Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected Please help.


  • This topic is locked This topic is locked
2 replies to this topic

#1 Zik

Zik

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 28 August 2009 - 06:58 PM

Hello.

Today i came across a Virus, now i have dealt with my fair share before but nothing like this.

All Scanners i have installed are disabled and the .exe is made no one can access.

Here is the list of programs i have tried:

1. Malwarebytes' Anti-Malware

2. Spybot - Search & Destroy

3. SUPERAntiSpyware

4. Ad-AwareAE

5. activescan 2

6. ESET NOD32 Antivirus

7. Hijack - tried over 16 different times.

8. OTL

Once they are started they are shut down and disabled

Really sorry for not having logs but unable to get one seeing i cant access the programs and yes i am in safe-mode.

Edited by Zik, 28 August 2009 - 07:57 PM.


BC AdBot (Login to Remove)

 


#2 Zik

Zik
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 28 August 2009 - 07:58 PM

Was able to get a quick scan with OTL but trying full can got it disabled in 4sec.




OTL logfile created on: 8/28/2009 5:40:59 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Zik\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 74.83% Memory free
3.73 Gb Paging File | 3.45 Gb Available in Paging File | 92.52% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 34.52 Gb Free Space | 46.32% Space Free | Partition Type: NTFS
Drive D: | 74.53 Gb Total Space | 15.60 Gb Free Space | 20.93% Space Free | Partition Type: NTFS
Drive E: | 683.38 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RE
Current User Name: Zik
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/14 16:30:00 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/30 15:56:38 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/14 23:21:44 | 01,245,184 | ---- | M] (Don HO don.h@free.fr) -- C:\Program Files\Notepad++\notepad++.exe
PRC - [2003/08/29 19:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2009/08/28 17:40:49 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Zik\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/14 16:30:00 | 00,003,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\regedt32.exe -- (.EsetTrialReset [Auto | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/04/28 09:00:06 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2009/04/27 21:20:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2006/02/28 12:42:38 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/08/03 22:11:26 | 00,099,704 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater [Auto | Stopped])
SRV - [2009/02/06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009/02/06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Stopped])
SRV - [2009/08/27 04:26:49 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 16:30:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/08/26 11:53:04 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - File not found -- -- (Lavasoft Ad-Aware Service [Auto | Stopped])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Stopped])
SRV - [2006/10/19 07:35:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaultc.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 82 78 54 A8 70 26 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord\firefox\ext [2009/08/26 01:31:03 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/08/26 11:53:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/27 03:06:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/27 04:40:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/27 04:44:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009/08/26 02:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zik\Application Data\mozilla\Extensions
[2009/08/26 02:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zik\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/26 02:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zik\Application Data\mozilla\Firefox\Profiles\u93qynbk.default\extensions
[2009/08/28 14:42:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/26 02:06:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/26 11:53:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/07/30 15:56:53 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/07/30 15:56:54 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/26 11:53:05 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/07/30 15:56:55 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 22:52:33 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2007/02/20 16:04:02 | 02,463,976 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009/07/30 11:54:20 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/07/30 11:54:20 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/07/30 11:54:20 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/07/30 11:54:20 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/07/30 11:54:20 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/07/30 11:54:20 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/07/30 11:54:20 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] D:\8-04-2009\UPLOAD\Winamp\winampa.exe ()
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy1\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)
O4 - Startup: C:\Documents and Settings\Zik\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy1\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1251312343015 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.69.150 68.87.85.102
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/27 09:16:22 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/04/14 16:30:00 | 00,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6d605277-9283-11de-a0ac-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6d605277-9283-11de-a0ac-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6d605277-9283-11de-a0ac-806d6172696f}\Shell\AutoRun\command - "" = E:\Autoplay.exe -- File not found
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autoplay.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/08/28 17:37:44 | 00,514,048 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\OTL.exe
[2009/08/28 17:27:40 | 00,000,670 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\SpywareGuard LiveUpdate.lnk
[2009/08/28 17:27:40 | 00,000,650 | ---- | C] () -- C:\Documents and Settings\Zik\Start Menu\Programs\Startup\SpywareGuard.lnk
[2009/08/28 17:27:40 | 00,000,638 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\SpywareGuard.lnk
[2009/08/28 17:27:40 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2009/08/28 17:25:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/28 17:25:34 | 00,000,690 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\SpywareBlaster.lnk
[2009/08/28 17:25:33 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/08/28 17:13:41 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/08/28 17:13:19 | 00,396,288 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\HijackThis.exe
[2009/08/28 16:50:03 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\HijackThis.lnk
[2009/08/28 16:50:03 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/28 16:28:32 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy1
[2009/08/28 16:23:20 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\pfdnnt.act
[2009/08/28 15:57:21 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2009/08/28 15:57:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/28 15:57:06 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2009/08/28 15:52:44 | 00,000,940 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\Spybot - Search & Destroy.lnk
[2009/08/28 15:52:40 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/08/28 15:52:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/08/28 15:48:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/28 15:48:07 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/28 15:48:06 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/28 15:48:06 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/28 15:43:18 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/08/28 14:43:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/08/28 14:43:22 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/08/28 14:43:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\SUPERAntiSpyware.com
[2009/08/28 14:36:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/08/28 14:30:08 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\drivers\disdn\disdn
[2009/08/28 01:17:07 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
