 | 00,007,348 | ---- | C] () -- C:\WINDOWS\System32\Odbcjet.cnt
[2009/06/04 19:11:51 | 00,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL
[2009/06/04 19:11:50 | 00,013,632 | ---- | C] (Dell Computer Corporation) -- C:\WINDOWS\System32\drivers\omci.sys
[2009/06/04 19:11:50 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/06/04 19:11:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/06/04 19:11:22 | 00,078,488 | ---- | C] () -- C:\Documents and Settings\Zach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/04 19:11:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Application Data\Identities
[2009/06/04 19:10:58 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Zach\My Documents\My Pictures
[2009/06/04 19:10:58 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Zach\My Documents\My Music
[2009/06/04 19:10:53 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Zach\Application Data\Microsoft
[2009/06/04 19:10:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zach\Local Settings\Application Data\Microsoft
[2009/06/04 19:08:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/06/04 19:07:29 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2009/06/04 19:07:29 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2009/06/04 19:07:28 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2009/06/04 19:07:27 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2009/06/04 19:07:27 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2009/06/04 19:07:27 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2009/06/04 19:07:27 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2009/06/04 19:07:24 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2009/06/04 19:07:22 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2009/06/04 19:07:22 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2009/06/04 19:07:22 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2009/06/04 19:07:20 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2009/06/04 19:07:20 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2009/06/04 19:07:18 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2009/06/04 19:07:18 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2009/06/04 19:07:17 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2009/06/04 19:07:17 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2009/06/04 19:07:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2009/06/04 19:07:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2009/06/04 19:07:16 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2009/06/04 19:07:16 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2009/06/04 19:07:16 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2009/06/04 19:07:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2009/06/04 19:07:16 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2009/06/04 19:07:16 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2009/06/04 19:07:16 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2009/06/04 19:07:16 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2009/06/04 19:07:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2009/06/04 19:07:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2009/06/04 19:07:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2009/06/04 19:07:16 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2009/06/04 19:07:15 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2009/06/04 19:07:15 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2009/06/04 19:07:12 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2009/06/04 19:07:12 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2009/06/04 19:07:11 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/06/04 19:07:11 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/06/04 19:07:10 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2009/06/04 19:07:10 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2009/06/04 19:07:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2009/06/04 19:07:08 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2009/06/04 19:07:07 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2009/06/04 19:07:07 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2009/06/04 19:07:07 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2009/06/04 19:07:06 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2009/06/04 19:07:06 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2009/06/04 19:07:04 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2009/06/04 19:07:03 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2009/06/04 19:06:54 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2009/06/04 19:06:54 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2009/06/04 19:06:53 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2009/06/04 19:06:52 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2009/06/04 19:06:52 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2009/06/04 19:06:49 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2009/06/04 19:06:49 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2009/06/04 19:06:49 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2009/06/04 19:06:48 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2009/06/04 19:06:46 | 00,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2009/06/04 19:06:46 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2009/06/04 19:06:46 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2009/06/04 19:06:46 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2009/06/04 19:06:38 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2009/06/04 19:06:38 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2009/06/04 19:06:37 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2009/06/04 19:06:37 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2009/06/04 19:06:36 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2009/06/04 19:06:35 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2009/06/04 19:06:35 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2009/06/04 19:06:34 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/06/04 19:06:34 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/06/04 19:06:34 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/06/04 19:06:34 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2009/06/04 19:06:29 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2009/06/04 19:06:29 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2009/06/04 19:06:29 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2009/06/04 19:06:29 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2009/06/04 19:06:27 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2009/06/04 19:06:27 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2009/06/04 19:06:27 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2009/06/04 19:06:26 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/06/04 19:06:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/06/04 19:06:26 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/06/04 19:06:26 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2009/06/04 19:06:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/06/04 19:06:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/06/04 19:06:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/06/04 19:06:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/06/04 19:06:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/06/04 19:06:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/06/04 19:06:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/06/04 19:06:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/06/04 19:06:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/06/04 19:06:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/06/04 19:06:24 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/06/04 19:06:24 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/06/04 19:06:24 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/06/04 19:06:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/06/04 19:06:23 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/06/04 19:06:23 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/06/04 19:06:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/06/04 19:06:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/06/04 19:06:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/06/04 19:06:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/06/04 19:06:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/06/04 19:06:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/06/04 19:06:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/06/04 19:06:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/06/04 19:06:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/06/04 19:06:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/06/04 19:06:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/06/04 19:06:22 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2009/06/04 19:06:21 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2009/06/04 19:06:21 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2009/06/04 19:06:21 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2009/06/04 19:06:20 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2009/06/04 19:06:19 | 00,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2009/06/04 19:06:19 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2009/06/04 19:06:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2009/06/04 19:06:16 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2009/06/04 19:06:11 | 00,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2009/06/04 19:06:11 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2009/06/04 19:06:11 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2009/06/04 19:06:10 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2009/06/04 19:06:10 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2009/06/04 19:06:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2009/06/04 19:06:07 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2009/06/04 19:05:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/06/04 19:05:46 | 00,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/06/04 19:05:31 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/06/04 19:04:51 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/06/04 19:04:34 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2009/06/04 19:04:32 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2009/06/04 19:04:31 | 00,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2009/06/04 19:04:31 | 00,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2009/06/04 19:04:31 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2009/06/04 19:04:31 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2009/06/04 19:04:29 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/06/04 19:04:29 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2009/06/04 19:04:29 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/06/04 19:04:29 | 00,323,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2009/06/04 19:04:29 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/06/04 19:04:29 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2009/06/04 19:04:29 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009/06/04 19:04:29 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2009/06/04 19:04:29 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2009/06/04 19:04:29 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2009/06/04 19:04:29 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/06/04 19:04:29 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2009/06/04 19:04:29 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009/06/04 19:04:29 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009/06/04 19:04:19 | 00,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltmgr.sys
[2009/06/04 19:04:19 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2009/06/04 19:04:19 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltlib.dll
[2009/06/04 19:01:39 | 00,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\intelide.sys
[2009/06/04 19:00:04 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tintlgnt.ime
