Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HTML/Framer AVG


  • This topic is locked This topic is locked
15 replies to this topic

#1 Fatmatt

Fatmatt

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 24 July 2009 - 05:29 PM

My AVG keeps warning me about an HTML/Framer nasty in the cache of my Firefox profile (FF3.5)
History:
A couple of WP sites get iframes inserted in them which triggers Google warnings and warnings from host. iframes completely cleared out, and system checked with AVG, Superantispyware, and Malwarebytes. This didn't work so clean install of XP Pro, (do it every 8-9 months anyway), new FF profile, ssweep as above with AVG etc.
WP sites ok, and cleared with various WP hardening plugins, but still getting these AVG alerts.

Log run below (as per instructions here).


DDS (Ver_09-06-26.01) - NTFSx86
Run by Huge Dawg at 22:56:07.79 on 24/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2247 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\PROGRA~1\Allume\StuffIt\mxtask.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Agnitum\Spam Terrier\asp_srv.exe
C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Google\Picasa3\PicasaUpdater.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Huge Dawg\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Multiplicity] c:\progra~1\stardock\thinkd~1\multip~1\multipl.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [igfxtray.exe] c:\program files\adobe\adobe photoshop cs4\Patch.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\hugeda~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\hugeda~1\startm~1\programs\startup\projec~1.lnk - c:\program files\domain tools\projectwhois\ProjectWhois.exe
StartupFolder: c:\docume~1\hugeda~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 8\SnagIt32.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.30.0\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247590914421
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: Multi - c:\program files\stardock\thinkdesk\multiplicity\MultiWin32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hugeda~1\applic~1\mozilla\firefox\profiles\fuypgvgc.default\
FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\huge dawg\application

data\mozilla\firefox\profiles\fuypgvgc.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\huge dawg\application data\mozilla\firefox\profiles\fuypgvgc.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\huge dawg\application data\mozilla\firefox\profiles\fuypgvgc.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-7-12 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-7-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-7-12 108552]

============== File Associations ===============

txtfile="c:\program files\jgsoft\editpadpro6\EditPadPro.exe" "%1"

=============== Created Last 30 ================

2009-07-24 09:59 5,632 a------- c:\windows\system32\ptpusb.dll
2009-07-24 09:59 159,232 a------- c:\windows\system32\ptpusd.dll
2009-07-23 12:20 <DIR> --d----- c:\program files\common files\Adobe Systems Shared
2009-07-23 12:19 16,384 a------- c:\windows\system32\FileOps.exe
2009-07-23 12:19 <DIR> --d----- c:\windows\system32\Adobe
2009-07-22 12:27 <DIR> --d----- c:\program files\Yahoo!
2009-07-22 10:54 <DIR> --dsh--- c:\documents and settings\huge dawg\IECompatCache
2009-07-21 17:23 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\Artisteer
2009-07-21 17:20 <DIR> --d----- c:\program files\Artisteer 2
2009-07-21 10:10 <DIR> --d----- c:\program files\VS Revo Group
2009-07-21 08:02 84,212 a---h--- c:\windows\system32\mlfcache.dat
2009-07-20 16:19 <DIR> --d----- c:\program files\Domain Tools
2009-07-19 23:48 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\Launchy
2009-07-19 23:47 <DIR> --d----- c:\program files\Launchy
2009-07-19 23:47 <DIR> --d----- c:\program files\InfraRecorder
2009-07-19 23:43 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-07-19 11:50 54,156 a---h--- c:\windows\QTFont.qfn
2009-07-19 11:50 1,409 a------- c:\windows\QTFont.for
2009-07-18 10:58 116 a------- c:\windows\NeroDigital.ini
2009-07-18 10:55 <DIR> --d----- c:\windows\system32\IOSUBSYS
2009-07-18 03:00 <DIR> --d----- c:\windows\ie8updates
2009-07-17 16:12 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\ArcticLine
2009-07-17 16:12 <DIR> --d----- c:\program files\Folder Marker
2009-07-17 15:58 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\Anthropics
2009-07-17 15:58 <DIR> --d----- c:\program files\Portrait Professional Max 6
2009-07-17 10:35 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-17 10:35 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-17 10:35 1,985,024 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-07-17 10:35 11,064,832 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-07-16 19:34 <DIR> --dsh--- c:\documents and settings\huge dawg\PrivacIE
2009-07-16 19:20 <DIR> --dsh--- c:\documents and settings\huge dawg\IETldCache
2009-07-16 19:10 <DIR> -cd-h--- c:\windows\ie8
2009-07-16 03:20 221,184 a------- c:\windows\system32\wmpns.dll
2009-07-16 03:02 <DIR> --d----- c:\program files\MSXML 4.0
2009-07-15 19:34 2,560 -------- c:\windows\system32\drivers\cdralw2k.sys
2009-07-15 19:34 2,432 -------- c:\windows\system32\drivers\cdr4_xp.sys
2009-07-15 19:32 <DIR> --d----- c:\windows\RegisteredPackages
2009-07-15 18:48 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-07-15 18:48 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-07-15 18:48 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2009-07-15 18:48 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-07-15 18:46 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-07-15 18:46 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-07-15 18:46 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2009-07-15 18:46 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-07-15 18:46 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-07-15 18:46 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-07-14 23:46 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\FM Settings
2009-07-14 19:50 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-14 19:50 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-14 19:49 <DIR> --d----- c:\program files\Real Alternative
2009-07-14 19:48 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-07-14 19:48 57,344 a------- c:\windows\system32\QuickTime.qts
2009-07-14 19:48 <DIR> --d----- c:\program files\QuickTime Alternative
2009-07-14 19:03 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-14 19:03 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-14 18:54 <DIR> --d----- c:\windows\system32\scripting
2009-07-14 18:54 <DIR> --d----- c:\windows\l2schemas
2009-07-14 18:54 <DIR> --d----- c:\windows\system32\en
2009-07-14 18:54 <DIR> --d----- c:\windows\system32\bits
2009-07-14 18:50 <DIR> --d----- c:\windows\ServicePackFiles
2009-07-14 18:48 <DIR> --d----- c:\windows\network diagnostic
2009-07-14 18:34 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-07-14 18:10 <DIR> --d----- c:\windows\system32\PreInstall
2009-07-14 18:01 <DIR> --ds---- c:\documents and settings\huge dawg\UserData
2009-07-14 12:33 <DIR> --d----- c:\documents and settings\all users\Application DataTechSmith
2009-07-14 11:16 125,184 -------- c:\windows\system32\drivers\imagesrv.sys
2009-07-14 11:16 5,504 -------- c:\windows\system32\drivers\imagedrv.sys
2009-07-14 11:16 106,496 a------- c:\windows\system32\TwnLib20.dll
2009-07-14 11:16 155,648 a------- c:\windows\system32\NeroCheck.exe
2009-07-14 11:16 1,568,768 -------- c:\windows\system32\ImagX7.dll
2009-07-14 11:16 476,320 -------- c:\windows\system32\ImagXpr7.dll
2009-07-14 11:16 471,040 -------- c:\windows\system32\ImagXRA7.dll
2009-07-14 11:16 262,144 -------- c:\windows\system32\ImagXR7.dll
2009-07-13 22:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-07-13 22:28 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-13 22:28 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\SUPERAntiSpyware.com
2009-07-13 22:28 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-12 12:06 <DIR> --d----- c:\program files\FolderSize
2009-07-12 11:07 <DIR> --d----- c:\program files\InfoTag Magic 1.0
2009-07-12 09:01 <DIR> --d----- c:\windows\system32\appmgmt
2009-07-12 08:38 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-07-12 08:38 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-07-12 08:37 335,752 a------- c:\windows\system32\drivers\avgldx86.sys
2009-07-12 08:37 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-07-12 08:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-07-12 08:37 <DIR> --d----- c:\program files\AVG
2009-07-12 08:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-07-10 23:37 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\Axaware
2009-07-10 23:37 44,544 a------- c:\windows\system32\msxml4a.dll
2009-07-10 23:37 402 a------- c:\windows\system32\msxml4.inf
2009-07-10 23:37 <DIR> --d----- c:\program files\SBOutlook
2009-07-10 17:01 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-07-10 16:53 144 a------- c:\windows\MXDebug2.ini
2009-07-10 16:53 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\Allume Systems
2009-07-10 16:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Allume Systems
2009-07-10 16:53 <DIR> --d----- c:\program files\Allume
2009-07-10 16:03 <DIR> --d----- c:\program files\Agnitum
2009-07-10 16:03 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\Agnitum
2009-07-10 15:15 <DIR> --d----- c:\program files\Bonjour
2009-07-10 15:08 <DIR> --d----- c:\program files\common files\Macrovision Shared
2009-07-10 13:09 <DIR> --d----- c:\program files\ABBYY FineReader 6.0 Sprint
2009-07-10 13:06 67,072 a------- c:\windows\system32\escwiad.dll
2009-07-10 13:06 25 a------- c:\windows\CDE DX8400DEFGIPS.ini
2009-07-10 13:05 76,800 a------- c:\windows\system32\E_FLBCEE.DLL
2009-07-10 13:05 62,976 a------- c:\windows\system32\E_FD4BCEE.DLL
2009-07-10 12:57 <DIR> --d----- c:\docume~1\alluse~1\applic~1\UDL
2009-07-10 12:54 <DIR> --d----- c:\program files\EPSON Print CD
2009-07-10 12:50 41 a------- c:\windows\CDER285DEFGIPS.ini
2009-07-10 12:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EPSON
2009-07-10 12:50 76,800 a------- c:\windows\system32\E_FLBCKE.DLL
2009-07-10 12:50 62,976 a------- c:\windows\system32\E_FD4BCKE.DLL
2009-07-10 12:44 500 a------- c:\docume~1\hugeda~1\applic~1\wklnhst.dat
2009-07-10 12:32 25 a------- c:\windows\CDE D78DEFGIPS.ini
2009-07-10 12:32 <DIR> --d----- c:\program files\EPSON
2009-07-10 12:32 49,152 a------- c:\windows\system32\E_DCINST.DLL
2009-07-10 12:32 73,216 a------- c:\windows\system32\E_FLBBGE.DLL
2009-07-10 12:32 62,976 a------- c:\windows\system32\E_FD4BBGE.DLL
2009-07-10 11:43 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\Windows Search
2009-07-10 10:15 <DIR> --d----- c:\windows\SxsCaPendDel
2009-07-10 09:51 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\JGsoft
2009-07-10 09:51 67,208 a------- c:\windows\UnDeploy.exe
2009-07-10 09:51 <DIR> --d----- c:\program files\JGsoft
2009-07-09 23:45 <DIR> --d----- c:\program files\Amic Tools
2009-07-09 23:42 <DIR> --d----- c:\program files\Windows Desktop Search
2009-07-09 23:42 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-07-09 23:41 <DIR> --d-h--- c:\windows\$hf_mig$
2009-07-09 23:39 3,248 a------- c:\windows\system32\wbem\Outlook_01ca00e623a8b9fe.mof
2009-07-09 23:37 32,592 a------- c:\windows\system32\msonpmon.dll
2009-07-09 23:33 <DIR> --d----- c:\windows\SHELLNEW
2009-07-09 23:31 1,847,168 -c------ c:\windows\system32\dllcache\win32k.sys
2009-07-09 23:31 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-07-09 23:27 1,482,112 a------- c:\windows\system32\legitcheckcontrol.dll.bak
2009-07-09 23:27 934,792 a------- c:\windows\system32\wgatray.exe.bak
2009-07-09 23:27 239,496 a------- c:\windows\system32\wgalogon.dll.bak
2009-07-09 23:02 <DIR> --d----- c:\program files\Stardock
2009-07-09 22:57 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-09 22:55 959 a------- C:\rollback.ini
2009-07-09 22:49 <DIR> --d----- c:\docume~1\hugeda~1\applic~1\MailFrontier
2009-07-09 22:43 4,212 ----h--- c:\windows\system32\zllictbl.dat
2009-07-09 22:43 11,264 a------- c:\windows\system32\SpOrder.dll
2009-07-09 22:43 <DIR> --d----- c:\program files\Zone Labs
2009-07-09 22:42 <DIR> --d----- c:\windows\Internet Logs
2009-07-09 22:39 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-07-09 22:38 21,504 a------- c:\windows\system32\hidserv.dll
2009-07-09 22:37 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-07-09 22:37 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-07-09 22:36 74,240 a------- c:\windows\system32\usbui.dll
2009-07-09 22:35 <DIR> --d----- c:\program files\common files\ODBC
2009-07-09 22:35 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-07-09 22:34 66,594 ac------ c:\windows\system32\dllcache\c_857.nls
2009-07-09 22:34 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-07-09 22:32 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-07-09 22:31 553 -----r-- c:\windows\USetup.iss
2009-07-09 22:30 261 a------- c:\windows\system32\$winnt$.inf
2009-07-09 22:29 299,008 -----r-- c:\windows\system32\ALSndMgr.cpl
2009-07-09 22:29 <DIR> --d----- c:\program files\Realtek
2009-07-09 22:29 315,392 a------- c:\windows\HideWin.exe
2009-07-09 22:29 520,192 -----r-- c:\windows\RtlExUpd.dll
2009-07-09 22:28 172,032 a----r-- c:\windows\system32\igfxres.dll
2009-07-09 22:26 <DIR> --d----- c:\windows\system32\Lang
2009-07-09 22:26 319,456 a----r-- c:\windows\system32\difxapi.dll
2009-07-09 22:26 920,088 a----r-- c:\windows\system32\igxpun.exe
2009-07-09 22:25 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-07-09 22:14 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-07-09 22:14 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-07-09 22:13 <DIR> --d----- c:\program files\common files\MSSoap
2009-07-09 22:12 <DIR> --d----- c:\program files\Online Services
2009-07-09 22:12 <DIR> --d----- c:\program files\Messenger
2009-07-09 22:12 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-07-09 22:11 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-07-14 19:01 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-07-09 22:12 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-03 20:09 1,291,264 a------- c:\windows\system32\quartz.dll
2009-05-13 06:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 16:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 19:30 3,366,912 a------- c:\windows\system32\GPhotos.scr

============= FINISH: 22:56:56.89 ===============

Any advice gladly received. If I am foolish please let me know..

BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:59 AM

Posted 03 August 2009 - 11:21 AM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 Fatmatt

Fatmatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 03 August 2009 - 04:28 PM

Syler, tahnks very much for your help; as per your instructions,
MBAM:

Malwarebytes' Anti-Malware 1.39
Database version: 2550
Windows 5.1.2600 Service Pack 3

03/08/2009 21:59:31
mbam-log-2009-08-03 (21-59-31).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 685870
Time elapsed: 4 hour(s), 3 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\{fc0ef073-edb5-4cbe-b92d-5ce9a223f37b}\OFFLINE\mfilebagide.dll\bag\SSD.exe (Adware.DoubleD) -> Quarantined and deleted successfully.