[2009/08/28 01:10:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/08/28 00:06:16 | 00,000,236 | -H-- | C] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/28 00:06:13 | 00,000,270 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/28 00:06:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Local Settings\Application Data\ESET
[2009/08/28 00:05:13 | 00,000,000 | ---D | C] -- C:\Program Files\Subliminal Flash
[2009/08/27 23:00:39 | 00,575,462 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\math.jpg
[2009/08/27 09:40:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\Ventrilo
[2009/08/27 09:34:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/08/27 09:34:03 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/08/27 09:34:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2009/08/27 09:34:03 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009/08/27 09:33:40 | 00,022,438 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009/08/27 09:33:33 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/08/27 09:33:17 | 00,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/08/27 09:27:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2009/08/27 09:26:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/08/27 09:24:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\Identities
[2009/08/27 09:24:41 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Zik\My Documents\My Pictures
[2009/08/27 09:24:41 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Zik\My Documents\My Music
[2009/08/27 09:24:41 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/08/27 09:24:38 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Zik\Local Settings\Application Data\Microsoft
[2009/08/27 09:24:38 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Zik\Application Data\Microsoft
[2009/08/27 09:23:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/08/27 09:23:54 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 09:23:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/08/27 09:23:26 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/08/27 09:21:51 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/08/27 09:21:39 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/08/27 09:21:21 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/08/27 09:21:21 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/08/27 09:21:21 | 00,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/08/27 09:21:18 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/08/27 09:21:17 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/08/27 09:21:16 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/08/27 09:21:04 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/08/27 09:21:03 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/08/27 09:20:58 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/08/27 09:20:58 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/08/27 09:20:56 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/08/27 09:20:43 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/08/27 09:20:37 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/08/27 09:20:34 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/08/27 09:20:26 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/08/27 09:20:23 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/08/27 09:20:23 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/08/27 09:20:23 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/08/27 09:20:23 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/08/27 09:20:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/08/27 09:20:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/08/27 09:20:23 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/08/27 09:20:22 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/08/27 09:20:22 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/08/27 09:20:22 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/08/27 09:20:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/08/27 09:20:21 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/08/27 09:20:21 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/08/27 09:20:21 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/08/27 09:20:21 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/08/27 09:20:21 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/08/27 09:20:20 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/08/27 09:20:20 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/08/27 09:20:20 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/08/27 09:20:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/08/27 09:20:19 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/08/27 09:20:19 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/08/27 09:20:19 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/08/27 09:20:19 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/08/27 09:20:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/08/27 09:20:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/08/27 09:20:19 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/08/27 09:20:18 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/08/27 09:20:18 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/08/27 09:19:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/08/27 09:19:58 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/08/27 09:19:58 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/08/27 09:18:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/08/27 09:18:04 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/08/27 09:18:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/08/27 09:16:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/08/27 09:16:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/08/27 09:16:22 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/27 09:16:22 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/08/27 09:16:22 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/08/27 09:16:22 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/08/27 09:16:22 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/08/27 09:16:16 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/27 09:16:16 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/27 09:16:14 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/27 09:15:23 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/08/27 09:15:23 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/08/27 09:15:16 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/08/27 09:15:04 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/08/27 09:14:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/08/27 09:14:47 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/08/27 09:14:47 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/08/27 09:14:41 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/08/27 09:14:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/08/27 09:14:37 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/08/27 09:14:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/08/27 09:14:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/08/27 09:14:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/08/27 09:14:23 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/08/27 09:14:05 | 00,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2009/08/27 09:14:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/08/27 09:13:59 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/08/27 09:13:55 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/08/27 09:13:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/08/27 09:13:47 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/08/27 09:13:47 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/08/27 09:13:24 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/27 09:13:16 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/08/27 09:13:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/08/27 09:13:05 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/08/27 09:12:58 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/08/27 09:12:52 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/08/27 09:12:51 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/08/27 09:12:47 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/08/27 09:12:35 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/08/27 09:12:35 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/08/27 09:12:35 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/08/27 09:12:35 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/08/27 09:12:35 