[2009/06/04 19:00:04 | 00,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2009/06/04 19:00:04 | 00,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2009/06/04 19:00:04 | 00,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2009/06/04 19:00:04 | 00,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2009/06/04 19:00:04 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/06/04 19:00:04 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2009/06/04 19:00:04 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2009/06/04 19:00:04 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2009/06/04 19:00:04 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2009/06/04 19:00:04 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cintlgnt.ime
[2009/06/04 19:00:04 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2009/06/04 18:59:58 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\pintlgnt.ime
[2009/06/04 18:59:58 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2009/06/04 18:59:58 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2009/06/04 18:59:58 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2009/06/04 18:59:58 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/06/04 18:59:48 | 10,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2009/06/04 18:59:47 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP
[2009/06/04 18:59:47 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP
[2009/06/04 18:59:34 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/06/04 18:59:34 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/06/04 18:59:34 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/06/04 18:59:34 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2009/06/04 18:59:21 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/06/04 18:59:21 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/06/04 18:59:21 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/06/04 18:59:21 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/06/04 18:59:21 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/06/04 18:59:21 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/06/04 18:59:20 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/06/04 18:59:20 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/06/04 18:51:14 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/06/04 18:45:56 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/06/04 18:45:50 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/06/04 18:42:05 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/06/04 18:41:46 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/06/04 18:41:04 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/04 18:39:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/06/04 18:39:59 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/06/04 18:39:59 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/06/04 18:39:48 | 00,000,000 | ---D | C] -- C:\DELL
[2009/06/04 18:39:45 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/06/04 18:39:45 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/06/04 18:39:45 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/06/04 18:39:45 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/06/04 18:39:45 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/06/04 18:39:43 | 00,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/06/04 18:39:43 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/06/04 18:39:43 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/06/04 18:39:42 | 00,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2009/06/04 18:39:38 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/04 18:39:36 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2009/06/04 18:39:03 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/06/04 18:39:03 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/06/04 18:39:03 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/06/04 18:38:59 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/06/04 18:38:50 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/06/04 18:38:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/06/04 18:38:22 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2009/06/04 18:38:22 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2009/06/04 18:38:22 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2009/06/04 18:38:22 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2009/06/04 18:38:21 | 00,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2009/06/04 18:38:21 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2009/06/04 18:38:21 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2009/06/04 18:38:21 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2009/06/04 18:38:21 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2009/06/04 18:38:21 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2009/06/04 18:38:19 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/06/04 18:38:19 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/06/04 18:38:13 | 00,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2009/06/04 18:38:13 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/06/04 18:38:12 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2009/06/04 18:38:12 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2009/06/04 18:38:12 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2009/06/04 18:38:12 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2009/06/04 18:38:12 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2009/06/04 18:38:11 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2009/06/04 18:38:11 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2009/06/04 18:38:10 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2009/06/04 18:38:10 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2009/06/04 18:38:10 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2009/06/04 18:38:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/06/04 18:38:08 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2009/06/04 18:38:06 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/06/04 18:38:05 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2009/06/04 18:38:05 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2009/06/04 18:38:05 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2009/06/04 18:38:05 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2009/06/04 18:38:05 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2009/06/04 18:38:05 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2009/06/04 18:38:04 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2009/06/04 18:38:04 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2009/06/04 18:38:04 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2009/06/04 18:38:04 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2009/06/04 18:38:04 | 00,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2009/06/04 18:38:03 | 00,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2009/06/04 18:38:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/06/04 18:38:01 | 00,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2009/06/04 18:37:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/06/04 18:37:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/06/04 18:37:58 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2009/06/04 18:37:58 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2009/06/04 18:37:58 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2009/06/04 18:37:58 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009/06/04 18:37:57 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/06/04 18:37:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2009/06/04 18:37:53 | 00,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2009/06/04 18:37:53 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2009/06/04 18:37:53 | 00,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2009/06/04 18:37:53 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2009/06/04 18:37:53 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2009/06/04 18:37:53 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2009/06/04 18:37:53 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2009/06/04 18:37:53 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2009/06/04 18:37:53 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2009/06/04 18:37:53 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2009/06/04 18:37:53 | 00,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2009/06/04 18:37:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/06/04 18:37:52 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2009/06/04 18:37:52 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2009/06/04 18:37:50 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2009/06/04 18:37:50 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2009/06/04 18:37:50 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/06/04 18:37:49 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2009/06/04 18:37:49 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2009/06/04 18:37:49 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2009/06/04 18:37:49 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009/06/04 18:37:49 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/06/04 18:37:44 | 00,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2009/06/04 18:37:43 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/06/04 18:37:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/06/04 18:37:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/06/04 18:37:42 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/06/04 18:37:30 | 00,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/04 18:37:28 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/06/04 18:37:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/06/04 18:37:24 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/06/04 18:37:24 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/06/04 18:37:24 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/06/04 18:37:21 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/06/04 18:37:20 | 00,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2009/06/04 18:37:19 | 01,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2009/06/04 18:37:19 | 00,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2009/06/04 18:37:19 | 00,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2009/06/04 18:37:19 | 00,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2009/06/04 18:37:19 | 00,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2009/06/04 18:37:19 | 00,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2009/06/04 18:37:19 | 00,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2009/06/04 18:37:19 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2009/06/04 18:37:19 | 00,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2009/06/04 18:37:18 | 02,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2009/06/04 18:37:18 | 01,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2009/06/04 18:37:18 | 00,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2009/06/04 18:37:18 | 00,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2009/06/04 18:37:18 | 00,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2009/06/04 18:37:18 | 00,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2009/06/04 18:37:18 | 00,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2009/06/04 18:37:18 | 00,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2009/06/04 18:37:18 | 00,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2009/06/04 18:37:17 | 01,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2009/06/04 18:37:17 | 00,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2009/06/04 18:37:17 | 00,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2009/06/04 18:37:17 | 00,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2009/06/04 18:37:17 | 00,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2009/06/04 18:37:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/06/04 18:37:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2009/06/04 18:37:17 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/06/04 18:37:09 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2009/06/04 