Info.txt:

info.txt logfile of random's system information tool 1.06 2009-08-03 22:09:19

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
ABBYY FineReader 6.0 Sprint-->MsiExec.exe /I{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\5ac697db6c6103f6f8b5198d25f73f7\Setup.exe
Adobe After Effects CS3 Presets-->MsiExec.exe /I{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Anchor Service CS4-->MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge CS4-->MsiExec.exe /I{83877DB1-8B77-45BC-AB43-2BAC22E093E0}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps CS4-->MsiExec.exe /I{94D398EB-D2FD-4FD1-B8C4-592635E8A191}
Adobe Color - Photoshop Specific CS4-->MsiExec.exe /I{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}
Adobe Color EU Recommended Settings CS4-->MsiExec.exe /I{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}
Adobe Color JA Extra Settings CS4-->MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
Adobe Color NA Extra Settings CS4-->MsiExec.exe /I{098A2A49-7CF3-4F08-A38D-FB879117152A}
Adobe Color Video Profiles CS CS4-->MsiExec.exe /I{63C24A08-70F3-4C8E-B9FB-9F21A903801D}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{0CEC06EF-5052-4CE8-8256-74AE363A4238}
Adobe CSI CS4-->MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
Adobe Default Language CS4-->MsiExec.exe /I{C52E3EC1-048C-45E1-8D53-10B0C6509683}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Device Central CS4-->MsiExec.exe /I{67F0E67A-8E93-4C2C-B29D-47C48262738A}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe Drive CS4-->MsiExec.exe /I{16E16F01-2E2D-4248-A42F-76261C147B6C}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe ExtendScript Toolkit CS4-->MsiExec.exe /I{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Extension Manager CS4-->MsiExec.exe /I{054EFA56-2AC1-48F4-A883-0AB89874B972}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe Illustrator CS2-->msiexec /I {B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Linguistics CS4-->MsiExec.exe /I{931AB7EA-3656-4BB7-864D-022B09E3DD67}
Adobe Media Player-->msiexec /qb /x {39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe Media Player-->MsiExec.exe /I{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe Output Module-->MsiExec.exe /I{BB4E33EC-8181-4685-96F7-8554293DEC6A}
Adobe PDF Library Files CS4-->MsiExec.exe /I{F93C84A6-0DC6-42AF-89FA-776F7C377353}
Adobe Photoshop CS3-->MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}
Adobe Photoshop CS4 Support-->MsiExec.exe /I{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}
Adobe Photoshop CS4-->C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
Adobe Photoshop CS4-->MsiExec.exe /I{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}
Adobe Photoshop CS4-->MsiExec.exe /I{E4848436-0345-47E2-B648-8B522FCDA623}
Adobe Photoshop Lightroom 2.4-->MsiExec.exe /I{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}
Adobe Search for Help-->MsiExec.exe /I{F0E64E2E-3A60-40D8-A55D-92F6831875DA}
Adobe Service Manager Extension-->MsiExec.exe /I{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}
Adobe Setup-->MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
Adobe Setup-->MsiExec.exe /I{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe SVG Viewer 3.0-->C:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Adobe Type Support CS4-->MsiExec.exe /I{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Update Manager CS4-->MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{D5A31AB1-345D-47C7-A87B-036A669F6DF1}
Adobe XMP Panels CS4-->MsiExec.exe /I{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}
AdobeColorCommonSetCMYK-->MsiExec.exe /I{68243FF8-83CA-466B-B2B8-9F99DA5479C4}
AdobeColorCommonSetRGB-->MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
Agnitum Spam Terrier-->"C:\Program Files\Agnitum\Spam Terrier\unins000.exe"
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
Amic Email Backup v2.0-->"C:\Program Files\Amic Tools\Amic Email Backup\unins000.exe"
Artisteer 2-->"C:\Program Files\Artisteer 2\bin\Uninstall.exe"
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}\SETUP.EXE" -l0x9 UNINST
Connect-->MsiExec.exe /I{B29AD377-CC12-490A-A480-1452337C618D}
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Print CD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}\SETUP.EXE" -l0x9 -SYSTEM
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\ENG\USE_G\DOCUNINS.EXE
EPSON Stylus Photo R285_290 Manual-->C:\Program Files\EPSON\TPMANUAL\ESPR285_290\ENG\USE_G\DOCUNINS.EXE
EPSON Web-To-Page-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}\SETUP.EXE" -l0x9 -anything
ESC79_D78 User's Guide-->C:\Program Files\EPSON\TPMANUAL\ESC79_D78\ENG\USE_G\DOCUNINS.EXE
FileZilla Client 3.2.6.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Folder Marker Pro v 3.0-->"C:\Program Files\Folder Marker\unins000.exe"
Folder Size for Windows-->MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
GamingHarbor Toolbar-->"C:\Documents and Settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\Setup.exe" REMOVE=TRUE MODIFY=FALSE
GamingHarbor Toolbar-->C:\Documents and Settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}\Setup.exe
Google Chrome-->"C:\Program Files\Google\Chrome\Application\2.0.172.28\Installer\setup.exe" --uninstall --system-level
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Gears-->MsiExec.exe /I{F724042F-367A-3B58-9BE3-8EF7A6F058D6}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
IconLover-->"C:\Program Files\IconLover\uninstall.exe"
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
InfoTag Magic 1.0-->"C:\Program Files\InfoTag Magic 1.0\uninstall.exe"
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
Intel® Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216014FF}
kuler-->MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
Launchy 2.1.2-->"C:\Program Files\Launchy\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Marxio Timer 1.9.0-->"C:\Program Files\Marxio Timer\unins000.exe"
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multiplicity-->C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\UNWISE.EXE C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\INSTALL.LOG
Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Opera 9.64-->MsiExec.exe /X{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}
PDF Settings CS4-->MsiExec.exe /I{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}
Photoshop Camera Raw-->MsiExec.exe /I{CC75AB5C-2110-4A7F-AF52-708680D22FE8}
Picasa 3-->"C:\Program Files\Google\Picasa3\Uninstall.exe"
Portrait Professional Max 6.3-->"C:\Program Files\Portrait Professional Max 6\unins000.exe"
ProjectWhois-->C:\Program Files\Domain Tools\ProjectWhois\ProjectWhoisUninstall.exe
QuickTime Alternative 2.5.1-->"C:\Program Files\QuickTime Alternative\unins000.exe"
Real Alternative 1.7.5-->"C:\Program Files\Real Alternative\unins000.exe"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
Revo Uninstaller 1.71-->C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969897)-->"C:\WINDOWS\$NtUninstallKB969897$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
SnagIt 8-->MsiExec.exe /I{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}
Spam Bully for Outlook-->C:\PROGRA~1\SBOUTL~1\UNWISE.EXE C:\PROGRA~1\SBOUTL~1\INSTALL.LOG
StuffIt Deluxe-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}
Suite Shared Configuration CS4-->MsiExec.exe /I{842B4B72-9E8F-4962-B3C1-1C422A5C4434}
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
Task Coach 0.73.2-->"C:\Program Files\TaskCoach\unins000.exe"
The Big Box of Art 350,000-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{AFBC5EBA-85ED-4A94-9BA4-F14B104B5BB9} /l1033
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Outlook 2007 Junk Email Filter (kb971933)-->msiexec /package {90120000-0030-0000-0000-0000000FF1CE} /uninstall {53C200F4-3B4B-49A5-8539-2C61F1A88CA2}
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Widgets-->C:\PROGRA~1\Yahoo!\Widgets\uninstall.exe

======Security center information======

AV: AVG Anti-Virus Free

======System event log======

Computer Name: HUGEDAWG
Event Code: 7000
Message: The MSICPL service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 39
Source Name: Service Control Manager
Time Written: 20090709222322.000000+060
Event Type: error
User:

Computer Name: HUGEDAWG
Event Code: 7000
Message: The MSICPL service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 38
Source Name: Service Control Manager
Time Written: 20090709222322.000000+060
Event Type: error
User:

Computer Name: HUGEDAWG
Event Code: 11
Message: The device Root\LEGACY_SETUPNTGLM7X\0000 disappeared from the system without first being prepared for removal.

Record Number: 35
Source Name: PlugPlayManager
Time Written: 20090709222313.000000+060
Event Type: error
User:

Computer Name: HUGEDAWG
Event Code: 7000
Message: The MSICPL service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 34
Source Name: Service Control Manager
Time Written: 20090709222121.000000+060
Event Type: error
User:

Computer Name: HUGEDAWG
Event Code: 7000
Message: The MSICPL service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 33
Source Name: Service Control Manager
Time Written: 20090709222121.000000+060
Event Type: error
User:

=====Application event log=====

Computer Name: HUGEDAWG
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 489
Source Name: .NET Runtime Optimization Service
Time Written: 20090712185117.000000+060
Event Type:
User:

Computer Name: HUGEDAWG
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Deployment, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 487
Source Name: .NET Runtime Optimization Service
Time Written: 20090712185115.000000+060
Event Type:
User:

Computer Name: HUGEDAWG
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Configuration, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 485
Source Name: .NET Runtime Optimization Service
Time Written: 20090712185113.000000+060
Event Type:
User:

Computer Name: HUGEDAWG
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.VisualBasic, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 483
Source Name: .NET Runtime Optimization Service
Time Written: 20090712185111.000000+060
Event Type:
User:

Computer Name: HUGEDAWG
Event Code: 1102
Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.Build.Utilities, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a


Record Number: 481
Source Name: .NET Runtime Optimization Service
Time Written: 20090712185107.000000+060
Event Type:
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0403
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

log.txt:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Huge Dawg at 2009-08-03 22:08:59
Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (77%) free of 76 GB
Total RAM: 3062 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:15, on 03/08/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Allume\StuffIt\MXTask.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Adobe Photoshop CS4\Patch.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\Allume\StuffIt\mxtask.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Huge Dawg\Desktop\RSIT.exe
C:\Program Files\trend micro\Huge Dawg.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Multiplicity] C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [igfxtray.exe] C:\Program Files\Adobe\Adobe Photoshop CS4\Patch.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: ProjectWhois.lnk = C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1247590914421
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: Multi - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Stardock Multiplicity (Multiplicity) - Unknown owner - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
O23 - Service: StuffIt Task Manager - Allume Systems, Inc. - C:\PROGRA~1\Allume\StuffIt\MXTask.exe

--
End of file - 12046 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll [2005-12-22 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-19 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-07-31 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-14 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll [2009-07-17 2097152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-14 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-06-26 1008896]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll [2005-12-22 131072]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"Multiplicity"=C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe [2008-01-22 638464]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"igfxtray.exe"=C:\Program Files\Adobe\Adobe Photoshop CS4\Patch.exe [2008-10-30 36864]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]
""= []
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-07-12 1948440]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-14 148888]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-06-21 35328]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-08-01 1830128]
"AdobeBridge"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-07-31 39408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Launchy.lnk - C:\Program Files\Launchy\Launchy.exe
SnagIt 8.lnk - C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe

C:\Documents and Settings\Huge Dawg\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
ProjectWhois.lnk - C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-12 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Multi]
C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll [2005-04-17 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-04-24 190464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"MULTIPL.EXE"="MULTIPL.EXE:LocalSubNet:Enabled:Multiplicity"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"
.txt - open - "C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe" "%1"