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/08/27 09:12:35 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/08/27 09:12:35 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/08/27 09:12:35 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/08/27 09:12:34 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/08/27 09:12:34 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/08/27 09:12:34 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/08/27 09:12:34 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/08/27 09:12:34 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/08/27 09:12:34 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/08/27 09:12:34 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/08/27 09:12:34 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/08/27 09:12:34 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/08/27 09:12:33 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/08/27 09:12:33 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/08/27 09:12:32 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/08/27 09:12:32 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/08/27 09:12:31 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/08/27 09:12:26 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/08/27 09:12:11 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2009/08/27 09:12:11 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/08/27 09:12:10 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/08/27 09:12:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/08/27 09:12:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/08/27 09:11:49 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/08/27 05:09:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/27 05:07:24 | 00,107,864 | ---- | C] (TechSmith Corporation) -- C:\WINDOWS\System32\tsccvid.dll
[2009/08/27 05:07:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2009/08/27 05:07:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/08/27 05:07:16 | 00,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 5.lnk
[2009/08/27 05:07:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2009/08/27 05:07:05 | 00,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2009/08/27 05:02:12 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Control Panels
[2009/08/27 05:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/08/27 04:45:47 | 00,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2009/08/27 04:40:08 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/08/27 04:32:26 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/08/27 04:26:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2009/08/27 04:22:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Local Settings\Application Data\Adobe
[2009/08/27 04:22:21 | 00,001,746 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/08/27 04:22:21 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/08/27 04:22:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/08/27 04:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/08/27 04:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/08/27 04:13:47 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/08/27 04:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/08/27 04:13:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/08/27 04:12:38 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/08/27 04:11:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/08/27 04:10:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/08/27 04:10:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Local Settings\Application Data\Microsoft Help
[2009/08/27 04:10:10 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/08/27 04:10:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/08/27 04:09:49 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/08/27 03:36:18 | 00,001,519 | ---- | C] () -- C:\Documents and Settings\Zik\My Documents\mmosite.com
[2009/08/27 03:04:23 | 00,000,000 | ---D | C] -- C:\7679acec2c68654cac6d8430cdb3ee
[2009/08/27 03:04:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/08/27 02:09:42 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2009/08/27 02:05:58 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/08/27 02:05:44 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/08/27 02:05:42 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/08/27 02:05:41 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/08/27 02:05:39 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/08/27 02:05:39 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/08/27 02:05:38 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/08/27 02:05:38 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/08/27 02:05:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/08/27 02:05:37 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/08/27 02:05:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/08/27 02:05:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/08/27 02:05:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/08/27 02:05:33 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/08/27 02:05:31 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009/08/27 02:05:31 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/08/27 02:05:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/08/27 02:05:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009/08/27 02:05:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/08/27 02:05:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/08/27 02:05:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/08/27 02:05:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009/08/27 02:05:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009/08/27 02:05:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/08/27 02:05:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/08/27 02:05:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/08/27 02:05:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009/08/27 02:05:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009/08/27 02:05:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/08/27 02:05:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/08/27 02:05:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009/08/27 02:05:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/08/27 02:05:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009/08/27 02:05:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/08/27 02:05:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/08/27 02:05:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/08/27 02:05:26 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009/08/27 02:05:26 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009/08/27 02:05:26 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/08/27 02:05:26 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/08/27 02:05:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/08/27 02:05:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/08/27 02:05:25 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009/08/27 02:05:25 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/08/27 02:05:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009/08/27 02:05:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009/08/27 02:05:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009/08/27 02:05:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/08/27 02:05:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/08/27 02:05:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/08/27 02:05:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/08/27 02:05:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/08/27 02:05:18 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/08/27 02:05:08 | 00,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/08/27 02:05:07 | 02,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/08/27 02:05:07 | 01,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2009/08/27 02:05:07 | 01,088,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/08/27 02:05:07 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/08/27 02:05:07 | 00,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/08/27 02:05:07 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/08/27 02:05:07 | 00,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/08/27 02:05:07 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/08/27 02:05:07 | 00,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/08/27 02:05:07 | 00,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/08/27 02:05:07 | 00,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/08/27 02:05:07 | 00,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/08/27 02:05:07 | 00,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/08/27 02:05:07 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/08/27 02:05:07 | 00,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/08/27 02:05:07 | 00,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/08/27 02:05:07 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/08/27 02:05:07 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/08/27 02:05:07 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/08/27 02:04:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/08/27 02:04:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/08/27 02:04:51 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/08/27 02:04:30 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/08/27 02:04:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/08/27 02:04:29 | 01,555,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/27 02:03:16 | 00,000,211 | -H-- | C] () -- C:\boot.ini