18:37:09 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009/06/04 18:37:09 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009/06/04 18:37:09 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2009/06/04 18:37:09 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/06/04 18:37:09 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2009/06/04 18:37:09 | 00,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2009/06/04 18:37:09 | 00,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2009/06/04 18:37:08 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2009/06/04 18:37:08 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2009/06/04 18:37:08 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2009/06/04 18:37:08 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2009/06/04 18:37:08 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2009/06/04 18:37:08 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2009/06/04 18:37:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2009/06/04 18:37:08 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2009/06/04 18:37:04 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/06/04 18:37:03 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/06/04 18:37:03 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/06/04 18:37:03 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/06/04 18:37:03 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/06/04 18:37:03 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/06/04 18:37:03 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/06/04 18:37:03 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/06/04 18:37:03 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/06/04 18:37:03 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/06/04 18:37:03 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/06/04 18:37:02 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2009/06/04 18:37:02 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2009/06/04 18:37:02 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/06/04 18:37:02 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2009/06/04 18:37:02 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009/06/04 18:37:02 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/06/04 18:37:02 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/06/04 18:37:02 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/06/04 18:37:02 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/06/04 18:37:02 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/06/04 18:37:02 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/06/04 18:37:02 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/06/04 18:37:01 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2009/06/04 18:37:01 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2009/06/04 18:37:01 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009/06/04 18:37:01 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2009/06/04 18:37:01 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2009/06/04 18:37:01 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009/06/04 18:37:01 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009/06/04 18:37:01 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2009/06/04 18:37:00 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009/06/04 18:37:00 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009/06/04 18:37:00 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2009/06/04 18:37:00 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2009/06/04 18:37:00 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2009/06/04 18:37:00 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2009/06/04 18:37:00 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2009/06/04 18:37:00 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2009/06/04 18:37:00 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009/06/04 18:37:00 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2009/06/04 18:37:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009/06/04 18:37:00 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2009/06/04 18:37:00 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2009/06/04 18:37:00 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2009/06/04 18:37:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009/06/04 18:37:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009/06/04 18:37:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2009/06/04 18:37:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2009/06/04 18:37:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2009/06/04 18:37:00 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2009/06/04 18:37:00 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2009/06/04 18:37:00 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2009/06/04 18:37:00 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2009/06/04 18:37:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2009/06/04 18:37:00 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2009/06/04 18:37:00 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/06/04 18:37:00 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/06/04 18:36:59 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2009/06/04 18:36:59 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2009/06/04 18:36:59 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2009/06/04 18:36:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2009/06/04 18:36:59 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2009/06/04 18:36:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009/06/04 18:36:59 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2009/06/04 18:36:59 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2009/06/04 18:36:59 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2009/06/04 18:36:59 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2009/06/04 18:36:59 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2009/06/04 18:36:59 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2009/06/04 18:36:58 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2009/06/04 18:36:58 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2009/06/04 18:36:58 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2009/06/04 18:36:58 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2009/06/04 18:36:58 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/06/04 18:36:57 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2009/06/04 18:36:57 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2009/06/04 18:36:57 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2009/06/04 18:36:57 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2009/06/04 18:36:57 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2009/06/04 18:36:57 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009/06/04 18:36:57 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2009/06/04 18:36:56 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2009/06/04 18:36:56 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2009/06/04 18:36:56 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2009/06/04 18:36:56 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2009/06/04 18:36:56 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2009/06/04 18:36:56 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2009/06/04 18:36:55 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2009/06/04 18:36:55 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2009/06/04 18:36:52 | 00,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2009/06/04 18:36:52 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2009/06/04 18:36:52 | 00,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2009/06/04 18:36:51 | 00,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2009/06/04 18:36:51 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2009/06/04 18:36:51 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2009/06/04 18:36:51 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2009/06/04 18:36:51 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2009/06/04 18:36:51 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2009/06/04 18:36:51 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2009/06/04 18:36:51 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2009/06/04 18:36:51 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2009/06/04 18:36:51 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2009/06/04 18:36:50 | 00,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2009/06/04 18:36:50 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2009/06/04 18:36:50 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2009/06/04 18:36:49 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2009/06/04 18:36:49 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/06/04 18:36:49 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2009/06/04 18:36:49 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2009/06/04 18:36:44 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/06/04 18:36:44 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2009/06/04 18:36:44 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/06/04 18:36:44 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/06/04 18:36:43 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/06/04 18:36:43 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2009/06/04 18:36:43 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009/06/04 18:36:43 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/06/04 18:36:43 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009/06/04 18:36:43 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/06/04 18:36:43 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2009/06/04 18:36:43 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2009/06/04 18:36:42 | 02,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2009/06/04 18:36:42 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009/06/04 18:36:42 | 00,655,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2009/06/04 18:36:42 | 00,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2009/06/04 18:36:42 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009/06/04 18:36:42 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2009/06/04 18:36:42 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2009/06/04 18:36:42 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2009/06/04 18:36:42 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009/06/04 18:36:41 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2009/06/04 18:36:41 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2009/06/04 18:36:41 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2009/06/04 18:36:41 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009/06/04 18:36:41 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2009/06/04 18:36:41 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2009/06/04 18:36:41 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2009/06/04 18:36:41 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2009/06/04 18:36:41 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2009/06/04 18:36:40 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2009/06/04 18:36:40 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009/06/04 18:36:40 | 00,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2009/06/04 18:36:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/06/04 18:36:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/06/04 18:36:36 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2009/06/04 18:36:34 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2009/06/04 18:36:34 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2009/06/04 18:36:33 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/06/04 11:51:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/06/04 11:51:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/06/04 11:51:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/06/04 11:51:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2009/06/04 11:32:53 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2009/06/04 11:32:53 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2009/06/04 11:32:53 