======List of files/folders created in the last 1 months======

2009-08-03 22:09:00 ----D---- C:\Program Files\trend micro
2009-08-03 22:08:59 ----D---- C:\rsit
2009-08-02 16:17:30 ----HD---- C:\$AVG8.VAULT$
2009-08-01 22:46:19 ----D---- C:\Program Files\Marxio Timer
2009-07-31 19:02:00 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Google
2009-07-31 19:00:09 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-07-31 13:03:52 ----HDC---- C:\Documents and Settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}
2009-07-30 14:11:11 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Hemera
2009-07-30 14:08:50 ----D---- C:\Program Files\Hemera
2009-07-28 07:34:30 ----D---- C:\WINDOWS\Sun
2009-07-27 22:49:06 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Mozilla
2009-07-27 15:27:16 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\TaskCoach
2009-07-27 15:27:06 ----D---- C:\Program Files\TaskCoach
2009-07-26 15:51:49 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-07-26 15:51:49 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-07-26 15:51:48 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-07-26 15:14:36 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Malwarebytes
2009-07-26 15:14:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-26 15:14:30 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-07-26 12:02:27 ----D---- C:\Program Files\IconLover
2009-07-24 09:59:38 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-07-24 09:59:37 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-07-23 12:22:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2009-07-23 12:20:57 ----D---- C:\Program Files\Common Files\Adobe Systems Shared
2009-07-23 12:19:38 ----D---- C:\WINDOWS\system32\Adobe
2009-07-23 12:19:38 ----A---- C:\WINDOWS\system32\FileOps.exe
2009-07-22 12:27:24 ----D---- C:\Program Files\Yahoo!
2009-07-21 17:23:03 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Artisteer
2009-07-21 17:20:12 ----D---- C:\Program Files\Artisteer 2
2009-07-21 10:10:32 ----D---- C:\Program Files\VS Revo Group
2009-07-20 16:19:34 ----D---- C:\Program Files\Domain Tools
2009-07-19 23:48:06 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Launchy
2009-07-19 23:47:58 ----D---- C:\Program Files\Launchy
2009-07-19 23:47:22 ----D---- C:\Program Files\InfraRecorder
2009-07-18 10:58:47 ----A---- C:\WINDOWS\NeroDigital.ini
2009-07-18 10:55:46 ----D---- C:\WINDOWS\system32\IOSUBSYS
2009-07-18 03:00:51 ----D---- C:\WINDOWS\ie8updates
2009-07-17 16:12:19 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\ArcticLine
2009-07-17 16:12:05 ----D---- C:\Program Files\Folder Marker
2009-07-17 15:58:39 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Anthropics
2009-07-17 15:58:36 ----D---- C:\Program Files\Portrait Professional Max 6
2009-07-16 19:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-16 19:11:57 ----D---- C:\WINDOWS\WBEM
2009-07-16 19:10:49 ----HDC---- C:\WINDOWS\ie8
2009-07-16 19:05:45 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-16 03:20:19 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-07-16 03:11:04 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-16 03:10:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-16 03:10:40 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-16 03:10:32 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-16 03:10:24 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-16 03:10:12 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-16 03:09:54 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2009-07-16 03:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-16 03:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-16 03:09:09 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 03:08:41 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-16 03:08:06 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-16 03:07:41 ----HDC---- C:\WINDOWS\$NtUninstallKB969897$
2009-07-16 03:07:30 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-16 03:07:19 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 03:07:08 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-16 03:06:30 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-16 03:06:19 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-16 03:06:08 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-16 03:06:01 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-16 03:05:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-16 03:05:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-16 03:05:29 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2009-07-16 03:05:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-16 03:05:02 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-16 03:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-16 03:03:51 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-16 03:03:44 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-16 03:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-16 03:03:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-16 03:03:11 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-16 03:02:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-16 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-16 03:02:25 ----D---- C:\Program Files\MSXML 4.0
2009-07-16 03:00:49 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-15 19:34:01 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-07-15 19:34:01 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-07-15 19:34:00 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-07-15 19:34:00 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-07-15 19:34:00 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-07-15 19:34:00 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-07-15 19:34:00 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-07-15 19:34:00 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-07-15 19:34:00 ----N---- C:\WINDOWS\system32\px.dll
2009-07-15 19:32:50 ----D---- C:\WINDOWS\RegisteredPackages
2009-07-15 19:32:23 ----D---- C:\Program Files\Winamp
2009-07-15 18:46:20 ----N---- C:\WINDOWS\system32\xpsp4res.dll
2009-07-15 18:23:42 ----D---- C:\Program Files\Microsoft Silverlight
2009-07-14 23:46:54 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\FM Settings
2009-07-14 19:50:32 ----A---- C:\WINDOWS\system32\javaws.exe
2009-07-14 19:50:32 ----A---- C:\WINDOWS\system32\javaw.exe
2009-07-14 19:50:32 ----A---- C:\WINDOWS\system32\java.exe
2009-07-14 19:50:32 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-07-14 19:50:15 ----D---- C:\Program Files\Java
2009-07-14 19:49:46 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Sun
2009-07-14 19:49:30 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2009-07-14 19:49:30 ----A---- C:\WINDOWS\system32\pndx5032.dll
2009-07-14 19:49:30 ----A---- C:\WINDOWS\system32\pndx5016.dll
2009-07-14 19:49:30 ----A---- C:\WINDOWS\system32\pncrt.dll
2009-07-14 19:49:29 ----D---- C:\Program Files\Real Alternative
2009-07-14 19:49:29 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Real
2009-07-14 19:49:29 ----D---- C:\Documents and Settings\All Users\Application Data\Real
2009-07-14 19:48:53 ----D---- C:\Documents and Settings\All Users\Application Data\Apple Computer
2009-07-14 19:48:49 ----D---- C:\Program Files\QuickTime Alternative
2009-07-14 19:16:22 ----D---- C:\WINDOWS\Prefetch
2009-07-14 19:03:24 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-07-14 19:03:24 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-07-14 19:02:33 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$
2009-07-14 18:54:53 ----D---- C:\WINDOWS\system32\scripting
2009-07-14 18:54:53 ----D---- C:\WINDOWS\l2schemas
2009-07-14 18:54:52 ----D---- C:\WINDOWS\system32\en
2009-07-14 18:54:52 ----D---- C:\WINDOWS\system32\bits
2009-07-14 18:50:26 ----D---- C:\WINDOWS\ServicePackFiles
2009-07-14 18:48:05 ----D---- C:\WINDOWS\network diagnostic
2009-07-14 18:44:40 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-07-14 18:24:28 ----D---- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2009-07-14 18:10:10 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-14 18:10:08 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-14 12:32:16 ----D---- C:\Documents and Settings\All Users\Application Data\TechSmith
2009-07-14 12:31:58 ----D---- C:\Program Files\TechSmith
2009-07-14 11:16:25 ----A---- C:\WINDOWS\system32\TwnLib20.dll
2009-07-14 11:16:24 ----N---- C:\WINDOWS\system32\ImagXRA7.dll
2009-07-14 11:16:24 ----N---- C:\WINDOWS\system32\ImagXR7.dll
2009-07-14 11:16:24 ----N---- C:\WINDOWS\system32\ImagXpr7.dll
2009-07-14 11:16:24 ----N---- C:\WINDOWS\system32\ImagX7.dll
2009-07-14 11:16:24 ----D---- C:\Program Files\Common Files\Ahead
2009-07-14 11:16:24 ----A---- C:\WINDOWS\system32\NeroCheck.exe
2009-07-14 11:16:21 ----D---- C:\Program Files\Ahead
2009-07-14 11:12:35 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\ImgBurn
2009-07-14 11:06:08 ----D---- C:\Program Files\ImgBurn
2009-07-13 22:29:03 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-13 22:28:53 ----D---- C:\Program Files\SUPERAntiSpyware
2009-07-13 22:28:53 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\SUPERAntiSpyware.com
2009-07-13 22:28:32 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-07-13 11:15:00 ----D---- C:\Program Files\Google
2009-07-12 12:06:02 ----D---- C:\Program Files\FolderSize
2009-07-12 11:36:06 ----D---- C:\Program Files\7-Zip
2009-07-12 11:10:52 ----RSD---- C:\WINDOWS\assembly
2009-07-12 11:10:13 ----D---- C:\WINDOWS\Microsoft.NET
2009-07-12 11:07:09 ----D---- C:\Program Files\InfoTag Magic 1.0
2009-07-12 09:01:18 ----D---- C:\WINDOWS\system32\appmgmt
2009-07-12 08:38:02 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-12 08:37:51 ----D---- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
2009-07-12 08:37:39 ----D---- C:\Program Files\AVG
2009-07-12 08:37:39 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-10 23:37:41 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Axaware
2009-07-10 23:37:09 ----A---- C:\WINDOWS\system32\msxml4a.dll
2009-07-10 23:37:08 ----D---- C:\Program Files\SBOutlook
2009-07-10 22:35:38 ----D---- C:\Program Files\Mozilla Firefox
2009-07-10 16:53:32 ----A---- C:\WINDOWS\MXDebug2.ini
2009-07-10 16:53:31 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Allume Systems
2009-07-10 16:53:22 ----D---- C:\Documents and Settings\All Users\Application Data\Allume Systems
2009-07-10 16:53:14 ----D---- C:\Program Files\Allume
2009-07-10 16:03:02 ----D---- C:\Program Files\Agnitum
2009-07-10 16:03:02 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Agnitum
2009-07-10 15:15:35 ----D---- C:\Program Files\Bonjour
2009-07-10 15:08:20 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-07-10 13:09:33 ----D---- C:\Program Files\ABBYY FineReader 6.0 Sprint
2009-07-10 13:06:27 ----A---- C:\WINDOWS\system32\escwiad.dll
2009-07-10 13:06:02 ----A---- C:\WINDOWS\CDE DX8400DEFGIPS.ini
2009-07-10 13:05:30 ----A---- C:\WINDOWS\system32\E_FLBCEE.DLL
2009-07-10 13:05:30 ----A---- C:\WINDOWS\system32\E_FD4BCEE.DLL
2009-07-10 12:57:12 ----D---- C:\Documents and Settings\All Users\Application Data\UDL
2009-07-10 12:54:00 ----D---- C:\Program Files\EPSON Print CD
2009-07-10 12:52:23 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\InstallShield
2009-07-10 12:50:46 ----A---- C:\WINDOWS\CDER285DEFGIPS.ini
2009-07-10 12:50:10 ----D---- C:\Documents and Settings\All Users\Application Data\EPSON
2009-07-10 12:50:00 ----A---- C:\WINDOWS\system32\E_FLBCKE.DLL
2009-07-10 12:50:00 ----A---- C:\WINDOWS\system32\E_FD4BCKE.DLL
2009-07-10 12:44:50 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Template
2009-07-10 12:34:23 ----A---- C:\WINDOWS\system32\PICSDK2.dll
2009-07-10 12:34:23 ----A---- C:\WINDOWS\system32\PICSDK.ini
2009-07-10 12:34:23 ----A---- C:\WINDOWS\system32\PICSDK.dll
2009-07-10 12:34:23 ----A---- C:\WINDOWS\system32\PICEntry.dll
2009-07-10 12:34:23 ----A---- C:\WINDOWS\system32\EpPicPrt.dll
2009-07-10 12:34:22 ----A---- C:\WINDOWS\system32\EPPicMgr.dll
2009-07-10 12:32:38 ----A---- C:\WINDOWS\EPSTPLOG.TXT
2009-07-10 12:32:38 ----A---- C:\WINDOWS\EPSMTL32.TXT
2009-07-10 12:32:31 ----A---- C:\WINDOWS\CDE D78DEFGIPS.ini
2009-07-10 12:32:23 ----D---- C:\Program Files\EPSON
2009-07-10 12:32:14 ----A---- C:\WINDOWS\system32\E_DCINST.DLL
2009-07-10 12:32:12 ----A---- C:\WINDOWS\system32\E_FLBBGE.DLL
2009-07-10 12:32:12 ----A---- C:\WINDOWS\system32\E_FD4BBGE.DLL
2009-07-10 12:16:42 ----D---- C:\Program Files\FileZilla FTP Client
2009-07-10 11:52:53 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Opera
2009-07-10 11:52:34 ----D---- C:\Program Files\Opera
2009-07-10 11:43:26 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Windows Search
2009-07-10 11:11:52 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\FileZilla
2009-07-10 10:42:04 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-07-10 10:27:18 ----D---- C:\Program Files\Adobe Media Player
2009-07-10 10:27:16 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Macromedia
2009-07-10 10:24:14 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-07-10 10:19:57 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Adobe
2009-07-10 10:19:57 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-07-10 10:19:30 ----D---- C:\Program Files\Adobe
2009-07-10 10:15:45 ----D---- C:\WINDOWS\SxsCaPendDel
2009-07-10 10:13:04 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-07-10 10:12:36 ----D---- C:\Program Files\Common Files\Adobe
2009-07-10 09:51:36 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\JGsoft
2009-07-09 23:45:13 ----D---- C:\Program Files\Amic Tools
2009-07-09 23:42:35 ----D---- C:\Program Files\Windows Desktop Search
2009-07-09 23:42:34 ----D---- C:\WINDOWS\system32\GroupPolicy
2009-07-09 23:42:34 ----D---- C:\WINDOWS\system32\en-US
2009-07-09 23:42:02 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4_0$
2009-07-09 23:41:52 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-09 23:41:48 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-07-09 23:41:48 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-09 23:41:46 ----A---- C:\WINDOWS\system32\xmllite.dll
2009-07-09 23:37:43 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-07-09 23:36:57 ----D---- C:\Program Files\Microsoft Works
2009-07-09 23:36:50 ----D---- C:\Program Files\MSBuild
2009-07-09 23:36:32 ----D---- C:\Program Files\Microsoft Visual Studio
2009-07-09 23:36:31 ----D---- C:\Program Files\Common Files\DESIGNER
2009-07-09 23:33:35 ----D---- C:\WINDOWS\SHELLNEW
2009-07-09 23:33:11 ----D---- C:\Program Files\Microsoft Office
2009-07-09 23:33:10 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-07-09 23:32:49 ----RHD---- C:\MSOCache
2009-07-09 23:27:59 ----A---- C:\WINDOWS\system32\wgatray.exe.bak
2009-07-09 23:27:59 ----A---- C:\WINDOWS\system32\WgaTray.exe
2009-07-09 23:27:59 ----A---- C:\WINDOWS\system32\wgalogon.dll.bak
2009-07-09 23:27:59 ----A---- C:\WINDOWS\system32\WgaLogon.dll
2009-07-09 23:27:59 ----A---- C:\WINDOWS\system32\legitcheckcontrol.dll.bak
2009-07-09 23:27:59 ----A---- C:\WINDOWS\system32\LegitCheckControl.dll
2009-07-09 23:10:17 ----A---- C:\WINDOWS\system32\h323log.txt
2009-07-09 23:02:09 ----D---- C:\Program Files\Stardock
2009-07-09 22:57:40 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-07-09 22:55:30 ----A---- C:\rollback.ini
2009-07-09 22:49:53 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\MailFrontier
2009-07-09 22:49:22 ----A---- C:\zap.txt
2009-07-09 22:43:29 ----D---- C:\Documents and Settings\All Users\Application Data\MailFrontier
2009-07-09 22:43:21 ----A---- C:\WINDOWS\system32\SpOrder.dll
2009-07-09 22:43:07 ----D---- C:\Program Files\Zone Labs
2009-07-09 22:42:39 ----D---- C:\WINDOWS\Internet Logs
2009-07-09 22:40:14 ----SHD---- C:\RECYCLER
2009-07-09 22:38:44 ----A---- C:\WINDOWS\system32\hidserv.dll
2009-07-09 22:36:25 ----A---- C:\WINDOWS\system32\usbui.dll
2009-07-09 22:35:09 ----A---- C:\WINDOWS\imsins.BAK
2009-07-09 22:35:06 ----SHD---- C:\WINDOWS\Installer
2009-07-09 22:35:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-09 22:35:05 ----D---- C:\Program Files\Common Files\ODBC
2009-07-09 22:35:05 ----A---- C:\WINDOWS\ODBCINST.INI
2009-07-09 22:35:02 ----RD---- C:\Program Files
2009-07-09 22:35:02 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-07-09 22:35:02 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-09 22:35:02 ----D---- C:\Program Files\Common Files
2009-07-09 22:34:59 ----RA---- C:\WINDOWS\system32\kbdtuq.dll
2009-07-09 22:34:59 ----RA---- C:\WINDOWS\system32\kbdtuf.dll
2009-07-09 22:34:59 ----RA---- C:\WINDOWS\system32\kbdazel.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdycc.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbduzb.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdur.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdtat.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdru1.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdru.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdmon.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdkyr.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdkaz.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdbu.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdblr.dll
2009-07-09 22:34:57 ----RA---- C:\WINDOWS\system32\kbdaze.dll
2009-07-09 22:34:55 ----RA---- C:\WINDOWS\system32\kbdhept.dll
2009-07-09 22:34:55 ----RA---- C:\WINDOWS\system32\kbdhela3.dll
2009-07-09 22:34:55 ----RA---- C:\WINDOWS\system32\kbdhela2.dll
2009-07-09 22:34:55 ----RA---- C:\WINDOWS\system32\kbdhe319.dll
2009-07-09 22:34:55 ----RA---- C:\WINDOWS\system32\kbdhe220.dll
2009-07-09 22:34:55 ----RA---- C:\WINDOWS\system32\kbdhe.dll
2009-07-09 22:34:55 ----RA---- C:\WINDOWS\system32\kbdgkl.dll
2009-07-09 22:34:53 ----RA---- C:\WINDOWS\system32\kbdlv1.dll
2009-07-09 22:34:53 ----RA---- C:\WINDOWS\system32\kbdlv.dll
2009-07-09 22:34:53 ----RA---- C:\WINDOWS\system32\kbdlt1.dll
2009-07-09 22:34:53 ----RA---- C:\WINDOWS\system32\kbdlt.dll