[2009/08/27 02:03:12 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/27 01:58:30 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/08/27 01:58:30 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/08/27 01:58:30 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/08/27 01:58:30 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/08/27 01:58:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/08/27 01:58:30 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/08/27 00:12:02 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/08/27 00:11:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/08/27 00:11:19 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/08/27 00:09:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\WinRAR
[2009/08/27 00:08:37 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/08/26 23:48:34 | 01,048,576 | ---- | C] () -- C:\BIO
[2009/08/26 23:47:45 | 00,000,000 | ---D | C] -- C:\Program Files\ASUS
[2009/08/26 23:46:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\V7.14.01
[2009/08/26 23:38:16 | 00,022,129 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/26 23:23:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/08/26 23:14:33 | 00,069,312 | ---- | C] () -- C:\Documents and Settings\Zik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/26 22:05:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/08/26 22:02:49 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009/08/26 22:02:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/08/26 22:02:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/08/26 22:00:19 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/26 22:00:10 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/26 22:00:09 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/08/26 21:55:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/08/26 21:54:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\Macromedia
[2009/08/26 21:54:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\Adobe
[2009/08/26 21:44:00 | 00,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2009/08/26 21:42:01 | 00,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/26 21:36:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\ASUSInstAll
[2009/08/26 12:05:37 | 00,000,729 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
[2009/08/26 12:05:35 | 00,000,000 | ---D | C] -- C:\Program Files\DynDNS Updater
[2009/08/26 12:05:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DynDNS
[2009/08/26 11:53:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/08/26 11:53:01 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/26 11:52:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\Sun
[2009/08/26 08:07:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\My Documents\Runes of Magic
[2009/08/26 07:54:25 | 00,000,000 | ---D | C] -- C:\CrashReport
[2009/08/26 07:51:55 | 00,000,000 | ---D | C] -- C:\Program Files\Runes of Magic
[2009/08/26 07:11:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\My Documents\GSC
[2009/08/26 07:10:45 | 00,000,000 | ---D | C] -- C:\Program Files\GSC 2.00
[2009/08/26 07:09:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\GSC 2.00
[2009/08/26 04:21:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\My Documents\Downloads
[2009/08/26 03:50:19 | 00,000,200 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\1GB Nvidia Geforce 9400GT 9400 GT 1GB PCI-E Video Card - eBay (item 230328400171 end time Aug-27-09 130036 PDT).URL
[2009/08/26 02:46:06 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\winamp.lnk
[2009/08/26 02:45:50 | 00,000,000 | ---D | C] -- C:\Program Files\Winamp
[2009/08/26 02:42:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\Winamp
[2009/08/26 02:35:11 | 00,042,752 | ---- | C] (Eugene V. Muzychenko) -- C:\WINDOWS\System32\drivers\vrtaucbl.sys
[2009/08/26 02:35:10 | 00,000,000 | ---D | C] -- C:\Program Files\Virtual Audio Cable
[2009/08/26 02:22:23 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/08/26 02:22:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/08/26 02:20:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/26 02:19:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Local Settings\Application Data\Mozilla
[2009/08/26 02:19:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\Mozilla
[2009/08/26 02:19:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/26 02:19:39 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2009/08/26 02:19:34 | 00,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2009/08/26 02:19:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/08/26 02:17:41 | 04,240,656 | -H-- | C] () -- C:\Documents and Settings\Zik\Local Settings\Application Data\IconCache.db
[2009/08/26 02:15:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Local Settings\Application Data\DNA
[2009/08/26 02:15:55 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/08/26 02:15:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\DNA
[2009/08/26 02:06:41 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/26 02:06:39 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/08/26 02:00:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\My Documents\My Received Files
[2009/08/26 01:57:48 | 00,000,000 | ---D | C] -- C:\Program Files\World of Warcraft
[2009/08/26 01:57:19 | 00,001,166 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\PWI.lnk
[2009/08/26 01:53:48 | 00,000,000 | ---D | C] -- C:\Program Files\Perfect World Entertainment
[2009/08/26 01:42:19 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/08/26 01:42:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/08/26 01:41:51 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/26 01:41:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\DAEMON Tools Lite
[2009/08/26 01:41:36 | 00,001,580 | ---- | C] () -- C:\Documents and Settings\Zik\Desktop\Defraggler.lnk
[2009/08/26 01:41:36 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/08/26 01:40:58 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/08/26 01:40:56 | 00,000,000 | ---D | C] -- C:\Program Files\Codec Pack - All In 1
[2009/08/26 01:39:19 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/08/26 01:39:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/08/26 01:39:13 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/08/26 01:32:23 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2009/08/26 01:32:23 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2009/08/26 01:32:20 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/26 01:32:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/08/26 01:32:05 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2009/08/26 01:32:04 | 00,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2009/08/26 01:32:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\Notepad++
[2009/08/26 01:31:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\Malwarebytes
[2009/08/26 01:31:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/08/26 01:31:14 | 00,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/08/26 01:31:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Zik\My Documents\My Videos
[2009/08/26 01:30:58 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/08/26 01:30:51 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/08/26 01:30:51 | 00,000,000 | ---D | C] -- C:\Program Files\Real
[2009/08/26 01:30:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2009/08/26 01:30:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2009/08/26 01:30:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\Real