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2009/06/04 11:32:53 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2009/06/04 11:32:53 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2009/06/04 11:32:52 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/06/04 11:32:52 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2009/06/04 11:32:52 | 00,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2009/06/04 11:32:52 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2009/06/04 11:32:52 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2009/06/04 11:32:52 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2009/06/04 11:32:52 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2009/06/04 11:32:52 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2009/06/04 11:32:52 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2009/06/04 11:32:52 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2009/06/04 11:32:52 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2009/06/04 11:32:52 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2009/06/04 11:32:52 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2009/06/04 11:32:52 | 00,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2009/06/04 11:32:52 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2009/06/04 11:32:52 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2009/06/04 11:32:52 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2009/06/04 11:32:52 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2009/06/04 11:32:41 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2009/06/04 11:32:41 | 00,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2009/06/04 11:32:41 | 00,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2009/06/04 11:32:41 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2009/06/04 11:32:41 | 00,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2009/06/04 11:32:41 | 00,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2009/06/04 11:32:41 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/06/04 11:32:41 | 00,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2009/06/04 11:32:41 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2009/06/04 11:32:41 | 00,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2009/06/04 11:32:41 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imekr61.ime
[2009/06/04 11:32:41 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2009/06/04 11:32:41 | 00,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2009/06/04 11:32:40 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2009/06/04 11:32:40 | 01,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2009/06/04 11:32:40 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2009/06/04 11:32:40 | 00,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2009/06/04 11:32:40 | 00,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2009/06/04 11:32:40 | 00,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2009/06/04 11:32:40 | 00,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2009/06/04 11:32:40 | 00,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2009/06/04 11:32:40 | 00,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2009/06/04 11:32:40 | 00,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2009/06/04 11:32:40 | 00,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2009/06/04 11:32:40 | 00,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2009/06/04 11:32:39 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2009/06/04 11:32:39 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/06/04 11:32:39 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2009/06/04 11:32:39 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2009/06/04 11:32:39 | 00,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2009/06/04 11:32:39 | 00,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2009/06/04 11:32:36 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2009/06/04 11:32:36 | 01,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2009/06/04 11:32:36 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2009/06/04 11:32:36 | 00,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2009/06/04 11:32:28 | 00,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2009/06/04 11:32:28 | 00,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2009/06/04 11:32:28 | 00,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2009/06/04 11:32:28 | 00,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2009/06/04 11:32:28 | 00,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2009/06/04 11:32:28 | 00,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2009/06/04 11:32:28 | 00,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2009/06/04 11:32:28 | 00,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2009/06/04 11:32:28 | 00,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2009/06/04 11:32:27 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/06/04 11:32:27 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\c_10002.nls
[2009/06/04 11:32:27 | 00,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2009/06/04 11:32:27 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/06/04 11:32:27 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.nls
[2009/06/04 11:32:27 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/06/04 11:32:27 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\big5.nls
[2009/06/04 11:32:27 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2009/06/04 11:32:27 | 00,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2009/06/04 11:32:27 | 00,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2009/06/04 11:32:27 | 00,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2009/06/04 11:32:27 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2009/06/04 11:32:21 | 01,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2009/06/04 11:32:21 | 01,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2009/06/04 11:32:21 | 01,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2009/06/04 11:32:21 | 00,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2009/06/04 11:32:21 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winzm.ime
[2009/06/04 11:32:21 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsp.ime
[2009/06/04 11:32:21 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winpy.ime
[2009/06/04 11:32:21 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2009/06/04 11:32:21 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2009/06/04 11:32:21 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2009/06/04 11:32:21 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wingb.ime
[2009/06/04 11:32:21 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2009/06/04 11:32:20 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/06/04 11:32:20 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_10008.nls
[2009/06/04 11:32:20 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prcp.nls
[2009/06/04 11:32:20 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\prc.nls
[2009/06/04 11:32:20 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/06/04 11:32:20 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/06/04 11:32:20 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2009/06/04 11:32:17 | 10,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2009/06/04 11:32:17 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/06/04 11:32:17 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/06/04 11:32:17 | 00,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2009/06/04 11:32:17 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2009/06/04 11:32:16 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2009/06/04 11:32:16 | 00,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2009/06/04 11:32:11 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/06/04 11:32:11 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\c_1361.nls
[2009/06/04 11:32:11 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/06/04 11:32:11 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_10003.nls
[2009/06/04 11:32:10 | 00,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2009/06/04 11:32:10 | 00,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2009/06/04 11:32:10 | 00,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2009/06/04 11:32:09 | 00,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2009/06/04 11:32:09 | 00,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2009/06/04 11:32:09 | 00,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2009/06/04 11:32:09 | 00,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2009/06/04 11:32:05 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/06/04 11:31:51 | 00,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2009/06/04 11:31:51 | 00,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2009/06/04 11:31:47 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/06/04 11:31:47 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\c_20949.nls
[2009/06/04 11:31:47 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2009/06/04 11:31:47 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2009/06/04 11:31:46 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Thawbrkr.dll
[2009/06/04 11:31:46 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2009/06/04 11:31:46 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/06/04 11:31:46 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\c_20932.nls
[2009/06/04 11:31:46 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/06/04 11:31:46 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\c_20000.nls
[2009/06/04 11:31:46 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/06/04 11:31:46 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\c_20936.nls
[2009/06/04 11:31:46 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/06/04 11:31:46 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_10001.nls
[2009/06/04 11:31:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/06/04 11:31:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/06/04 11:31:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21027.nls
[2009/06/04 11:31:46 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20290.nls
[2009/06/04 11:31:46 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\xjis.nls
[2009/06/04 11:31:46 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/06/04 11:31:45 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2009/06/04 11:31:45 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_iscii.dll
[2009/06/04 11:31:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/06/04 11:31:43 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_864.nls
[2009/06/04 11:31:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/06/04 11:31:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/06/04 11:31:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/06/04 11:31:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_708.nls
[2009/06/04 11:31:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28596.NLS
[2009/06/04 11:31:43 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10004.nls
[2009/06/04 11:31:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdusa.dll
[2009/06/04 11:31:43 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2009/06/04 11:31:40 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/06/04 11:31:40 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_862.nls
[2009/06/04 11:31:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/06/04 11:31:40 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10005.nls
[2009/06/04 11:31:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/06/04 11:31:37 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10021.nls
[2009/06/04 11:31:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftlx041e.dll