2009-07-09 22:34:53 ----RA---- C:\WINDOWS\system32\kbdest.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdycl.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdsl1.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdsl.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdro.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdpl1.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdpl.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdhu1.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdhu.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdcz2.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdcz1.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdcz.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\kbdcr.dll
2009-07-09 22:34:50 ----RA---- C:\WINDOWS\system32\KBDAL.DLL
2009-07-09 22:34:46 ----A---- C:\WINDOWS\system32\spxcoins.dll
2009-07-09 22:34:46 ----A---- C:\WINDOWS\system32\irclass.dll
2009-07-09 22:34:46 ----A---- C:\WINDOWS\system32\EqnClass.Dll
2009-07-09 22:34:46 ----A---- C:\WINDOWS\system32\dgsetup.dll
2009-07-09 22:34:46 ----A---- C:\WINDOWS\system32\dgrpsetu.dll
2009-07-09 22:34:44 ----N---- C:\WINDOWS\system32\CONFIG.TMP
2009-07-09 22:34:44 ----A---- C:\WINDOWS\TASKMAN.EXE
2009-07-09 22:34:43 ----A---- C:\WINDOWS\system32\batt.dll
2009-07-09 22:34:43 ----A---- C:\WINDOWS\notepad.exe
2009-07-09 22:34:39 ----A---- C:\WINDOWS\system32\storprop.dll
2009-07-09 22:34:31 ----ASH---- C:\Documents and Settings\All Users\Application Data\desktop.ini
2009-07-09 22:32:49 ----RA---- C:\WINDOWS\SET8.tmp
2009-07-09 22:32:47 ----RA---- C:\WINDOWS\SET4.tmp
2009-07-09 22:32:45 ----RA---- C:\WINDOWS\SET3.tmp
2009-07-09 22:32:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-09 22:32:41 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-09 22:32:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-09 22:32:19 ----A---- C:\WINDOWS\setuplog.txt
2009-07-09 22:32:16 ----D---- C:\Documents and Settings
2009-07-09 22:32:15 ----SHD---- C:\System Volume Information
2009-07-09 22:31:30 ----R---- C:\WINDOWS\system32\ChCfg.exe
2009-07-09 22:31:13 ----D---- C:\WINDOWS\system32\RTCOM
2009-07-09 22:31:11 ----A---- C:\WINDOWS\system32\ksuser.dll
2009-07-09 22:31:01 ----SH---- C:\boot.ini
2009-07-09 22:30:41 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-09 22:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB888111WXPSP2$
2009-07-09 22:30:36 ----R---- C:\WINDOWS\SoundMan.exe
2009-07-09 22:30:35 ----R---- C:\WINDOWS\SkyTel.exe
2009-07-09 22:30:33 ----R---- C:\WINDOWS\RtlUpd.exe
2009-07-09 22:30:26 ----R---- C:\WINDOWS\RTLCPL.exe
2009-07-09 22:30:09 ----R---- C:\WINDOWS\RTHDCPL.exe
2009-07-09 22:30:07 ----R---- C:\WINDOWS\MicCal.exe
2009-07-09 22:30:02 ----R---- C:\WINDOWS\Alcmtr.exe
2009-07-09 22:30:00 ----R---- C:\WINDOWS\alcwzrd.exe
2009-07-09 22:29:58 ----D---- C:\Program Files\Realtek
2009-07-09 22:29:56 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-09 22:29:54 ----A---- C:\WINDOWS\HideWin.exe
2009-07-09 22:29:53 ----R---- C:\WINDOWS\RtlExUpd.dll
2009-07-09 22:29:49 ----D---- C:\Program Files\Common Files\InstallShield
2009-07-09 22:28:57 ----RA---- C:\WINDOWS\system32\igfxres.dll
2009-07-09 22:27:06 ----RA---- C:\WINDOWS\system32\iglicd32.dll
2009-07-09 22:27:06 ----RA---- C:\WINDOWS\system32\igldev32.dll
2009-07-09 22:27:06 ----RA---- C:\WINDOWS\system32\igfxext.exe
2009-07-09 22:27:06 ----RA---- C:\WINDOWS\system32\igfxexps.dll
2009-07-09 22:27:06 ----RA---- C:\WINDOWS\system32\igfxCoIn_v4906.dll
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igxprd32.dll
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igxpgd32.dll
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igxpdx32.dll
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igxpdv32.dll
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igfxzoom.exe
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igfxtray.exe
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igfxsrvc.exe
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igfxsrvc.dll
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igfxress.dll
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igfxpph.dll
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igfxpers.exe
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igfxdo.dll
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igfxdev.dll
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\igfxcfg.exe
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\hkcmd.exe
2009-07-09 22:27:05 ----RA---- C:\WINDOWS\system32\hccutils.dll
2009-07-09 22:26:39 ----D---- C:\WINDOWS\system32\Lang
2009-07-09 22:26:38 ----RA---- C:\WINDOWS\system32\difxapi.dll
2009-07-09 22:26:37 ----RA---- C:\WINDOWS\system32\igxpun.exe
2009-07-09 22:25:12 ----D---- C:\WINDOWS\system32\ReinstallBackups
2009-07-09 22:25:10 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-07-09 22:25:10 ----D---- C:\Program Files\Intel
2009-07-09 22:24:58 ----D---- C:\Intel
2009-07-09 22:24:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-07-09 22:24:09 ----RSD---- C:\WINDOWS\Fonts
2009-07-09 22:24:09 ----RD---- C:\WINDOWS\Web
2009-07-09 22:24:09 ----HD---- C:\WINDOWS\inf
2009-07-09 22:24:09 ----D---- C:\WINDOWS\WinSxS
2009-07-09 22:24:09 ----D---- C:\WINDOWS\twain_32
2009-07-09 22:24:09 ----D---- C:\WINDOWS\Temp
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\wins
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\wbem
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\usmt
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\spool
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\ShellExt
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\Setup
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\ras
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\oobe
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\npp
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\mui
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\inetsrv
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\IME
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\icsxml
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\ias
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\export
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\drivers
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\dhcp
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\config
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\3com_dmi
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\3076
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\2052
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\1054
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\1042
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\1041
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\1037
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\1033
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\1031
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\1028
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32\1025
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system32
2009-07-09 22:24:09 ----D---- C:\WINDOWS\system
2009-07-09 22:24:09 ----D---- C:\WINDOWS\security
2009-07-09 22:24:09 ----D---- C:\WINDOWS\Resources
2009-07-09 22:24:09 ----D---- C:\WINDOWS\repair
2009-07-09 22:24:09 ----D---- C:\WINDOWS\Provisioning
2009-07-09 22:24:09 ----D---- C:\WINDOWS\PeerNet
2009-07-09 22:24:09 ----D---- C:\WINDOWS\pchealth
2009-07-09 22:24:09 ----D---- C:\WINDOWS\mui
2009-07-09 22:24:09 ----D---- C:\WINDOWS\msapps
2009-07-09 22:24:09 ----D---- C:\WINDOWS\msagent
2009-07-09 22:24:09 ----D---- C:\WINDOWS\Media
2009-07-09 22:24:09 ----D---- C:\WINDOWS\java
2009-07-09 22:24:09 ----D---- C:\WINDOWS\ime
2009-07-09 22:24:09 ----D---- C:\WINDOWS\Help
2009-07-09 22:24:09 ----D---- C:\WINDOWS\ehome
2009-07-09 22:24:09 ----D---- C:\WINDOWS\Driver Cache
2009-07-09 22:24:09 ----D---- C:\WINDOWS\Debug
2009-07-09 22:24:09 ----D---- C:\WINDOWS\Cursors
2009-07-09 22:24:09 ----D---- C:\WINDOWS\Connection Wizard
2009-07-09 22:24:09 ----D---- C:\WINDOWS\Config
2009-07-09 22:24:09 ----D---- C:\WINDOWS\AppPatch
2009-07-09 22:24:09 ----D---- C:\WINDOWS\addins
2009-07-09 22:24:09 ----D---- C:\WINDOWS
2009-07-09 22:20:24 ----D---- C:\Documents and Settings\Huge Dawg\Application Data\Identities
2009-07-09 22:20:22 ----HD---- C:\Program Files\Uninstall Information
2009-07-09 22:20:11 ----SD---- C:\Documents and Settings\Huge Dawg\Application Data\Microsoft
2009-07-09 22:20:11 ----ASH---- C:\Documents and Settings\Huge Dawg\Application Data\desktop.ini
2009-07-09 22:19:32 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-09 22:19:30 ----SD---- C:\WINDOWS\system32\Microsoft
2009-07-09 22:19:30 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-09 22:15:54 ----D---- C:\WINDOWS\system32\xircom
2009-07-09 22:15:54 ----D---- C:\Program Files\xerox
2009-07-09 22:15:54 ----D---- C:\Program Files\microsoft frontpage
2009-07-09 22:15:32 ----A---- C:\WINDOWS\control.ini
2009-07-09 22:15:32 ----A---- C:\AUTOEXEC.BAT
2009-07-09 22:15:22 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-09 22:15:18 ----A---- C:\WINDOWS\system32\mapi32.dll
2009-07-09 22:14:32 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-09 22:14:32 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-09 22:14:31 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2009-07-09 22:14:26 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2009-07-09 22:14:21 ----HD---- C:\Program Files\WindowsUpdate
2009-07-09 22:14:03 ----D---- C:\WINDOWS\system32\DirectX
2009-07-09 22:13:45 ----A---- C:\WINDOWS\system32\atrace.dll
2009-07-09 22:13:43 ----A---- C:\WINDOWS\system32\desktop.ini
2009-07-09 22:13:43 ----A---- C:\WINDOWS\desktop.ini
2009-07-09 22:13:37 ----A---- C:\WINDOWS\system32\nmevtmsg.dll
2009-07-09 22:13:36 ----A---- C:\WINDOWS\system32\acctres.dll
2009-07-09 22:13:35 ----D---- C:\Program Files\Common Files\Services
2009-07-09 22:13:33 ----SD---- C:\WINDOWS\Tasks
2009-07-09 22:13:33 ----A---- C:\WINDOWS\system32\icfgnt5.dll
2009-07-09 22:13:32 ----D---- C:\Program Files\Common Files\MSSoap
2009-07-09 22:13:28 ----D---- C:\WINDOWS\system32\Macromed
2009-07-09 22:13:28 ----D---- C:\WINDOWS\srchasst
2009-07-09 22:13:25 ----A---- C:\WINDOWS\system32\wuweb.dll
2009-07-09 22:13:25 ----A---- C:\WINDOWS\system32\wups.dll
2009-07-09 22:13:25 ----A---- C:\WINDOWS\system32\wucltui.dll
2009-07-09 22:13:25 ----A---- C:\WINDOWS\system32\wuauserv.dll
2009-07-09 22:13:25 ----A---- C:\WINDOWS\system32\wuaueng1.dll
2009-07-09 22:13:25 ----A---- C:\WINDOWS\system32\wuaueng.dll
2009-07-09 22:13:25 ----A---- C:\WINDOWS\system32\wuauclt1.exe
2009-07-09 22:13:25 ----A---- C:\WINDOWS\system32\wuauclt.exe
2009-07-09 22:13:24 ----A---- C:\WINDOWS\system32\wuapi.dll
2009-07-09 22:13:24 ----A---- C:\WINDOWS\system32\qmgrprxy.dll
2009-07-09 22:13:24 ----A---- C:\WINDOWS\system32\qmgr.dll
2009-07-09 22:13:24 ----A---- C:\WINDOWS\system32\bitsprx3.dll
2009-07-09 22:13:24 ----A---- C:\WINDOWS\system32\bitsprx2.dll
2009-07-09 22:13:21 ----D---- C:\Program Files\Movie Maker
2009-07-09 22:13:17 ----A---- C:\WINDOWS\system32\safrslv.dll
2009-07-09 22:13:17 ----A---- C:\WINDOWS\system32\safrdm.dll
2009-07-09 22:13:17 ----A---- C:\WINDOWS\system32\safrcdlg.dll
2009-07-09 22:13:17 ----A---- C:\WINDOWS\system32\racpldlg.dll
2009-07-09 22:13:14 ----A---- C:\WINDOWS\system32\fltmc.exe
2009-07-09 22:13:14 ----A---- C:\WINDOWS\system32\fltlib.dll
2009-07-09 22:13:13 ----D---- C:\WINDOWS\system32\Restore
2009-07-09 22:13:13 ----A---- C:\WINDOWS\system32\srsvc.dll
2009-07-09 22:13:13 ----A---- C:\WINDOWS\system32\srrstr.dll
2009-07-09 22:13:13 ----A---- C:\WINDOWS\system32\srclient.dll
2009-07-09 22:13:12 ----A---- C:\WINDOWS\system32\nmmkcert.dll
2009-07-09 22:13:12 ----A---- C:\WINDOWS\system32\msconf.dll
2009-07-09 22:13:12 ----A---- C:\WINDOWS\system32\mnmsrvc.exe
2009-07-09 22:13:12 ----A---- C:\WINDOWS\system32\mnmdd.dll
2009-07-09 22:13:12 ----A---- C:\WINDOWS\system32\isrdbg32.dll
2009-07-09 22:13:12 ----A---- C:\WINDOWS\system32\ils.dll
2009-07-09 22:13:09 ----D---- C:\Program Files\NetMeeting
2009-07-09 22:13:09 ----A---- C:\WINDOWS\system32\msoert2.dll
2009-07-09 22:13:09 ----A---- C:\WINDOWS\system32\msoeacct.dll
2009-07-09 22:13:09 ----A---- C:\WINDOWS\system32\inetres.dll
2009-07-09 22:13:08 ----A---- C:\WINDOWS\system32\inetcomm.dll
2009-07-09 22:13:07 ----D---- C:\Program Files\Outlook Express
2009-07-09 22:13:07 ----A---- C:\WINDOWS\system32\schedsvc.dll
2009-07-09 22:13:07 ----A---- C:\WINDOWS\system32\mstinit.exe
2009-07-09 22:13:07 ----A---- C:\WINDOWS\system32\mstask.dll
2009-07-09 22:13:06 ----A---- C:\WINDOWS\system32\isign32.dll
2009-07-09 22:13:06 ----A---- C:\WINDOWS\system32\inetcfg.dll
2009-07-09 22:13:06 ----A---- C:\WINDOWS\system32\icwphbk.dll
2009-07-09 22:13:06 ----A---- C:\WINDOWS\system32\icwdial.dll
2009-07-09 22:13:01 ----D---- C:\Program Files\Common Files\System
2009-07-09 22:13:00 ----D---- C:\Program Files\Internet Explorer
2009-07-09 22:12:30 ----D---- C:\Program Files\ComPlus Applications
2009-07-09 22:12:28 ----A---- C:\WINDOWS\vbaddin.ini
2009-07-09 22:12:28 ----A---- C:\WINDOWS\vb.ini
2009-07-09 22:12:24 ----D---- C:\WINDOWS\Registration
2009-07-09 22:12:17 ----D---- C:\Program Files\Online Services
2009-07-09 22:12:16 ----D---- C:\Program Files\Windows Media Player
2009-07-09 22:12:10 ----D---- C:\Program Files\Messenger
2009-07-09 22:12:07 ----D---- C:\Program Files\MSN Gaming Zone
2009-07-09 22:12:07 ----A---- C:\WINDOWS\system32\write.exe
2009-07-09 22:11:59 ----A---- C:\WINDOWS\system32\sndvol32.exe
2009-07-09 22:11:59 ----A---- C:\WINDOWS\system32\hticons.dll
2009-07-09 22:11:58 ----A---- C:\WINDOWS\system32\winchat.exe
2009-07-09 22:11:58 ----A---- C:\WINDOWS\system32\avwav.dll
2009-07-09 22:11:58 ----A---- C:\WINDOWS\system32\avtapi.dll
2009-07-09 22:11:58 ----A---- C:\WINDOWS\system32\avmeter.dll
2009-07-09 22:11:52 ----A---- C:\WINDOWS\system32\getuname.dll
2009-07-09 22:11:52 ----A---- C:\WINDOWS\system32\charmap.exe
2009-07-09 22:11:51 ----A---- C:\WINDOWS\system32\winmine.exe
2009-07-09 22:11:51 ----A---- C:\WINDOWS\system32\sol.exe
2009-07-09 22:11:51 ----A---- C:\WINDOWS\system32\mshearts.exe
2009-07-09 22:11:51 ----A---- C:\WINDOWS\system32\calc.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\usrlogon.cmd
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\tsshutdn.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\tslabels.ini
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\tskill.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\tsdiscon.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\tscon.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\shadow.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\rwinsta.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\reset.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\regini.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\rdpcfgex.dll
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\qwinsta.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\qappsrv.exe
2009-07-09 22:11:50 ----A---- C:\WINDOWS\system32\freecell.exe
2009-07-09 22:11:49 ----A---- C:\WINDOWS\system32\msg.exe
2009-07-09 22:11:49 ----A---- C:\WINDOWS\system32\msdtcprf.ini
2009-07-09 22:11:49 ----A---- C:\WINDOWS\system32\logoff.exe
2009-07-09 22:11:49 ----A---- C:\WINDOWS\system32\cdmodem.dll
2009-07-09 22:11:48 ----A---- C:\WINDOWS\system32\stclient.dll
2009-07-09 22:11:48 ----A---- C:\WINDOWS\system32\mtxlegih.dll
2009-07-09 22:11:48 ----A---- C:\WINDOWS\system32\mtxex.dll
2009-07-09 22:11:48 ----A---- C:\WINDOWS\system32\mtxdm.dll
2009-07-09 22:11:48 ----A---- C:\WINDOWS\system32\dcomcnfg.exe
2009-07-09 22:11:48 ----A---- C:\WINDOWS\system32\comsnap.dll
2009-07-09 22:11:48 ----A---- C:\WINDOWS\system32\comrepl.dll
2009-07-09 22:11:48 ----A---- C:\WINDOWS\system32\comaddin.dll
2009-07-09 22:11:43 ----A---- C:\WINDOWS\system32\wmimgmt.msc
2009-07-09 22:11:32 ----D---- C:\Program Files\MSN
2009-07-09 22:11:31 ----A---- C:\WINDOWS\system32\sndrec32.exe
2009-07-09 22:11:31 ----A---- C:\WINDOWS\system32\mplay32.exe
2009-07-09 22:11:31 ----A---- C:\WINDOWS\system32\hypertrm.dll
2009-07-09 22:11:31 ----A---- C:\WINDOWS\system32\accwiz.exe
2009-07-09 22:11:30 ----D---- C:\Program Files\Windows NT
2009-07-09 22:11:30 ----A---- C:\WINDOWS\system32\spider.exe
2009-07-09 22:11:30 ----A---- C:\WINDOWS\system32\mspaint.exe
2009-07-09 22:11:30 ----A---- C:\WINDOWS\system32\clipbrd.exe
2009-07-09 22:11:29 ----A---- C:\WINDOWS\system32\tscfgwmi.dll
2009-07-09 22:11:29 ----A---- C:\WINDOWS\system32\remotepg.dll
2009-07-09 22:11:29 ----A---- C:\WINDOWS\system32\rdshost.exe
2009-07-09 22:11:29 ----A---- C:\WINDOWS\system32\rdsaddin.exe
2009-07-09 22:11:29 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-07-09 22:11:29 ----A---- C:\WINDOWS\system32\mstsc.exe
2009-07-09 22:11:28 ----A---- C:\WINDOWS\system32\tscupgrd.exe
2009-07-09 22:11:28 ----A---- C:\WINDOWS\system32\termsrv.dll
2009-07-09 22:11:28 ----A---- C:\WINDOWS\system32\sessmgr.exe
2009-07-09 22:11:28 ----A---- C:\WINDOWS\system32\rdpwsx.dll
2009-07-09 22:11:28 ----A---- C:\WINDOWS\system32\rdpsnd.dll
2009-07-09 22:11:28 ----A---- C:\WINDOWS\system32\rdpclip.exe
2009-07-09 22:11:28 ----A---- C:\WINDOWS\system32\rdchost.dll
2009-07-09 22:11:28 ----A---- C:\WINDOWS\system32\qprocess.exe
2009-07-09 22:11:28 ----A---- C:\WINDOWS\system32\icaapi.dll
2009-07-09 22:11:28 ----A---- C:\WINDOWS\system32\cfgbkend.dll
2009-07-09 22:11:27 ----D---- C:\WINDOWS\system32\MsDtc
2009-07-09 22:11:27 ----A---- C:\WINDOWS\system32\xolehlp.dll
2009-07-09 22:11:27 ----A---- C:\WINDOWS\system32\mtxoci.dll
2009-07-09 22:11:27 ----A---- C:\WINDOWS\system32\msdtcuiu.dll
2009-07-09 22:11:27 ----A---- C:\WINDOWS\system32\msdtctm.dll
2009-07-09 22:11:27 ----A---- C:\WINDOWS\system32\msdtcprx.dll
2009-07-09 22:11:27 ----A---- C:\WINDOWS\system32\msdtclog.dll
2009-07-09 22:11:26 ----D---- C:\WINDOWS\system32\Com
2009-07-09 22:11:26 ----A---- C:\WINDOWS\system32\msdtc.exe
2009-07-09 22:11:26 ----A---- C:\WINDOWS\system32\colbact.dll
2009-07-09 22:11:26 ----A---- C:\WINDOWS\system32\clbcatex.dll
2009-07-09 22:11:26 ----A---- C:\WINDOWS\system32\catsrvps.dll
2009-07-09 22:11:25 ----A---- C:\WINDOWS\system32\comuid.dll
2009-07-09 22:11:25 ----A---- C:\WINDOWS\system32\comsvcs.dll
2009-07-09 22:11:25 ----A---- C:\WINDOWS\system32\catsrvut.dll
2009-07-09 22:11:25 ----A---- C:\WINDOWS\system32\catsrv.dll
2009-07-09 22:11:24 ----A---- C:\WINDOWS\system32\clbcatq.dll
2009-07-09 22:11:19 ----A---- C:\WINDOWS\system32\servdeps.dll
2009-07-09 22:11:19 ----A---- C:\WINDOWS\system32\mmfutil.dll
2009-07-09 22:11:19 ----A---- C:\WINDOWS\system32\licwmi.dll
2009-07-09 22:11:19 ----A---- C:\WINDOWS\system32\cmprops.dll