[2009/08/26 01:29:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\My Documents\My Chat Logs
[2009/08/26 01:29:51 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/08/26 01:29:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/08/26 01:29:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Local Settings\Application Data\Apple
[2009/08/26 01:29:42 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/08/26 01:29:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/08/26 01:29:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Local Settings\Application Data\Apple Computer
[2009/08/26 01:29:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/08/26 01:27:57 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger Plus! Live
[2009/08/26 01:25:55 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/08/26 01:25:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/08/26 01:25:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/08/26 01:25:20 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/08/26 01:23:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/08/26 01:22:16 | 00,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2009/08/26 01:22:16 | 00,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2009/08/26 01:22:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2009/08/26 01:22:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Local Settings\Application Data\ATI
[2009/08/26 01:22:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Zik\Application Data\ATI
[2009/08/26 01:22:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/08/26 01:21:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/08/26 01:19:38 | 00,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/08/26 01:18:49 | 00,000,000 | ---D | C] -- C:\ATI
[2009/08/26 01:15:04 | 02,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2009/08/26 01:15:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2009/08/26 01:13:28 | 00,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2009/08/26 01:13:26 | 03,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/08/26 01:13:26 | 00,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/08/26 01:13:25 | 00,655,842 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2009/08/26 01:13:25 | 00,040,512 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2009/08/26 01:13:25 | 00,002,096 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativdkxx.vp
[2009/08/26 01:13:25 | 00,002,096 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2009/08/26 01:13:25 | 00,000,929 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/08/28 17:37:44 | 00,514,048 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\OTL.exe
[2009/08/28 17:27:40 | 00,000,670 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\SpywareGuard LiveUpdate.lnk
[2009/08/28 17:27:40 | 00,000,650 | ---- | M] () -- C:\Documents and Settings\Zik\Start Menu\Programs\Startup\SpywareGuard.lnk
[2009/08/28 17:27:40 | 00,000,638 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\SpywareGuard.lnk
[2009/08/28 17:25:34 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\SpywareBlaster.lnk
[2009/08/28 17:13:56 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/28 17:13:19 | 00,396,288 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\HijackThis.exe
[2009/08/28 16:50:03 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\HijackThis.lnk
[2009/08/28 16:28:36 | 00,000,940 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\Spybot - Search & Destroy.lnk
[2009/08/28 16:24:12 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/28 16:23:20 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\pfdnnt.act
[2009/08/28 15:47:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/28 15:47:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/28 15:45:01 | 04,240,656 | -H-- | M] () -- C:\Documents and Settings\Zik\Local Settings\Application Data\IconCache.db
[2009/08/28 15:39:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/28 15:14:04 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/08/28 15:14:04 | 00,000,236 | -H-- | M] () -- C:\WINDOWS\tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/28 14:43:31 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/28 14:43:31 | 00,000,211 | -H-- | M] () -- C:\boot.ini
[2009/08/28 01:17:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
[2009/08/28 00:43:51 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/27 23:00:42 | 00,575,462 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\math.jpg
[2009/08/27 09:23:26 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/08/27 09:21:51 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/08/27 09:16:22 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/27 09:16:22 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/08/27 09:16:22 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/27 09:16:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/08/27 09:16:22 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/08/27 09:16:22 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/08/27 09:16:16 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/08/27 09:16:16 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/08/27 09:16:14 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/08/27 09:16:07 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/08/27 09:15:23 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/08/27 09:15:23 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/08/27 09:15:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/08/27 09:13:24 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/08/27 09:13:14 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/08/27 09:13:14 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/08/27 05:09:11 | 00,069,312 | ---- | M] () -- C:\Documents and Settings\Zik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/08/27 05:09:04 | 01,555,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/27 05:07:16 | 00,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Camtasia Studio 5.lnk
[2009/08/27 04:45:47 | 00,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 8 Professional.lnk
[2009/08/27 04:22:21 | 00,001,746 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/08/27 04:22:21 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2009/08/27 03:36:18 | 00,001,519 | ---- | M] () -- C:\Documents and Settings\Zik\My Documents\mmosite.com
[2009/08/27 03:08:30 | 00,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/08/27 03:08:30 | 00,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/08/27 03:08:30 | 00,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/08/27 02:09:42 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009/08/26 23:48:37 | 01,048,576 | ---- | M] () -- C:\BIO
[2009/08/26 23:38:16 | 00,022,129 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/08/26 23:24:59 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/26 22:00:10 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/08/26 21:36:48 | 00,022,438 | ---- | M] () -- C:\WINDOWS\Ascd_log.ini
[2009/08/26 12:05:37 | 00,000,729 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk
[2009/08/26 03:50:19 | 00,000,200 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\1GB Nvidia Geforce 9400GT 9400 GT 1GB PCI-E Video Card - eBay (item 230328400171 end time Aug-27-09 130036 PDT).URL
[2009/08/26 02:46:06 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\winamp.lnk
[2009/08/26 02:20:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/08/26 02:06:41 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/08/26 01:57:19 | 00,001,166 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\PWI.lnk
[2009/08/26 01:41:51 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009/08/26 01:41:36 | 00,001,580 | ---- | M] () -- C:\Documents and Settings\Zik\Desktop\Defraggler.lnk
[2009/08/26 01:40:24 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2009/08/26 01:32:23 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ventrilo.lnk
[2009/08/26 01:32:23 | 00,000,262 | ---- | M] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/08/26 01:32:05 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Notepad++.lnk
[2009/08/26 01:31:14 | 00,000,025 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/08/26 01:30:51 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/08/26 01:22:16 | 00,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2009/08/26 01:22:16 | 00,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2009/08/26 01:21:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin

========== LOP Check ==========

[2009/08/28 17:25:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/08/27 05:00:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ALM
[2009/08/26 01:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/08/26 02:19:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/08/26 12:05:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DynDNS
[2009/08/26 02:22:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009/08/27 05:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2009/08/26 02:19:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2009/08/27 05:07:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith
[2009/08/28 17:29:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/28 14:43:22 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Zik\Application Data
[2009/08/26 01:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zik\Application Data\ATI
[2009/08/26 02:40:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zik\Application Data\DAEMON Tools Lite
[2009/08/28 02:19:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zik\Application Data\DNA
[2009/08/26 07:13:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zik\Application Data\GSC 2.00
[2009/08/28 01:19:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zik\Application Data\Notepad++
[2009/08/27 09:41:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Zik\Application Data\Ventrilo
[2009/08/28 01:17:07 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily).job
[2008/04/14 16:30:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/28 15:39:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/08/28 15:14:04 | 00,000,236 | -H-- | M] () -- C:\WINDOWS\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job
[2009/08/28 15:14:04 | 00,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >






DUE to work related don't worry about finding it out thanks anyways i will be backing up what i need and wipeing out the drive and reinstalling.

Thanks again.

Edited by Zik, 28 August 2009 - 09:01 PM.
Mod Edit ~topic moved to HJT from AII - rigel


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,993 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:08 AM

Posted 30 August 2009 - 12:02 AM

DUE to work related don't worry about finding it out thanks anyways i will be backing up what i need and wipeing out the drive and reinstalling.


Thank you for letting us know. Good luck with that. In case you experience any problems with the computer, please start a new topic.

Happy computing,

Orange Blossom :(
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users