[2009/06/04 11:31:37 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2009/06/04 11:27:12 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2009/06/04 11:27:02 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/06/04 11:27:01 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2009/06/04 11:26:52 | 00,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2009/06/04 11:26:12 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/06/04 11:26:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/06/04 11:26:08 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/06/04 11:26:08 | 00,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2009/06/04 11:26:08 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2009/06/04 11:26:08 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/06/04 11:26:07 | 00,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2009/06/04 11:26:07 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/06/04 11:26:07 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/06/04 11:26:07 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2009/06/04 11:26:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/06/04 11:26:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/06/04 11:26:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/06/04 11:26:06 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/06/04 11:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/06/04 11:26:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/06/04 11:26:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/06/04 11:26:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/06/04 11:26:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/06/04 11:26:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/06/04 11:26:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/06/04 11:26:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/06/04 11:25:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/06/04 11:25:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/06/04 11:25:55 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2009/06/04 11:25:55 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2009/06/04 11:25:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/06/04 11:25:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/06/04 11:25:55 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2009/06/04 11:25:54 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2009/06/04 11:25:54 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2009/06/04 11:25:54 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2009/06/04 11:25:54 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2009/06/04 11:25:54 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2009/06/04 11:25:54 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2009/06/04 11:25:54 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2009/06/04 11:25:53 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2009/06/04 11:25:53 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2009/06/04 11:25:53 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2009/06/04 11:25:52 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2009/06/04 11:25:52 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/06/04 11:25:51 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/06/04 11:25:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/06/04 11:25:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/06/04 11:25:32 | 00,168,706 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2009/06/04 11:25:32 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/06/04 11:25:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/06/04 11:25:16 | 00,282,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/04 11:24:33 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2009/06/04 11:24:31 | 00,012,098 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/06/04 11:21:22 | 10,718,49472 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2009/06/04 11:21:22 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/06/04 11:21:22 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/06/04 11:21:22 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/06/04 11:21:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/06/04 11:21:22 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/05/26 17:18:34 | 00,090,112 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/05/26 17:18:34 | 00,057,344 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/05/12 21:56:32 | 00,042,312 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WPSDRVnt.sys
[2009/05/12 21:56:20 | 00,357,704 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\sysfer.dll
[2009/05/12 21:56:20 | 00,107,848 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2009/05/12 21:55:44 | 00,049,480 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2009/05/07 08:32:35 | 00,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/05/01 00:30:52 | 00,053,768 | ---- | C] () -- C:\WINDOWS\System32\default.tvp
[2009/05/01 00:30:52 | 00,033,032 | ---- | C] () -- C:\WINDOWS\System32\finance.tvp
[2009/05/01 00:30:52 | 00,031,186 | ---- | C] () -- C:\WINDOWS\System32\dcc.tvp
[2009/05/01 00:30:52 | 00,029,892 | ---- | C] () -- C:\WINDOWS\System32\cad.tvp
[2009/04/30 22:02:00 | 01,720,320 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2009/04/30 22:02:00 | 01,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/04/30 22:02:00 | 01,310,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2009/04/30 22:02:00 | 00,815,104 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2009/04/30 22:02:00 | 00,671,744 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2009/03/04 13:15:26 | 00,049,697 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/03/04 13:15:24 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/03/04 12:47:28 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2009/03/04 12:46:18 | 00,010,752 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2008/10/28 17:40:48 | 00,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/08/13 20:45:02 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2006/10/02 17:25:18 | 00,000,307 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2002/09/03 13:02:58 | 00,000,487 | ---- | C] () -- C:\WINDOWS\win.ini
[2002/09/03 12:58:24 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 90 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[9 C:\WINDOWS\*.tmp files]
[2009/07/23 00:46:02 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zach\Desktop\OTL.exe
[2009/07/23 00:44:08 | 00,004,598 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/07/23 00:44:03 | 00,013,728 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/22 21:50:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/22 21:50:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/22 21:48:41 | 00,002,585 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\Dell Driver Download Manager.lnk
[2009/07/22 21:47:09 | 00,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2009/07/22 21:47:09 | 00,030,912 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2009/07/22 21:47:09 | 00,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2009/07/22 21:47:09 | 00,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2009/07/22 21:47:09 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.rfx
[2009/07/22 21:46:30 | 03,192,144 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Zach\My Documents\R91894.EXE
[2009/07/22 21:45:26 | 00,257,936 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Zach\My Documents\R90425.EXE
[2009/07/22 21:44:51 | 00,543,649 | ---- | M] () -- C:\Documents and Settings\Zach\My Documents\DXPS3A07.EXE
[2009/07/22 20:33:07 | 05,190,926 | ---- | M] (Black Isle ) -- C:\Documents and Settings\Zach\Desktop\IWD2Patch201.exe
[2009/07/22 20:23:01 | 00,000,849 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Icewind Dale II.lnk
[2009/07/22 15:08:30 | 00,065,536 | ---- | M] () -- C:\Documents and Settings\Zach\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/22 00:12:21 | 00,003,291 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\kspersky.html
[2009/07/21 18:05:13 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/21 18:05:13 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/21 18:05:13 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/21 18:05:13 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/21 18:05:12 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/21 18:00:56 | 16,254,360 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Zach\Desktop\jre-6u14-windows-i586.exe
[2009/07/21 10:38:43 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\5idkeon4.exe
[2009/07/20 23:09:16 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/20 15:27:42 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\RSIT.exe
[2009/07/20 13:57:52 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/20 13:57:17 | 03,775,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Zach\Desktop\mbam-setup.exe
[2009/07/19 12:00:14 | 54,607,328 | ---- | M] (Monolith Productions ) -- C:\Documents and Settings\Zach\Desktop\tron-update_v1x042cxp(2).exe
[2009/07/19 11:52:31 | 00,000,227 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\tron-update_v1x042cxp.exe
[2009/07/18 12:37:27 | 00,001,618 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\X-COM UFO Defense.lnk
[2009/07/18 00:04:08 | 01,580,226 | -H-- | M] () -- C:\Documents and Settings\Zach\Local Settings\Application Data\IconCache.db
[2009/07/17 12:00:09 | 00,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2009/07/17 11:56:37 | 07,658,952 | ---- | M] (DT Soft Ltd.) -- C:\Documents and Settings\Zach\Desktop\daemon4304-lite.exe
[2009/07/16 22:32:04 | 15,705,5254 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\ShadowlordsDreamcatcherDemon.exe
[2009/07/16 13:47:27 | 00,001,457 | ---- | M] () -- C:\CDmage.ini
[2009/07/16 13:27:18 | 00,571,392 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\CDmage1-01-5.exe
[2009/07/16 12:17:38 | 00,051,573 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\dimension_E310_system_xp.zip
[2009/07/16 12:17:07 | 84,458,632 | ---- | M] (NVIDIA Corporation ) -- C:\Documents and Settings\Zach\Desktop\186.18_desktop_winxp_32bit_english_whql.exe
[2009/07/16 12:04:36 | 00,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll
[2009/07/16 11:08:50 | 12,822,831 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\sw_pc_english_from200424_to210427.exe
[2009/07/16 11:05:21 | 00,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Star Wars Knights of the Old Republic II - The Sith Lords.lnk
[2009/07/16 10:20:26 | 00,000,891 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Tron 2.0.lnk
[2009/07/15 16:58:29 | 00,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/07/15 01:42:15 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/14 12:11:19 | 32,490,2344 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\NWNEnglish1.69HotUUpdate.exe
[2009/07/14 11:49:52 | 00,000,659 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\Neverwinter Nights.lnk
[2009/07/14 11:49:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/11 23:00:50 | 00,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini
[2009/07/11 16:30:41 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\dds.scr
[2009/07/11 13:55:04 | 04,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-10031102}.CDF
[2009/07/11 13:55:04 | 04,931,577 | ---- | M] () -- C:\WINDOWS\{00000004-00000000-00000001-00001102-00000004-10031102}.BAK
[2009/07/11 13:40:51 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Zach\Desktop\spybotsd162.exe
[2009/07/11 11:50:35 | 02,359,296 | ---- | M] () -- C:\Documents and Settings\Zach\My Documents\My Money.mny
[2009/07/11 09:31:08 | 04,112,384 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Friends.mny
[2009/07/11 09:18:02 | 00,000,199 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Money.url
[2009/07/11 09:17:58 | 00,000,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Money 2004.lnk
[2009/07/10 23:07:43 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/07/10 23:06:30 | 60,857,536 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\Zach\Desktop\Ad-AwareAE.exe
[2009/07/10 23:06:06 | 00,000,815 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\HijackThis.lnk
[2009/07/10 23:05:52 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Zach\Desktop\HJTInstall.exe
[2009/07/10 22:34:12 | 00,282,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/07 18:29:24 | 00,000,487 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/07 18:29:24 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/07 08:10:56 | 24,539,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/07/03 18:38:21 | 04,112,384 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Friends0.mbf