======List of files/folders modified in the last 1 months======

2009-08-02 08:50:39 ----A---- C:\WINDOWS\win.ini
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 14:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-09 22:35:01 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-19 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-12 108552]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-04 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 NTACCESS;NTACCESS; \??\G:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\G:\NTGLM7X.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-07-12 298776]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2007-11-14 131072]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-14 152984]
R2 Multiplicity;Stardock Multiplicity; C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE [2005-04-17 208896]
R2 StuffIt Task Manager;StuffIt Task Manager; C:\PROGRA~1\Allume\StuffIt\MXTask.exe [2005-06-13 155648]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-25 655624]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-13 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-31 190448]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-07-23 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

I saw a Gaming Harbour toolbar in info.txt but have left it there. I also saw an entry in info.txt "ComSpec"=%SystemRoot%\system32\cmd.exe which I don't know if it is odd or not. Comspec is a computer repair man I talk to occasionally but I don't recall him ever having access.
The HTML/Framer alerts are still coming through, always to the cache of the default Firefox profile, (the only profile.)
Thanks again.

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:59 AM

Posted 03 August 2009 - 05:00 PM

Hello Fatmatt,

ComSpec is completely normal and im sure it doesn't have anything to do with your repair guy, is the HTML/Framer the only problem you
are having? how often do you get these alerts? can you tell me what you mean when you refer to "WP" sites?

Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator
  • Alow it to run when you get a Security Warning
  • A black Command Windows will open saying: "Please Wait..."
  • It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
  • Please post the contents of that log in your next reply

unite.jpg


#5 Fatmatt

Fatmatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 03 August 2009 - 05:23 PM

Yeah I googled Comspec and found out...
WP: Wordpress. Various Wordpress blogs using the latest release (2.8.1 until the other day). FTP passwords random 12character, anti virus plugin, security plugin, only using plugins and themes via Wordpress to avoid rogues. iframes are inserted into thw Wordpress pages leading to Google warning about them, and hosts banning them.
No other alerts apart from sqlite cookie on reboots.

ROOTER> I didn't get a security warning as per your instructions so just clicked on 'Scan' and below is the report.

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP . (5.1.2600) Service Pack 3
[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Enabled
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5.1 (en-US)
.
A:\ [Removable]
C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:57 Go )
D:\ [Fixed-NTFS] .. ( Total:465 Go - Free:285 Go )
E:\ [Fixed-NTFS] .. ( Total:298 Go - Free:74 Go )
F:\ [Removable]
G:\ [CD_Rom]
.
Scan : 23:11.29
Path : C:\Documents and Settings\Huge Dawg\Desktop\Rooter.exe
User : Huge Dawg ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (632)
______ \??\C:\WINDOWS\system32\csrss.exe (688)
______ \??\C:\WINDOWS\system32\winlogon.exe (712)
______ C:\WINDOWS\system32\services.exe (756)
______ C:\WINDOWS\system32\lsass.exe (768)
______ C:\WINDOWS\system32\svchost.exe (928)
______ C:\WINDOWS\system32\svchost.exe (1012)
______ C:\WINDOWS\System32\svchost.exe (1108)
______ C:\WINDOWS\system32\svchost.exe (1200)
______ C:\WINDOWS\system32\svchost.exe (1308)
______ C:\WINDOWS\system32\spoolsv.exe (1488)
______ C:\WINDOWS\Explorer.EXE (240)
______ C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (280)
______ C:\WINDOWS\system32\svchost.exe (588)
______ C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe (676)
______ C:\Program Files\Bonjour\mDNSResponder.exe (672)
______ C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE (944)
______ C:\Program Files\FolderSize\FolderSizeSvc.exe (952)
______ C:\PROGRA~1\AVG\AVG8\avgrsx.exe (1084)
______ C:\PROGRA~1\AVG\AVG8\avgnsx.exe (1092)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1908)
______ C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE (2016)
______ C:\WINDOWS\system32\svchost.exe (252)
______ C:\PROGRA~1\Allume\StuffIt\MXTask.exe (336)
______ C:\WINDOWS\system32\wdfmgr.exe (1552)
______ C:\WINDOWS\system32\igfxtray.exe (2260)
______ C:\WINDOWS\system32\hkcmd.exe (2284)
______ C:\WINDOWS\system32\igfxpers.exe (2296)
______ C:\WINDOWS\RTHDCPL.EXE (2316)
______ C:\WINDOWS\system32\igfxsrvc.exe (2336)
______ C:\PROGRA~1\Stardock\THINKD~1\MULTIP~1\multipl.exe (2392)
______ C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (2416)
______ C:\Program Files\Adobe\Adobe Photoshop CS4\Patch.exe (2536)
______ C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (2604)
______ C:\PROGRA~1\AVG\AVG8\avgtray.exe (2640)
______ C:\Program Files\Java\jre6\bin\jusched.exe (2768)
______ C:\Program Files\Winamp\winampa.exe (2788)
______ C:\WINDOWS\system32\ctfmon.exe (2840)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (2868)
______ C:\PROGRA~1\Allume\StuffIt\mxtask.exe (2912)
______ C:\Program Files\Launchy\Launchy.exe (3116)
______ C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (3140)
______ C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (3164)
______ C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe (3172)
______ C:\WINDOWS\System32\alg.exe (3272)
______ C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (3988)
______ C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe (1224)
______ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (2160)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (2224)
______ C:\Program Files\AVG\AVG8\avgcsrvx.exe (3100)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2920)
______ C:\Program Files\Artisteer 2\bin\Artisteer.exe (3012)
______ C:\Documents and Settings\Huge Dawg\Desktop\Rooter.exe (3508)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:80023716864)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\Google Software Updater.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 23:11.43
.
C:\Rooter$\Rooter_1.txt - (03/08/2009 | 23:11.43)

#6 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:59 AM

Posted 03 August 2009 - 05:39 PM

So you are saying that when you visit the Wordpress site you are getting infected by malicious iframes?

unite.jpg


#7 Fatmatt

Fatmatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 03 August 2009 - 05:54 PM

No. The blogs that I have set up using wordpress have been infected. I'm sure the Wordpress site itself is secure. I had several blog sites on the Wordpress platform, using different themes/templates, on different hosts infected. I think it must have come from my local machine which must have been infected earlier. AVG picked up the virus, and I clean installed anyway, but AVG are still picking it up in the Firefox profile. I have completely deleted Firefox and reinstalled without using any previous profiles (all of which, including backups I removed from my system), but still the warnings come.

#8 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:59 AM

Posted 03 August 2009 - 06:09 PM

Ok im with you now, Im not sure how anything like this could have survived a clean install though, do you have any removable media?


We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the "File Scans" section, check the box "Skip Microsoft Files".
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Edited by syler, 03 August 2009 - 06:11 PM.

unite.jpg


#9 Fatmatt

Fatmatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 04 August 2009 - 02:05 AM

Removable media: I have the obvious, XP disk, Adobe disks, Office 2007 disk etc
OS run off system disc C: which was formatted in clean install. Data disk D: and backup E: both scanned with AVG, Malwarebytes and superspyware prior to clean install: clean bill of health. The only alerts I get are on C:

OTL.txt

OTL logfile created on: 04/08/2009 07:49:12 - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Huge Dawg\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.92 Gb Available in Paging File | 97.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 57.17 Gb Free Space | 76.71% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 285.70 Gb Free Space | 61.34% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 74.33 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HUGEDAWG
Current User Name: Huge Dawg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/13 11:14:58 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2009/07/12 08:37:40 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2007/11/14 21:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2009/07/12 08:37:43 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/12 08:37:43 | 00,594,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/07/14 19:50:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/04/17 15:37:30 | 00,208,896 | ---- | M] () -- C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE
PRC - [2005/06/13 07:44:18 | 00,155,648 | ---- | M] (Allume Systems, Inc.) -- C:\Program Files\Allume\StuffIt\MXTask.exe
PRC - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2007/12/19 04:08:08 | 00,135,168 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
PRC - [2007/12/19 04:08:12 | 00,159,744 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2007/12/19 04:07:42 | 00,131,072 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 07:31:34 | 16,857,600 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2007/12/19 04:07:30 | 00,249,856 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
PRC - [2008/01/22 06:27:08 | 00,638,464 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\ThinkDesk\Multiplicity\multipl.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/30 01:35:38 | 00,036,864 | -H-- | M] () -- C:\Program Files\Adobe\Adobe Photoshop CS4\Patch.exe
PRC - [2007/05/10 22:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2009/07/12 08:37:42 | 01,948,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/07/14 19:50:19 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/06/21 18:14:50 | 00,035,328 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009/08/01 14:28:49 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2005/06/13 07:44:18 | 00,155,648 | ---- | M] (Allume Systems, Inc.) -- C:\Program Files\Allume\StuffIt\MXTask.exe
PRC - [2008/08/05 20:16:40 | 00,286,720 | ---- | M] () -- C:\Program Files\Launchy\Launchy.exe
PRC - [2005/12/22 08:00:00 | 05,513,216 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
PRC - [2006/10/26 20:24:54 | 00,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2006/11/21 02:13:40 | 00,147,456 | ---- | M] () -- C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe
PRC - [2009/07/25 17:13:35 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2005/12/22 08:00:00 | 00,026,112 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
PRC - [2006/10/27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2009/07/12 08:37:42 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/12 08:37:42 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/12 08:37:39 | 00,760,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe
PRC - [2009/07/12 08:37:42 | 00,692,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/07/15 21:30:39 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/08/04 07:47:20 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Huge Dawg\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/07/23 12:20:57 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/07/12 08:37:40 | 00,298,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01 [Auto | Running])
SRV - [2009/07/25 17:13:35 | 00,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2007/11/14 21:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize [Auto | Running])
SRV - [2009/07/13 11:14:58 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate [Auto | Stopped])
SRV - [2009/07/31 19:00:07 | 00,190,448 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/07/14 19:50:19 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2005/04/17 15:37:30 | 00,208,896 | ---- | M] () -- C:\Program Files\Stardock\ThinkDesk\Multiplicity\MULTISRV32.EXE -- (Multiplicity [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/06/13 07:44:18 | 00,155,648 | ---- | M] (Allume Systems, Inc.) -- C:\Program Files\Allume\StuffIt\MXTask.exe -- (StuffIt Task Manager [Auto | Running])
SRV - [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/08/14 07:57:42 | 00,074,720 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs [Auto | Running])
DRV - [2009/07/19 09:59:56 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/07/12 08:37:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/12 08:38:01 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/12/19 04:32:12 | 05,854,688 | R--- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2008/02/14 10:04:06 | 04,676,096 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2004/08/04 02:07:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/11/20 20:19:06 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/01/03 15:10:16 | 00,105,856 | R--- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys -- (RTLE8023xp [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009/06/23 11:01:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009/06/23 11:01:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2008/04/13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005/04/29 11:38:52 | 00,393,984 | ---- | M] (Allume Systems) -- C:\WINDOWS\system32\DRIVERS\zmxpzip.sys -- (zmxpzip [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-261903793-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-606747145-261903793-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-606747145-261903793-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-606747145-261903793-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-606747145-261903793-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-606747145-261903793-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-606747145-261903793-682003330-1003\S-1-5-21-606747145-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606747145-261903793-682003330-1003\S-1-5-21-606747145-261903793-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "GamingHarbor"
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.50
FF - prefs.js..extensions.enabledItems: bettergmail2@ginatrapani.org:0.8.4
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {582195F5-92E7-40a0-A127-DB71295901D7}:0.5.7.3
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.30.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.7.7
FF - prefs.js..extensions.enabledItems: {10841c30-a967-11da-a746-0800200c9a66}:0.1.3
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.38
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.8.3
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20090414
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.1
FF - prefs.js..keyword.URL: "http://www.gamingharbor.com/search.do?desktopsmiley&keyword="

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/12 08:37:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/07/27 22:49:27 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/14 19:50:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/07/18 02:20:34 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/27 22:49:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/27 22:48:50 | 00,000,000 | ---D | M]