[2009/07/03 18:38:18 | 00,668,766 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\Friends.mbf
[2009/07/03 07:49:08 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/07/03 07:49:07 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/07/01 20:11:58 | 10,718,49472 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2009/06/22 01:43:03 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/06/22 01:43:03 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/06/21 08:46:58 | 00,485,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2009/06/20 14:42:26 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/06/20 11:36:58 | 02,065,269 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\My Money Backup 0.mbf
[2009/06/20 11:17:33 | 00,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/06/20 11:17:33 | 00,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/06/20 11:17:33 | 00,010,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/06/20 11:17:33 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/06/17 23:28:14 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
[2009/06/17 23:28:14 | 00,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000001-00001102-00000004-10031102}.dat
[2009/06/17 23:28:10 | 00,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/06/17 23:28:10 | 00,109,080 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/06/17 23:27:04 | 39,752,136 | ---- | M] (Creative Technology Ltd) -- C:\Documents and Settings\Zach\Desktop\SBAX_PCDRV_LB_2_18_0010.exe
[2009/06/17 23:20:00 | 00,002,198 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2009/06/17 23:18:33 | 01,045,536 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Zach\Desktop\DriverDetective.exe
[2009/06/16 16:23:05 | 00,000,647 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\JadeEmpire.lnk
[2009/06/16 07:36:30 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\t2embed.dll
[2009/06/16 07:36:30 | 00,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2009/06/16 07:36:30 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\fontsub.dll
[2009/06/16 07:36:30 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2009/06/15 20:15:59 | 00,082,774 | ---- | M] (BioWare Corp.) -- C:\WINDOWS\Uninstall Jade Empire.exe
[2009/06/14 17:08:40 | 00,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2009/06/13 15:56:46 | 00,078,488 | ---- | M] () -- C:\Documents and Settings\Zach\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/12 22:06:23 | 00,000,994 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\JEOPARDY!.lnk
[2009/06/12 22:06:03 | 06,967,543 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\JEOPARDY!_Setup_s.exe
[2009/06/10 10:00:35 | 00,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009/06/10 08:29:34 | 01,724,416 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 08:29:34 | 01,657,376 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/10 08:29:34 | 01,101,824 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 08:29:34 | 00,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 08:29:34 | 00,449,056 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/10 08:29:34 | 00,436,768 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/10 08:29:32 | 01,507,328 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2009/06/10 08:29:32 | 00,073,728 | ---- | M] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2009/06/10 08:29:30 | 01,194,528 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcplui.exe
[2009/06/10 08:29:30 | 00,420,384 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.cpl
[2009/06/10 08:29:20 | 00,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2009/06/10 08:29:12 | 03,117,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwss.dll
[2009/06/10 08:29:06 | 04,038,656 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvvitvs.dll
[2009/06/10 08:29:02 | 01,282,048 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmobls.dll
[2009/06/10 08:29:00 | 00,188,416 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccss.dll
[2009/06/10 08:28:58 | 03,510,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgames.dll
[2009/06/10 08:28:52 | 04,022,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdisps.dll
[2009/06/10 08:28:50 | 13,758,464 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2009/06/10 08:28:50 | 00,168,004 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
[2009/06/10 08:28:50 | 00,143,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2009/06/10 08:28:50 | 00,086,016 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2009/06/10 08:28:50 | 00,064,777 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/06/10 08:28:48 | 00,229,376 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2009/06/10 06:03:00 | 09,998,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2009/06/10 06:03:00 | 08,087,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/06/10 06:03:00 | 08,087,712 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2009/06/10 06:03:00 | 05,908,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2009/06/10 06:03:00 | 01,720,320 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2009/06/10 06:03:00 | 01,580,550 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2009/06/10 06:03:00 | 01,310,720 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2009/06/10 06:03:00 | 00,815,104 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2009/06/10 06:03:00 | 00,671,744 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2009/06/10 06:03:00 | 00,457,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2009/06/10 06:03:00 | 00,151,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2009/06/10 06:03:00 | 00,151,552 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2009/06/10 06:03:00 | 00,019,495 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/06/09 21:53:48 | 00,001,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Oblivion.lnk
[2009/06/08 11:11:10 | 00,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/06/08 11:11:10 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/06/08 11:11:10 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/06/08 10:46:06 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/07 01:32:30 | 01,700,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/06/07 01:18:49 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\umdf\MsftWdf_user_01_00_00.Wdf
[2009/06/06 12:08:16 | 00,001,751 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\Play Star Wars Jedi Knight Jedi Academy.lnk
[2009/06/05 17:28:26 | 00,000,738 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\Shortcut to MassEffect.lnk
[2009/06/05 17:10:17 | 14,160,286 | ---- | M] ( ) -- C:\Documents and Settings\Zach\Desktop\klcodec416f.exe
[2009/06/05 17:10:15 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/06/05 16:48:03 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\µTorrent.lnk
[2009/06/05 01:22:16 | 00,001,582 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\Half-Life 2 Episode Two.lnk
[2009/06/05 01:19:42 | 00,001,582 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\Half-Life 2 Episode One.lnk
[2009/06/05 00:37:04 | 00,001,548 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\Portal.lnk
[2009/06/05 00:36:17 | 00,001,558 | ---- | M] () -- C:\Documents and Settings\Zach\Desktop\Half-Life 2.lnk
[2009/06/05 00:20:35 | 00,000,136 | ---- | M] () -- C:\WINDOWS\SBWIN.INI
[2009/06/05 00:19:41 | 00,000,184 | ---- | M] () -- C:\WINDOWS\System32\e000001.dat
[2009/06/05 00:18:35 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/06/04 23:46:30 | 00,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/06/04 21:50:13 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/06/04 21:50:04 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/06/04 21:46:02 | 00,013,728 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/06/04 19:07:51 | 00,012,098 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/06/04 19:05:32 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/06/04 19:05:32 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/06/04 19:05:23 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/04 19:04:51 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/06/04 19:04:51 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/06/04 19:04:46 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/06/04 19:03:35 | 00,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/04 19:02:35 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/06/04 18:45:55 | 00,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2009/06/04 18:41:46 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/06/04 18:39:45 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/06/04 18:39:45 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/06/04 18:39:45 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/04 18:39:45 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/06/04 18:39:45 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/04 18:39:45 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/06/04 18:39:42 | 00,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2009/06/04 18:39:31 | 00,168,706 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2009/06/04 18:37:28 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/06/04 18:37:28 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/06/03 12:09:37 | 01,291,264 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2009/06/03 12:09:37 | 01,291,264 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/05/29 13:36:16 | 02,060,288 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/05/29 13:36:16 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/05/26 17:18:34 | 00,090,112 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/05/26 17:18:34 | 00,057,344 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/05/21 20:18:45 | 04,112,384 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Friends3.M10
[2009/05/21 20:18:45 | 04,112,384 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Friends2.M10
[2009/05/21 20:18:45 | 04,112,384 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Friends1.M10
[2009/05/21 20:18:45 | 04,112,384 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Friends.M10
[2009/05/12 21:58:06 | 00,091,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SysPlant.sys
[2009/05/12 21:56:32 | 00,042,312 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\WPSDRVnt.sys
[2009/05/12 21:56:20 | 00,357,704 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\sysfer.dll
[2009/05/12 21:56:20 | 00,107,848 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\SymVPN.dll
[2009/05/12 21:55:44 | 00,049,480 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\FwsVpn.dll
[2009/05/07 08:32:35 | 00,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\localspl.dll
[2009/05/07 08:32:35 | 00,345,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/05/01 00:30:52 | 00,053,768 | ---- | M] () -- C:\WINDOWS\System32\default.tvp
[2009/05/01 00:30:52 | 00,033,032 | ---- | M] () -- C:\WINDOWS\System32\finance.tvp
[2009/05/01 00:30:52 | 00,031,186 | ---- | M] () -- C:\WINDOWS\System32\dcc.tvp
[2009/05/01 00:30:52 | 00,029,892 | ---- | M] () -- C:\WINDOWS\System32\cad.tvp
[2009/04/28 21:46:56 | 03,068,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/04/28 21:46:56 | 03,068,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2009/04/28 21:46:53 | 00,666,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2009/04/28 21:46:53 | 00,666,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2009/04/28 21:46:53 | 00,620,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2009/04/28 21:46:53 | 00,620,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2009/04/28 21:46:52 | 01,499,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll
[2009/04/28 21:46:52 | 01,499,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shdocvw.dll
[2009/04/28 21:46:51 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/04/28 21:46:51 | 00,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/04/28 04:59:27 | 00,369,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
< End of report >