[2009/07/27 22:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Extensions
[2009/07/27 22:49:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/03 23:58:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions
[2009/07/27 22:55:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/07/27 22:55:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/08/03 07:17:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\{582195F5-92E7-40a0-A127-DB71295901D7}
[2009/07/27 23:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2009/08/01 06:35:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/07/27 22:55:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/07/27 22:55:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/07/27 22:55:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/07/29 12:53:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2009/07/27 22:55:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/07/27 22:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\bettergmail2@ginatrapani.org
[2009/07/27 22:55:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2009/07/27 22:55:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\foxmarks@kei.com
[2009/07/27 22:55:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Huge Dawg\Application Data\mozilla\Firefox\Profiles\d480ll59.default\extensions\twitternotifier@naan.net
[2009/08/03 23:58:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/20 16:19:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{10841c30-a967-11da-a746-0800200c9a66}
[2009/07/27 22:48:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/07/14 19:50:34 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/07/15 21:30:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/15 21:30:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/14 19:50:20 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/07/15 21:30:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/12/21 03:00:00 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/04/03 18:15:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/03 18:15:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/03 18:15:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/03 18:15:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/03 18:15:26 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/12/21 03:00:00 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2007/03/10 00:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll
[2009/07/15 19:10:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/15 19:10:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/27 22:49:23 | 00,001,497 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg_igeared.xml
[2009/07/15 19:10:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/15 19:10:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/23 06:35:04 | 00,001,619 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\FFToolbar.xml
[2009/07/15 19:10:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/15 19:10:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/15 19:10:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-606747145-261903793-682003330-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-606747145-261903793-682003330-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-606747145-261903793-682003330-1003\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray.exe] C:\Program Files\Adobe\Adobe Photoshop CS4\Patch.exe ()
O4 - HKLM..\Run: [Multiplicity] C:\Program Files\Stardock\ThinkDesk\Multiplicity\multipl.exe (Stardock.Net, Inc)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-606747145-261903793-682003330-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-606747145-261903793-682003330-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-606747145-261903793-682003330-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk = C:\Program Files\Launchy\Launchy.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\Huge Dawg\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Huge Dawg\Start Menu\Programs\Startup\ProjectWhois.lnk = C:\Program Files\Domain Tools\ProjectWhois\ProjectWhois.exe ()
O4 - Startup: C:\Documents and Settings\Huge Dawg\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-261903793-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-261903793-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-606747145-261903793-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1247590914421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\Multi: DllName - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll - C:\Program Files\Stardock\ThinkDesk\Multiplicity\MultiWin32.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/09 22:15:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/04 07:47:19 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Huge Dawg\Desktop\OTL.exe
[2009/08/03 23:11:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/08/03 22:09:00 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009/08/03 22:08:59 | 00,000,000 | ---D | C] -- C:\rsit
[2009/08/03 19:38:13 | 63,756,752 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\Artisteer.2.2.0.17981.exe
[2009/08/03 15:59:35 | 00,002,125 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\may_2009.csv
[2009/08/02 23:11:08 | 00,483,600 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\iStock_000003245274Illustra.zip
[2009/08/02 16:35:38 | 00,153,641 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\wp-db-backup.zip
[2009/08/02 16:35:09 | 00,185,346 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\members-only.0.6.7.zip
[2009/08/02 16:34:20 | 01,130,718 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\tdo-mini-forms.0.13.4.zip
[2009/08/02 16:33:40 | 00,148,717 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\search-everything.6.2.5.zip
[2009/08/02 16:32:54 | 00,528,116 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\customizable-post-listings.zip
[2009/08/02 16:32:34 | 00,225,388 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\custom-admin-post-listing.zip
[2009/08/02 16:31:28 | 00,104,132 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\WP-CRM.zip
[2009/08/02 16:17:30 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/08/02 15:11:45 | 00,001,372 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\ukbf
[2009/08/01 22:46:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\marxio-tools
[2009/08/01 22:46:19 | 00,000,000 | ---D | C] -- C:\Program Files\Marxio Timer
[2009/07/31 22:34:02 | 00,618,918 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\My Documents\DC-MM5000.pdf
[2009/07/31 19:02:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Google
[2009/07/31 19:00:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/07/31 19:00:08 | 00,000,868 | ---- | C] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/31 15:16:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Desktop\Primo_Icons
[2009/07/31 13:03:52 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{FC0EF073-EDB5-4CBE-B92D-5CE9A223F37B}
[2009/07/31 09:31:27 | 00,034,557 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Desktop\Receipt - 991909535961.pdf
[2009/07/30 14:53:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Desktop\pirates-icons
[2009/07/30 14:11:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Hemera
[2009/07/30 14:08:50 | 00,000,000 | ---D | C] -- C:\Program Files\Hemera
[2009/07/29 16:55:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Ahead
[2009/07/28 07:34:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/07/27 22:49:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Mozilla
[2009/07/27 15:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\TaskCoach
[2009/07/27 15:27:06 | 00,000,000 | ---D | C] -- C:\Program Files\TaskCoach
[2009/07/27 11:02:19 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\My Documents\EOI 09 final.doc
[2009/07/26 15:51:49 | 00,120,568 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/07/26 15:51:49 | 00,118,256 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/07/26 15:51:48 | 00,129,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/07/26 15:14:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Malwarebytes
[2009/07/26 15:14:32 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/26 15:14:30 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/26 15:14:30 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/26 15:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/26 12:02:27 | 00,000,000 | ---D | C] -- C:\Program Files\IconLover
[2009/07/24 16:34:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Apple Computer
[2009/07/23 12:24:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\Updater
[2009/07/23 12:22:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2009/07/23 12:20:57 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2009/07/23 12:19:38 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2009/07/23 12:19:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/07/22 23:03:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\Artisteer Templates
[2009/07/22 19:29:51 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2009/07/22 19:29:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\My Widgets
[2009/07/22 19:29:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Yahoo
[2009/07/22 12:27:24 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/07/21 17:23:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Artisteer
[2009/07/21 17:20:12 | 00,000,000 | ---D | C] -- C:\Program Files\Artisteer 2
[2009/07/21 10:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2009/07/21 08:02:32 | 00,084,212 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/20 16:19:35 | 00,000,891 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Start Menu\Programs\Startup\ProjectWhois.lnk
[2009/07/20 16:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\Domain Tools
[2009/07/20 10:52:00 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\Browsers
[2009/07/19 23:48:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Launchy
[2009/07/19 23:48:01 | 00,000,678 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
[2009/07/19 23:47:58 | 00,000,000 | ---D | C] -- C:\Program Files\Launchy
[2009/07/19 23:47:22 | 00,000,000 | ---D | C] -- C:\Program Files\InfraRecorder
[2009/07/18 10:58:47 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/18 10:55:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2009/07/18 03:00:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/17 16:12:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\ArcticLine
[2009/07/17 16:12:05 | 00,000,000 | ---D | C] -- C:\Program Files\Folder Marker
[2009/07/17 15:58:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Anthropics
[2009/07/17 15:58:36 | 00,000,000 | ---D | C] -- C:\Program Files\Portrait Professional Max 6
[2009/07/17 10:14:19 | 00,512,399 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\My Documents\foi_guide.pdf
[2009/07/16 19:11:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/07/16 19:10:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/16 03:02:25 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/07/15 19:34:01 | 00,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/07/15 19:34:01 | 00,065,008 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/07/15 19:34:01 | 00,002,560 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/07/15 19:34:01 | 00,002,432 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/07/15 19:34:00 | 01,690,096 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/07/15 19:34:00 | 00,588,272 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2009/07/15 19:34:00 | 00,543,216 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2009/07/15 19:34:00 | 00,379,376 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2009/07/15 19:34:00 | 00,186,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2009/07/15 19:34:00 | 00,088,560 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2009/07/15 19:34:00 | 00,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/07/15 19:32:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2009/07/15 19:32:23 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2009/07/15 18:46:19 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/07/15 18:23:42 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/07/15 14:58:11 | 00,000,377 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\My Documents\place of design
[2009/07/14 23:46:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\FM Settings
[2009/07/14 22:30:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Cooliris
[2009/07/14 19:50:32 | 00,410,984 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/14 19:50:32 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/14 19:50:32 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/14 19:50:32 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/14 19:50:32 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/14 19:50:15 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/07/14 19:49:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Sun
[2009/07/14 19:49:30 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/07/14 19:49:30 | 00,185,688 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2009/07/14 19:49:30 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2009/07/14 19:49:30 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2009/07/14 19:49:29 | 00,000,000 | ---D | C] -- C:\Program Files\Real Alternative
[2009/07/14 19:49:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Real
[2009/07/14 19:49:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Real
[2009/07/14 19:49:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/07/14 19:48:53 | 00,090,112 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2009/07/14 19:48:53 | 00,057,344 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
[2009/07/14 19:48:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/07/14 19:48:49 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime Alternative
[2009/07/14 19:16:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/07/14 18:54:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/07/14 18:54:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/07/14 18:54:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/07/14 18:54:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/07/14 18:50:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/07/14 18:48:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/07/14 18:44:40 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/07/14 18:36:49 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/07/14 18:36:49 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/07/14 18:36:49 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/07/14 18:36:49 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/07/14 18:36:49 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/07/14 18:36:49 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/07/14 18:36:49 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/07/14 18:36:49 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/07/14 18:36:49 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/07/14 18:36:49 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/07/14 18:36:49 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/07/14 18:36:49 | 00,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2009/07/14 18:36:49 | 00,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2009/07/14 18:36:49 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2009/07/14 18:36:49 | 00,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2009/07/14 18:36:49 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/07/14 18:36:49 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/07/14 18:36:49 | 00,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2009/07/14 18:36:49 | 00,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2009/07/14 18:36:49 | 00,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2009/07/14 18:36:49 | 00,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2009/07/14 18:36:49 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/07/14 18:36:49 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/07/14 18:36:49 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/07/14 18:36:49 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/07/14 18:36:49 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/07/14 18:36:49 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/07/14 18:36:49 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/07/14 18:36:49 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/07/14 18:36:49 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/07/14 18:36:49 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/07/14 18:36:49 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/07/14 18:36:49 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/07/14 18:36:49 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/07/14 18:36:49 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/07/14 18:36:49 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/07/14 18:36:48 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/07/14 18:36:48 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/07/14 18:36:48 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/07/14 18:36:48 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/07/14 18:36:48 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/07/14 18:36:48 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/07/14 18:36:48 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/07/14 18:36:48 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/07/14 18:36:48 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/07/14 18:36:48 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/07/14 18:36:47 | 00,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2009/07/14 18:36:47 | 00,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2009/07/14 18:36:47 | 00,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2009/07/14 18:36:47 | 00,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2009/07/14 18:36:47 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/07/14 18:36:47 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/07/14 18:36:46 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/07/14 18:36:46 | 00,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2009/07/14 18:36:46 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/07/14 18:36:46 | 00,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2009/07/14 18:36:45 | 01,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2009/07/14 18:36:45 | 01,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2009/07/14 18:36:45 | 00,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2009/07/14 18:36:45 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/07/14 18:36:45 | 00,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2009/07/14 18:36:45 | 00,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2009/07/14 18:36:45 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/07/14 18:36:45 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/07/14 18:36:45 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/07/14 18:36:42 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/07/14 18:36:42 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/07/14 18:36:42 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/07/14 18:36:42 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/07/14 18:36:42 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/07/14 18:36:41 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/07/14 18:36:41 | 00,011,868 | ---- | C] (Conexant) -- C:\WINDOWS\System32\drivers\mdmxsdk.sys
[2009/07/14 18:36:39 | 01,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfdpsp2.sys
[2009/07/14 18:36:39 | 00,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfcxts2.sys
[2009/07/14 18:36:39 | 00,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\hsfbs2s2.sys
[2009/07/14 18:36:39 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/07/14 18:36:36 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/07/14 18:36:36 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/07/14 18:36:36 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/07/14 18:36:36 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/07/14 18:36:36 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/07/14 18:36:35 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/07/14 18:36:35 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/07/14 18:36:35 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/07/14 18:36:35 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/07/14 18:36:35 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/07/14 18:36:35 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/07/14 18:34:55 | 00,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2009/07/14 18:34:55 | 00,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2009/07/14 18:34:55 | 00,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2009/07/14 18:34:55 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/07/14 18:34:55 | 00,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2009/07/14 18:34:55 | 00,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2009/07/14 18:34:55 | 00,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2009/07/14 18:34:55 | 00,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2009/07/14 18:34:55 | 00,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2009/07/14 18:34:55 | 00,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2009/07/14 18:34:55 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2009/07/14 18:34:55 | 00,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2009/07/14 18:34:54 | 00,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2009/07/14 18:34:54 | 00,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2009/07/14 18:34:54 | 00,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2009/07/14 18:34:54 | 00,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2009/07/14 18:34:54 | 00,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2009/07/14 18:34:54 | 00,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2009/07/14 18:34:54 | 00,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2009/07/14 18:34:54 | 00,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2009/07/14 18:34:54 | 00,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2009/07/14 18:34:54 | 00,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2009/07/14 18:34:54 | 00,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2009/07/14 18:24:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/07/14 18:10:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/07/14 12:32:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\SnagIt Catalog
[2009/07/14 12:32:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/07/14 12:32:01 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
[2009/07/14 12:31:58 | 00,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2009/07/14 11:16:44 | 00,125,184 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagesrv.sys
[2009/07/14 11:16:44 | 00,005,504 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\drivers\imagedrv.sys
[2009/07/14 11:16:25 | 00,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2009/07/14 11:16:24 | 01,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagX7.dll
[2009/07/14 11:16:24 | 00,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXpr7.dll
[2009/07/14 11:16:24 | 00,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXRA7.dll
[2009/07/14 11:16:24 | 00,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\ImagXR7.dll
[2009/07/14 11:16:24 | 00,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2009/07/14 11:16:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/07/14 11:16:21 | 00,000,000 | ---D | C] -- C:\Program Files\Ahead
[2009/07/14 11:12:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\ImgBurn
[2009/07/14 11:06:08 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2009/07/14 01:00:37 | 00,001,024 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\My Documents\.idx
[2009/07/14 01:00:37 | 00,000,016 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\My Documents\.lst
[2009/07/13 22:29:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/13 22:28:53 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/13 22:28:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\SUPERAntiSpyware.com
[2009/07/13 22:28:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/07/13 11:15:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Temp
[2009/07/13 11:15:23 | 00,000,892 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/13 11:15:22 | 00,000,888 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/13 11:15:00 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/07/13 11:15:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Google
[2009/07/12 17:57:35 | 00,000,180 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\My Documents\WP p
[2009/07/12 17:56:02 | 00,000,180 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\My Documents\WP u
[2009/07/12 17:54:25 | 00,000,180 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\My Documents\wp harden wp_
[2009/07/12 12:06:02 | 00,000,000 | ---D | C] -- C:\Program Files\FolderSize
[2009/07/12 11:36:06 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/07/12 11:10:52 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/07/12 11:10:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/07/12 11:07:09 | 00,000,000 | ---D | C] -- C:\Program Files\InfoTag Magic 1.0
[2009/07/12 09:01:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/07/12 08:40:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\AVG Security Toolbar
[2009/07/12 08:38:02 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/12 08:38:01 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/12 08:37:57 | 00,335,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/12 08:37:56 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/12 08:37:53 | 39,484,539 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/07/12 08:37:53 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/12 08:37:53 | 00,056,222 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/07/12 08:37:52 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/12 08:37:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/07/12 08:37:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2009/07/12 08:37:39 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/07/12 08:37:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/07/11 20:07:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\iMacros
[2009/07/10 23:37:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Axaware
[2009/07/10 23:37:09 | 00,000,402 | ---- | C] () -- C:\WINDOWS\System32\msxml4.inf
[2009/07/10 23:37:08 | 00,000,000 | ---D | C] -- C:\Program Files\SBOutlook
[2009/07/10 22:35:38 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/10 21:56:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\PCHealth
[2009/07/10 17:06:34 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\My Archives
[2009/07/10 16:53:32 | 00,000,144 | ---- | C] () -- C:\WINDOWS\MXDebug2.ini
[2009/07/10 16:53:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Allume Systems
[2009/07/10 16:53:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Allume Systems
[2009/07/10 16:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\Allume
[2009/07/10 16:35:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\Updater5
[2009/07/10 16:03:02 | 00,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2009/07/10 16:03:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Agnitum
[2009/07/10 15:15:35 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/07/10 15:08:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/07/10 13:09:33 | 00,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2009/07/10 13:06:27 | 00,067,072 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\escwiad.dll
[2009/07/10 13:06:02 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX8400DEFGIPS.ini
[2009/07/10 13:05:30 | 00,076,800 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBCEE.DLL
[2009/07/10 13:05:30 | 00,062,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BCEE.DLL
[2009/07/10 12:57:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\UDL
[2009/07/10 12:54:00 | 00,000,000 | ---D | C] -- C:\Program Files\EPSON Print CD
[2009/07/10 12:52:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\InstallShield
[2009/07/10 12:50:46 | 00,000,041 | ---- | C] () -- C:\WINDOWS\CDER285DEFGIPS.ini
[2009/07/10 12:50:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2009/07/10 12:50:00 | 00,076,800 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBCKE.DLL
[2009/07/10 12:50:00 | 00,062,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BCKE.DLL
[2009/07/10 12:44:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Template
[2009/07/10 12:44:28 | 00,000,824 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Application Data\wklnhst.dat
[2009/07/10 12:34:23 | 00,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
[2009/07/10 12:34:23 | 00,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2009/07/10 12:34:23 | 00,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/07/10 12:34:23 | 00,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
[2009/07/10 12:34:23 | 00,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
[2009/07/10 12:34:23 | 00,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/07/10 12:34:23 | 00,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/07/10 12:34:23 | 00,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/07/10 12:34:23 | 00,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/07/10 12:34:23 | 00,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2009/07/10 12:34:23 | 00,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/07/10 12:34:23 | 00,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/07/10 12:34:23 | 00,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/07/10 12:34:23 | 00,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/07/10 12:34:23 | 00,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/07/10 12:34:23 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2009/07/10 12:34:23 | 00,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2009/07/10 12:34:23 | 00,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/07/10 12:34:23 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/07/10 12:34:22 | 00,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EPPicMgr.dll
[2009/07/10 12:34:22 | 00,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/07/10 12:34:22 | 00,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/07/10 12:34:22 | 00,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/07/10 12:34:22 | 00,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/07/10 12:34:22 | 00,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2009/07/10 12:34:22 | 00,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg
[2009/07/10 12:34:22 | 00,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2009/07/10 12:34:22 | 00,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2009/07/10 12:34:22 | 00,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg
[2009/07/10 12:34:22 | 00,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2009/07/10 12:34:22 | 00,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2009/07/10 12:34:22 | 00,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg
[2009/07/10 12:34:22 | 00,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2009/07/10 12:34:22 | 00,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg
[2009/07/10 12:34:22 | 00,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg
[2009/07/10 12:34:22 | 00,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg
[2009/07/10 12:34:22 | 00,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg
[2009/07/10 12:32:31 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE D78DEFGIPS.ini
[2009/07/10 12:32:23 | 00,000,000 | ---D | C] -- C:\Program Files\EPSON
[2009/07/10 12:32:14 | 00,049,152 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
[2009/07/10 12:32:12 | 00,073,216 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLBBGE.DLL
[2009/07/10 12:32:12 | 00,062,976 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FD4BBGE.DLL
[2009/07/10 12:26:05 | 00,000,947 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/07/10 12:26:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\OneNote Notebooks
[2009/07/10 12:16:42 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/07/10 11:52:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Opera
[2009/07/10 11:52:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Opera
[2009/07/10 11:52:34 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/07/10 11:43:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Windows Search
[2009/07/10 11:11:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\FileZilla
[2009/07/10 10:42:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/07/10 10:27:18 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2009/07/10 10:27:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Macromedia
[2009/07/10 10:24:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/07/10 10:23:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Adobe
[2009/07/10 10:19:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Adobe
[2009/07/10 10:19:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/07/10 10:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/07/10 10:15:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/07/10 10:13:04 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/07/10 10:12:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/07/10 09:51:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\JGsoft
[2009/07/09 23:47:21 | 00,119,992 | ---- | C] () -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/09 23:45:13 | 00,000,000 | ---D | C] -- C:\Program Files\Amic Tools
[2009/07/09 23:43:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Identities
[2009/07/09 23:42:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/07/09 23:42:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/07/09 23:42:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/07/09 23:41:48 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/07/09 23:40:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\Downloads
[2009/07/09 23:36:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/07/09 23:36:50 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/07/09 23:36:32 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/07/09 23:36:31 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/07/09 23:33:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/07/09 23:33:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Microsoft Help
[2009/07/09 23:33:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/07/09 23:33:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/07/09 23:32:49 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/07/09 23:10:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/09 23:10:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Mozilla
[2009/07/09 23:02:09 | 00,000,000 | ---D | C] -- C:\Program Files\Stardock
[2009/07/09 22:57:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/07/09 22:55:30 | 00,000,959 | ---- | C] () -- C:\rollback.ini
[2009/07/09 22:49:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\MailFrontier
[2009/07/09 22:43:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2009/07/09 22:43:26 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/07/09 22:43:07 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/07/09 22:42:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/07/09 22:40:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/07/09 22:37:05 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\Office
[2009/07/09 22:35:09 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/07/09 22:35:06 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/07/09 22:35:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/07/09 22:35:03 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/07/09 22:35:03 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/07/09 22:35:03 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/07/09 22:35:02 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/07/09 22:35:02 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/07/09 22:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/07/09 22:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/07/09 22:35:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/07/09 22:35:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/07/09 22:35:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/07/09 22:34:59 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009/07/09 22:34:59 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/07/09 22:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/07/09 22:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009/07/09 22:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/07/09 22:34:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/07/09 22:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/07/09 22:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009/07/09 22:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009/07/09 22:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/07/09 22:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/07/09 22:34:56 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/07/09 22:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/07/09 22:34:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/07/09 22:34:54 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009/07/09 22:34:54 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009/07/09 22:34:54 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/07/09 22:34:54 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/07/09 22:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009/07/09 22:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009/07/09 22:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/07/09 22:34:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/07/09 22:34:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009/07/09 22:34:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/07/09 22:34:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/07/09 22:34:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/07/09 22:34:52 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009/07/09 22:34:52 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/07/09 22:34:50 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009/07/09 22:34:50 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/07/09 22:34:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009/07/09 22:34:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009/07/09 22:34:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009/07/09 22:34:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/07/09 22:34:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/07/09 22:34:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/07/09 22:34:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/07/09 22:34:47 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/07/09 22:34:46 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2009/07/09 22:34:46 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2009/07/09 22:34:46 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2009/07/09 22:34:46 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2009/07/09 22:34:46 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2009/07/09 22:34:46 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2009/07/09 22:34:46 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/07/09 22:34:46 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2009/07/09 22:34:45 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\Musica
[2009/07/09 22:34:44 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/07/09 22:34:36 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\Geek
[2009/07/09 22:34:28 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\Tools
[2009/07/09 22:34:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\Imaging
[2009/07/09 22:32:59 | 00,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2009/07/09 22:32:59 | 00,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2009/07/09 22:32:52 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/07/09 22:32:52 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/07/09 22:32:52 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/07/09 22:32:52 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/07/09 22:32:52 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/07/09 22:32:52 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/07/09 22:32:52 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/07/09 22:32:51 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/07/09 22:32:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/07/09 22:32:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/07/09 22:32:35 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/07/09 22:32:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/07/09 22:32:15 | 04,387,448 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/09 22:32:15 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/07/09 22:31:38 | 00,000,553 | R--- | C] () -- C:\WINDOWS\USetup.iss
[2009/07/09 22:31:30 | 00,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/07/09 22:31:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2009/07/09 22:31:01 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2009/07/09 22:30:57 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/07/09 22:30:36 | 00,086,016 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
[2009/07/09 22:30:35 | 01,826,816 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2009/07/09 22:30:33 | 01,191,936 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2009/07/09 22:30:32 | 00,282,624 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.cpl
[2009/07/09 22:30:26 | 09,715,200 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.exe
[2009/07/09 22:30:23 | 04,676,096 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2009/07/09 22:30:09 | 16,857,600 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
[2009/07/09 22:30:07 | 02,165,760 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2009/07/09 22:30:02 | 00,069,632 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2009/07/09 22:30:00 | 02,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2009/07/09 22:29:59 | 00,299,008 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSndMgr.cpl
[2009/07/09 22:29:58 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/07/09 22:29:56 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/07/09 22:29:54 | 00,315,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2009/07/09 22:29:53 | 00,520,192 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2009/07/09 22:29:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/07/09 22:28:57 | 00,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2009/07/09 22:27:43 | 05,881,320 | -H-- | C] () -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\IconCache.db
[2009/07/09 22:27:31 | 00,105,856 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2009/07/09 22:27:06 | 02,334,720 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\iglicd32.dll
[2009/07/09 22:27:06 | 00,294,912 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igldev32.dll
[2009/07/09 22:27:06 | 00,192,512 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrell.lrc
[2009/07/09 22:27:06 | 00,180,224 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrhun.lrc
[2009/07/09 22:27:06 | 00,176,128 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcsy.lrc
[2009/07/09 22:27:06 | 00,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtrk.lrc
[2009/07/09 22:27:06 | 00,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrtha.lrc
[2009/07/09 22:27:06 | 00,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxext.exe
[2009/07/09 22:27:06 | 00,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/07/09 22:27:06 | 00,024,576 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxexps.dll
[2009/07/09 22:27:05 | 05,854,688 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\drivers\igxpmp32.sys
[2009/07/09 22:27:05 | 03,293,184 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxress.dll
[2009/07/09 22:27:05 | 02,643,456 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdx32.dll
[2009/07/09 22:27:05 | 01,670,144 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpdv32.dll
[2009/07/09 22:27:05 | 00,524,288 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcfg.exe
[2009/07/09 22:27:05 | 00,249,856 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.exe
[2009/07/09 22:27:05 | 00,208,896 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdev.dll
[2009/07/09 22:27:05 | 00,204,800 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpph.dll
[2009/07/09 22:27:05 | 00,192,512 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdeu.lrc
[2009/07/09 22:27:05 | 00,188,416 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnld.lrc
[2009/07/09 22:27:05 | 00,188,416 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrita.lrc
[2009/07/09 22:27:05 | 00,188,416 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxresp.lrc
[2009/07/09 22:27:05 | 00,184,320 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfra.lrc
[2009/07/09 22:27:05 | 00,180,224 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrrus.lrc
[2009/07/09 22:27:05 | 00,180,224 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptg.lrc
[2009/07/09 22:27:05 | 00,180,224 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrptb.lrc
[2009/07/09 22:27:05 | 00,180,224 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrplk.lrc
[2009/07/09 22:27:05 | 00,176,128 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsky.lrc
[2009/07/09 22:27:05 | 00,176,128 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrnor.lrc
[2009/07/09 22:27:05 | 00,176,128 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrfin.lrc
[2009/07/09 22:27:05 | 00,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrsve.lrc
[2009/07/09 22:27:05 | 00,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrslv.lrc
[2009/07/09 22:27:05 | 00,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrenu.lrc
[2009/07/09 22:27:05 | 00,172,032 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrdan.lrc
[2009/07/09 22:27:05 | 00,163,840 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxzoom.exe
[2009/07/09 22:27:05 | 00,159,744 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrara.lrc
[2009/07/09 22:27:05 | 00,159,744 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
[2009/07/09 22:27:05 | 00,155,648 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrheb.lrc
[2009/07/09 22:27:05 | 00,151,040 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxpgd32.dll
[2009/07/09 22:27:05 | 00,135,168 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxtray.exe
[2009/07/09 22:27:05 | 00,135,168 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxdo.dll
[2009/07/09 22:27:05 | 00,131,072 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrjpn.lrc
[2009/07/09 22:27:05 | 00,131,072 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
[2009/07/09 22:27:05 | 00,126,976 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrkor.lrc
[2009/07/09 22:27:05 | 00,122,880 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxcpl.cpl
[2009/07/09 22:27:05 | 00,110,592 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrcht.lrc
[2009/07/09 22:27:05 | 00,110,592 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxrchs.lrc
[2009/07/09 22:27:05 | 00,102,400 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\hccutils.dll
[2009/07/09 22:27:05 | 00,057,344 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igxprd32.dll
[2009/07/09 22:27:05 | 00,048,128 | R--- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxsrvc.dll
[2009/07/09 22:27:05 | 00,026,992 | R--- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2009/07/09 22:27:05 | 00,002,096 | R--- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2009/07/09 22:26:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/07/09 22:26:37 | 00,920,088 | R--- | C] (Intel® Corporation) -- C:\WINDOWS\System32\igxpun.exe
[2009/07/09 22:25:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/07/09 22:25:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/07/09 22:25:10 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/07/09 22:24:58 | 00,000,000 | ---D | C] -- C:\Intel
[2009/07/09 22:24:09 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/07/09 22:24:09 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/07/09 22:24:09 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/07/09 22:24:09 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/07/09 22:24:09 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/07/09 22:20:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Identities
[2009/07/09 22:20:22 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/07/09 22:20:20 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\My Music
[2009/07/09 22:20:19 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Huge Dawg\My Documents\My Pictures
[2009/07/09 22:20:11 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Huge Dawg\Application Data\Microsoft
[2009/07/09 22:20:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\Microsoft
[2009/07/09 22:19:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/07/09 22:19:30 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/09 22:19:30 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/07/09 22:19:06 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/07/09 22:17:57 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/09 22:17:48 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/07/09 22:17:26 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/07/09 22:17:26 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/07/09 22:17:22 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/07/09 22:17:21 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/07/09 22:17:20 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/07/09 22:17:05 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/07/09 22:17:04 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/07/09 22:16:58 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/07/09 22:16:57 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/07/09 22:16:55 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/07/09 22:16:41 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/07/09 22:16:34 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/07/09 22:16:29 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/07/09 22:16:28 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/07/09 22:16:28 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/07/09 22:16:21 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/07/09 22:16:18 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/07/09 22:16:18 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/07/09 22:16:18 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/07/09 22:16:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/07/09 22:16:18 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/07/09 22:16:17 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/07/09 22:16:17 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/07/09 22:16:17 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/07/09 22:16:17 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/07/09 22:16:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/07/09 22:16:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/07/09 22:16:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/07/09 22:16:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/07/09 22:16:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/07/09 22:16:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/07/09 22:16:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/07/09 22:16:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/07/09 22:16:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/07/09 22:16:15 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/07/09 22:16:15 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/07/09 22:16:15 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/07/09 22:16:15 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/07/09 22:16:15 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/07/09 22:16:15 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/07/09 22:16:15 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/07/09 22:16:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/07/09 22:16:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/07/09 22:16:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/07/09 22:16:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/07/09 22:16:14 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/07/09 22:16:14 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/07/09 22:16:14 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/07/09 22:16:13 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/07/09 22:16:13 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/07/09 22:16:13 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/07/09 22:16:13 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/07/09 22:15:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/07/09 22:15:54 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/07/09 22:15:54 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/07/09 22:15:32 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/09 22:15:32 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/07/09 22:15:32 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/07/09 22:15:32 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/07/09 22:15:32 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/07/09 22:15:28 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/07/09 22:15:28 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/07/09 22:15:27 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/07/09 22:14:32 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/07/09 22:14:32 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/07/09 22:14:31 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/07/09 22:14:31 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/07/09 22:14:21 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/07/09 22:14:10 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/07/09 22:14:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/07/09 22:13:43 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/07/09 22:13:43 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/07/09 22:13:37 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/07/09 22:13:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/07/09 22:13:33 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/07/09 22:13:32 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/07/09 22:13:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/07/09 22:13:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/07/09 22:13:21 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/07/09 22:13:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/07/09 22:13:12 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2009/07/09 22:13:09 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/07/09 22:13:07 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/07/09 22:13:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/07/09 22:13:00 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/07/09 22:12:59 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/07/09 22:12:39 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/09 22:12:30 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/07/09 22:12:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/07/09 22:12:17 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/07/09 22:12:17 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/07/09 22:12:16 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/07/09 22:12:10 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/07/09 22:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/07/09 22:11:59 | 00,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2009/07/09 22:11:59 | 00,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2009/07/09 22:11:53 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/07/09 22:11:53 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/07/09 22:11:53 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/07/09 22:11:53 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/07/09 22:11:53 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/07/09 22:11:53 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/07/09 22:11:53 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/07/09 22:11:53 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/07/09 22:11:53 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/07/09 22:11:53 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/07/09 22:11:53 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/07/09 22:11:52 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/07/09 22:11:52 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/07/09 22:11:52 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/07/09 22:11:52 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/07/09 22:11:52 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/07/09 22:11:52 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/07/09 22:11:52 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/07/09 22:11:52 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/07/09 22:11:50 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/07/09 22:11:50 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/07/09 22:11:49 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/07/09 22:11:43 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/07/09 22:11:32 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/07/09 22:11:31 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2009/07/09 22:11:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/07/09 22:11:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/07/09 22:11:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/07/09 22:11:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2004/08/04 02:07:00 | 00,000,682 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/04 02:07:00 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2000/11/22 22:31:46 | 00,308,224 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2000/11/22 22:31:46 | 00,091,136 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/08/04 07:47:20 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Huge Dawg\Desktop\OTL.exe
[2009/08/04 07:20:01 | 00,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/03 23:04:21 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/03 22:02:56 | 00,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/03 22:02:50 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/03 22:02:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/03 22:02:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/03 22:01:23 | 00,000,144 | ---- | M] () -- C:\WINDOWS\MXDebug2.ini
[2009/08/03 19:42:48 | 63,756,752 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\Artisteer.2.2.0.17981.exe
[2009/08/03 16:01:03 | 00,002,125 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\may_2009.csv
[2009/08/03 11:00:45 | 00,000,824 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Application Data\wklnhst.dat
[2009/08/03 09:41:57 | 39,484,539 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/08/03 09:41:57 | 00,056,222 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/08/02 23:11:08 | 00,483,600 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\iStock_000003245274Illustra.zip
[2009/08/02 16:35:38 | 00,153,641 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\wp-db-backup.zip
[2009/08/02 16:35:10 | 00,185,346 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\members-only.0.6.7.zip
[2009/08/02 16:34:22 | 01,130,718 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\tdo-mini-forms.0.13.4.zip
[2009/08/02 16:33:40 | 00,148,717 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\search-everything.6.2.5.zip
[2009/08/02 16:32:54 | 00,528,116 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\customizable-post-listings.zip
[2009/08/02 16:32:34 | 00,225,388 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\custom-admin-post-listing.zip
[2009/08/02 16:31:29 | 00,104,132 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\WP-CRM.zip
[2009/08/02 15:11:45 | 00,001,372 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\ukbf
[2009/08/02 08:50:39 | 00,000,682 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/01 14:26:15 | 04,387,448 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/31 22:34:02 | 00,618,918 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\My Documents\DC-MM5000.pdf
[2009/07/31 09:31:32 | 00,034,557 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Desktop\Receipt - 991909535961.pdf
[2009/07/30 14:54:48 | 00,119,992 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/07/28 12:57:12 | 00,084,212 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/07/27 11:02:20 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\My Documents\EOI 09 final.doc
[2009/07/22 19:29:51 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
[2009/07/20 16:19:35 | 00,000,891 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Start Menu\Programs\Startup\ProjectWhois.lnk
[2009/07/19 23:48:01 | 00,000,678 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launchy.lnk
[2009/07/19 09:59:56 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/07/18 16:07:30 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/18 03:01:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/17 10:14:19 | 00,512,399 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\My Documents\foi_guide.pdf
[2009/07/16 03:22:54 | 00,462,344 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/16 03:22:54 | 00,395,530 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/16 03:22:54 | 00,059,644 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/15 19:33:45 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/07/15 14:58:11 | 00,000,377 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\My Documents\place of design
[2009/07/14 19:50:19 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/07/14 19:50:19 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/07/14 19:50:19 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/07/14 19:50:19 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/07/14 19:50:19 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/07/14 18:47:53 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/07/14 12:32:01 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
[2009/07/14 01:00:37 | 00,001,024 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\My Documents\.idx
[2009/07/14 01:00:37 | 00,000,016 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\My Documents\.lst
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/13 13:36:12 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/12 17:57:35 | 00,000,180 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\My Documents\WP p
[2009/07/12 17:56:02 | 00,000,180 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\My Documents\WP u
[2009/07/12 17:54:25 | 00,000,180 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\My Documents\wp harden wp_
[2009/07/12 08:39:03 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/07/12 08:38:02 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/07/12 08:38:01 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/07/12 08:37:56 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/07/12 08:37:53 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/07/12 05:06:07 | 00,000,959 | ---- | M] () -- C:\rollback.ini
[2009/07/10 13:06:02 | 00,000,025 | ---- | M] () -- C:\WINDOWS\CDE DX8400DEFGIPS.ini
[2009/07/10 12:50:46 | 00,000,041 | ---- | M] () -- C:\WINDOWS\CDER285DEFGIPS.ini
[2009/07/10 12:32:31 | 00,000,025 | ---- | M] () -- C:\WINDOWS\CDE D78DEFGIPS.ini
[2009/07/10 12:28:33 | 05,881,320 | -H-- | M] () -- C:\Documents and Settings\Huge Dawg\Local Settings\Application Data\IconCache.db
[2009/07/10 12:26:05 | 00,000,947 | ---- | M] () -- C:\Documents and Settings\Huge Dawg\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2009/07/09 23:10:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/07/09 23:06:00 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/07/09 22:35:01 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/07/09 22:32:59 | 00,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2009/07/09 22:32:59 | 00,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2009/07/09 22:29:54 | 00,315,392 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\HideWin.exe
[2009/07/09 22:19:06 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/07/09 22:17:57 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/07/09 22:15:32 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/07/09 22:15:32 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/07/09 22:15:32 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/07/09 22:15:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/07/09 22:15:32 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/07/09 22:15:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/07/09 22:15:28 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/07/09 22:15:28 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/07/09 22:15:18 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/09 22:14:31 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/07/09 22:14:31 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/07/09 22:14:26 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/07/09 22:12:39 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/09 22:12:28 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/07/09 22:12:28 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/07/09 22:10:26 | 00,000,211 | -HS- | M] () -- C:\boot.ini
< End of report >