EXTRAS.TXT:

OTL Extras logfile created on: 7/23/2009 12:46:46 AM - Run 1
OTL by OldTimer - Version 3.0.10.0 Folder = C:\Documents and Settings\Zach\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 465.37 Mb Available Physical Memory | 45.53% Memory free
2.41 Gb Paging File | 1.96 Gb Available in Paging File | 81.37% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 62.07 Gb Free Space | 41.66% Space Free | Partition Type: NTFS
Drive D: | 677.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 650.74 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 279.46 Gb Total Space | 265.93 Gb Free Space | 95.16% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 465.76 Gb Total Space | 15.54 Gb Free Space | 3.34% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: JOHN-M6PNT5VJS2
Current User Name: Zach
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1085031214-362288127-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1085031214-362288127-682003330-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Iomega\Discovery Tool Pro\Iomega NAS Discovery.exe" = C:\Program Files\Iomega\Discovery Tool Pro\Iomega NAS Discovery.exe:*:Enabled:Iomega NAS Discovery Tool -- (Iomega Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe" = C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe" = C:\Program Files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe" = C:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense -- (DOSBox Team)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = Samsung ML-1710 Series
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{389D45C9-AA08-4034-A256-2A38C311999D}" = Iomega Discovery Tool Pro
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{588C135F-0B15-4A02-8F2D-04697BE2904E}" = Icewind Dale II
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC272B66-8372-49EF-A642-28CAD2B9EAC9}" = Tron 2.0
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"Across Lite 2.0" = Across Lite 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio Console
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"JEOPARDY!" = JEOPARDY! (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Full)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"NVIDIA Drivers" = NVIDIA Drivers
"Shockwave" = Shockwave
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 7760" = X-COM: UFO Defense
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-362288127-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2009 2:52:38 AM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iwd2.exe, version 2.0.0.0, faulting module iwd2.exe,
version 2.0.0.0, fault address 0x003afc26.

Error - 7/18/2009 12:42:31 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01b41d86.

Error - 7/19/2009 2:22:11 AM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01ab1d86.

Error - 7/19/2009 1:18:27 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x015b1d86.

Error - 7/19/2009 1:55:12 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02241d86.

Error - 7/19/2009 3:11:52 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application lithtech.exe, version 1.0.0.1, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000501cc.

Error - 7/20/2009 12:00:34 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 7/20/2009 5:06:52 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Mebroot in File: C:\Documents and Settings\Zach\Local
Settings\Temporary Internet Files\Content.IE5\OF6F4JSR\mm[1] by: Auto-Protect scan.
Action: Cleaned by Deletion. Action Description: The file was deleted successfully.



Error - 7/20/2009 9:32:57 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iwd2.exe, version 2.0.0.0, faulting module iwd2.exe,
version 2.0.0.0, fault address 0x003afc26.

Error - 7/22/2009 12:24:21 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01be1d86.

[ System Events ]
Error - 7/21/2009 12:03:43 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Samsung ML-1710 Series share
name ML-1710.


< End of report >


Thank you for the continued help.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Iomega\Discovery Tool Pro\Iomega NAS Discovery.exe" = C:\Program Files\Iomega\Discovery Tool Pro\Iomega NAS Discovery.exe:*:Enabled:Iomega NAS Discovery Tool -- (Iomega Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe" = C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe" = C:\Program Files\Steam\steamapps\common\grand theft auto iv\GTAIV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe" = C:\Program Files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe" = C:\Program Files\Steam\steamapps\common\xcom ufo defense\dosbox.exe:*:Enabled:X-COM: UFO Defense -- (DOSBox Team)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D994CC5-819F-4657-84DD-397B8FE1EA80}" = Star Wars Jedi Knight Jedi Academy
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{18499419-2B80-4C3F-86D3-C6C45CD2062E}" = Samsung ML-1710 Series
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{389D45C9-AA08-4034-A256-2A38C311999D}" = Iomega Discovery Tool Pro
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{588C135F-0B15-4A02-8F2D-04697BE2904E}" = Icewind Dale II
"{629F65FB-7F3C-4D66-A1C0-20722744B7B6}" = Star Wars® Knights of the Old Republic® II: The Sith Lords™
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7C503E58-B2BC-11D5-978A-0050BA84F5F7}" = Neverwinter Nights
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E82BF103-904F-49C0-B77F-6EC110B71E87}" = Sound Blaster Audigy 2
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC272B66-8372-49EF-A642-28CAD2B9EAC9}" = Tron 2.0
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"Across Lite 2.0" = Across Lite 2.0
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio Console
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"JEOPARDY!" = JEOPARDY! (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.6 (Full)
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.12)" = Mozilla Firefox (3.0.12)
"NVIDIA Drivers" = NVIDIA Drivers
"Shockwave" = Shockwave
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 7760" = X-COM: UFO Defense
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-362288127-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/18/2009 2:52:38 AM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iwd2.exe, version 2.0.0.0, faulting module iwd2.exe,
version 2.0.0.0, fault address 0x003afc26.

Error - 7/18/2009 12:42:31 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01b41d86.

Error - 7/19/2009 2:22:11 AM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01ab1d86.

Error - 7/19/2009 1:18:27 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x015b1d86.

Error - 7/19/2009 1:55:12 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x02241d86.

Error - 7/19/2009 3:11:52 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application lithtech.exe, version 1.0.0.1, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x000501cc.

Error - 7/20/2009 12:00:34 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x000101b3.

Error - 7/20/2009 5:06:52 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Symantec AntiVirus | ID = 16711731
Description = Security Risk Found!Trojan.Mebroot in File: C:\Documents and Settings\Zach\Local
Settings\Temporary Internet Files\Content.IE5\OF6F4JSR\mm[1] by: Auto-Protect scan.
Action: Cleaned by Deletion. Action Description: The file was deleted successfully.



Error - 7/20/2009 9:32:57 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iwd2.exe, version 2.0.0.0, faulting module iwd2.exe,
version 2.0.0.0, fault address 0x003afc26.

Error - 7/22/2009 12:24:21 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x01be1d86.

[ System Events ]
Error - 7/21/2009 12:03:43 PM | Computer Name = JOHN-M6PNT5VJS2 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Samsung ML-1710 Series share
name ML-1710.


< End of report >

Thanks again for the continued help.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 AM

Posted 23 July 2009 - 09:55 AM

Hi, still nothing in those logs so it look like your clean.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Congratulations! You now appear clean! :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Cleaning and creating restore points
  • Click Start, right click My Computer and select properties.
  • Select the System Restore tab then check the box "Turn off System Restore".
  • Click Apply then Ok, then restart your computer
  • Now follow these steps again, but instead of checking "Turn off System Restore" Uncheck it.
Now that you have cleaned out you restore points you need to set a new restore point
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Select "Create a restore point" then click Next.
  • Type a name under Restore point description then click Create.
Additional instructions can be found here if needed.

Note: This does not need to be done on a regular basis.

Keeping Windows updated
It is extremley important to keep windows upto date with the latest service pack and patches. This will prevent you
from getting the malware which uses vulnerabilities found in windows to exploit your computer. The easiest way to
do this this is by making sure that Automatic Updates is always enabled.

To do this Click on Start >> Control Panel >> Automatic updates and click Automatic (recommended) then Apply and Ok

Update your AntiVirus Software
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not
update your antivirus software then it will not be able to catch any of the new variants that may come out. If you
use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your
subscription runs out, you may not be able to update the programs virus definitions.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly
patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install an AntiSpyware Program
A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.
Other recommended, and free, AntiSpyware programs are Spybot - Search and Destroy and Ad-Aware Personal.
Installing these programs will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.
Tutorials on using these programs can be found below:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you
from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Use MVPS hosts file
Using a custom host file like the MVPS HOSTS file can help to block ads, banners, 3rd party Cookies,
3rd party page counters, web bugs, and even most hijackers. It doesn't use up any extra system resources
and may even speed up the loading of web pages. You can download and find instructions below.

http://www.mvps.org/winhelp2002/hosts.htm

Update all these programs regularly
Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Happy surfing :)
Syler

Edited by syler, 23 July 2009 - 09:57 AM.

unite.jpg


#11 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:05:27 AM

Posted 25 July 2009 - 11:54 AM

Since this issue appears resolved ... this Topic is closed. Glad we could help. :thumbup2:

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users