Extras.txt:

OTL Extras logfile created on: 04/08/2009 07:49:12 - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Documents and Settings\Huge Dawg\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 3.92 Gb Available in Paging File | 97.90% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 57.17 Gb Free Space | 76.71% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 285.70 Gb Free Space | 61.34% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 74.33 Gb Free Space | 24.94% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HUGEDAWG
Current User Name: Huge Dawg
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: On
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\opera.exe (Opera Software)
.txt [@ = txtfile] -- C:\Program Files\JGsoft\EditPadPro6\EditPadPro.exe File not found

[HKEY_USERS\S-1-5-21-606747145-261903793-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"MULTIPL.EXE" = MULTIPL.EXE:LocalSubNet:Enabled:Multiplicity
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Computer, Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B602410-D983-4947-98FE-EE749073D15E}" = GamingHarbor Toolbar
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D78F2A2-C893-4ABD-B5FE-AD7011837755}" = EPSON Easy Photo Print
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4FFB0B3B-BF82-4248-A275-630AC5F7EFC5}" = Adobe Photoshop Lightroom 2.4
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}" = StuffIt Deluxe
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}" = Camera RAW Plug-In for EPSON Creativity Suite
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A900E37C-AAE3-44FB-8EE7-7E61F7087CE7}" = SnagIt 8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFBC5EBA-85ED-4A94-9BA4-F14B104B5BB9}" = The Big Box of Art 350,000
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F724042F-367A-3B58-9BE3-8EF7A6F058D6}" = Google Gears
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}" = EPSON Print CD
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator CS2" = Adobe Illustrator CS2
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Agnitum Spam Terrier_is1" = Agnitum Spam Terrier
"AmicEmailBackup_is1" = Amic Email Backup v2.0
"Artisteer 2" = Artisteer 2
"AVG8Uninstall" = AVG Free 8.5
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide" = EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
"EPSON Stylus Photo R285_290 User’s Guide" = EPSON Stylus Photo R285_290 Manual
"ESC79_D78 User's Guide" = ESC79_D78 User's Guide
"FileZilla Client" = FileZilla Client 3.2.6.1
"Folder Marker_is1" = Folder Marker Pro v 3.0
"GamingHarbor Toolbar" = GamingHarbor Toolbar
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IconLover" = IconLover
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InfoTag Magic 1.0" = InfoTag Magic 1.0
"InfraRecorder" = InfraRecorder
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{7E6F59BA-4D1C-4246-B048-AF0DCA54A117}" = StuffIt Deluxe
"InstallShield_{AFBC5EBA-85ED-4A94-9BA4-F14B104B5BB9}" = The Big Box of Art 350,000
"Launchy_21344213_is1" = Launchy 2.1.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marxio Timer_is1" = Marxio Timer 1.9.0
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1)
"Multiplicity" = Multiplicity
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Picasa 3" = Picasa 3
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.3
"ProjectWhois" = ProjectWhois
"QuicktimeAlt_is1" = QuickTime Alternative 2.5.1
"RealAlt_is1" = Real Alternative 1.7.5
"Revo Uninstaller" = Revo Uninstaller 1.71
"Spam Bully for Outlook" = Spam Bully for Outlook
"Task Coach_is1" = Task Coach 0.73.2
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/07/2009 18:40:34 | Computer Name = HUGEDAWG | Source = Application Hang | ID = 1002
Description = Hanging application Dreamweaver.exe, version 9.0.0.3481, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2009 08:01:39 | Computer Name = HUGEDAWG | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2009 08:02:43 | Computer Name = HUGEDAWG | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2009 08:02:47 | Computer Name = HUGEDAWG | Source = Application Hang | ID = 1001
Description = Fault bucket 951035340.

Error - 28/07/2009 08:03:17 | Computer Name = HUGEDAWG | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2009 08:04:04 | Computer Name = HUGEDAWG | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2009 08:06:06 | Computer Name = HUGEDAWG | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2009 08:08:17 | Computer Name = HUGEDAWG | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2009 10:13:44 | Computer Name = HUGEDAWG | Source = Application Hang | ID = 1002
Description = Hanging application gimp-2.6.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 28/07/2009 10:13:48 | Computer Name = HUGEDAWG | Source = Application Hang | ID = 1001
Description = Fault bucket 951035340.

[ OSession Events ]
Error - 19/07/2009 14:02:17 | Computer Name = HUGEDAWG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 17286
seconds with 360 seconds of active time. This session ended with a crash.

Error - 19/07/2009 14:02:24 | Computer Name = HUGEDAWG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 15/07/2009 10:53:52 | Computer Name = HUGEDAWG | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 15/07/2009 22:19:02 | Computer Name = HUGEDAWG | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 16/07/2009 14:20:51 | Computer Name = HUGEDAWG | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 16/07/2009 14:32:02 | Computer Name = HUGEDAWG | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 18/07/2009 03:44:42 | Computer Name = HUGEDAWG | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 18/07/2009 13:03:56 | Computer Name = HUGEDAWG | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 22/07/2009 05:56:12 | Computer Name = HUGEDAWG | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.3 for the Network Card with network
address 001D92FCE89D has been denied by the DHCP server 192.168.0.1 (The DHCP Server
sent a DHCPNACK message).

Error - 25/07/2009 10:48:13 | Computer Name = HUGEDAWG | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2

Error - 01/08/2009 09:29:00 | Computer Name = HUGEDAWG | Source = Service Control Manager | ID = 7000
Description = The SASDIFSV service failed to start due to the following error: %%183

Error - 02/08/2009 10:14:42 | Computer Name = HUGEDAWG | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >


Thanks again.

#10 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:59 AM

Posted 04 August 2009 - 05:39 PM

Hi,

The only suspicious looking entry I see is this Adobe entry, Are you using a legal copy of this program?

O4 - HKLM\..\Run: [igfxtray.exe] C:\Program Files\Adobe\Adobe Photoshop CS4\Patch.exe

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Then

Please click this link-->Jotti
When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Program Files\Adobe\Adobe Photoshop CS4\Patch.exe

Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

unite.jpg


#11 Fatmatt

Fatmatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 04 August 2009 - 05:50 PM

Hi

[ArcaVir]
2009-05-30 Found nothing
[G DATA]
No result available
[A-Squared]
2009-05-31 Gen.Trojan!IK
[Ikarus]
2009-05-31 Gen.Trojan
[Avast! antivirus]
2009-05-30 Found nothing
[Kaspersky Anti-Virus]
2009-05-31 Found nothing
[Grisoft AVG Anti-Virus]
2009-05-31 Found nothing
[ESET NOD32]
2009-05-30 Found nothing
[Avira AntiVir]
2009-05-30 Found nothing
[Norman Virus Control]
2009-05-29 Found nothing
[Softwin BitDefender]
2009-05-31 Gen:Trojan.Heur.VB.2014EBDBDB
[Panda Antivirus]
2009-05-29 Found nothing
[ClamAV]
2009-05-30 Found nothing
[Quick Heal]
2009-05-29 Found nothing
[CPsecure]
2009-05-31 Found nothing
[Sophos]
2009-05-31 Found nothing
[Dr.Web]
2009-05-31 Found nothing
[VirusBlokAda VBA32]
2009-05-30 Found nothing
[Frisk F-Prot Antivirus]
2009-05-30 Found nothing
[VirusBuster]
2009-05-30 Found nothing
[F-Secure Anti-Virus]
2009-05-31 Found nothing

3/20!

#12 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:59 AM

Posted 04 August 2009 - 05:51 PM

So is that a no you don't have a legal copy?

unite.jpg


#13 Fatmatt

Fatmatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 04 August 2009 - 05:54 PM

No I don't have a legal copy

#14 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:09:59 AM

Posted 04 August 2009 - 06:01 PM

Well that is your problem then, uninstall it.

IMPORTANT NOTE: Your scan log results indicate you are using keygens/crack tools.

The practice of using cracking tools, keygens, warez or any pirated software is not only considered illegal activity but it is a serious security risk.

...warez/piracy sites ranked the highest in downloading spyware...just opening the web page usually sets off an exploit, never mind actually downloading anything. And by the time the malware is finished downloading, often the machine is trashed and rendered useless.

University of Washington spyware study

...One of the most aggressive and intrusive of all bad websites on the Internet are serial, warez, software cracking type sites...they sneak malware onto your system...Where do trojan viruses originate? One of the biggest malware distributors on the Internet are serial/warez/code cracking sites.

Bad Web Sites: Malware

When you use these kind of programs, be forewarned that some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, those sites are infested with a smörgåsbord of malware and an increasing source of system infection. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

unite.jpg


#15 Fatmatt

Fatmatt
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:59 AM

Posted 04 August 2009 - 06:06 PM

OK. Suitably chastened I shall do a proper cleanout. I hope I didn't waste too much of your time. Thanks again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users