Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirect, disabled security center


  • This topic is locked This topic is locked
14 replies to this topic

#1 outpost_token

outpost_token

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 08 April 2010 - 10:56 PM

Hello,

I am try to help my dad fix his computer. OS is Windows Vista Home Basic Service Pack 1. The problems are as followed.

1. After logging in in normal mode i get an error msg and will not let me in.
error msg:
Windows Activation

An unauthorized change was made to Windows.

Windows has discovered a change that will result in
limited Windows functionality. Use the link below to
find out how to fix Windows.

2. These 2 kind of go together: when i use google, i get correct searches but when i click on them i get redirected. Also, i can't go to any microsoft sites.
3. i can not turn on system restore or security center. when i go to start>properties> system protection the only tabs available are computer name, hardware, advanced and remote. when i try to turn on security center i get the following msg

Check your computer security

The Security Center service is not running
Click this notification to fix the problem.

Security Center ---- Off
The Security Center service is turned off.
Turn on now.

The Security service can't be started.

i think those are the major issues. i also can not get dds.scr to work properly. when i double-click it, the black screen appears then quickly closes. after 10 min i try again. same thing happens. i have tried changing the *.scr to .com and exe but same happens.
i am including the GMER and hijackthis logs

GMER Log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-07 23:59:14
Windows 6.0.6001 Service Pack 1
Running: gmer.exe; Driver: C:\Users\robmen\AppData\Local\Temp\uxryqpoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37624c68
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37624c68 (not active ControlSet)

---- EOF - GMER 1.0.15 ----


Hijcack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41:55 AM, on 4/8/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\mobsync.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com/browsers/redirect/?b=RRH...RR&d=homerr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com/browsers/redirect/?b=RRH...RR&d=homerr
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/browsers/redirect/?b=RRH...RR&d=homerr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Road Runner High Speed Online
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\Windows\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LXCECATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCEtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcemon.exe] "C:\Program Files\Lexmark 4300 Series\lxcemon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 4300 Series\ezprint.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Users\Public\Downloads\Desktop\Malwarebytes_Portable_1.44_Multilingual\MalwarebytesPortable\App\Malwarebytes\mbam .exe" /runcleanupscript
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware (registration)] regsvr32.exe /s "C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll"
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-ALR5A.exe" /REG
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000002] "C:\Windows\is-AOM6P.exe" /REG
O4 - HKLM\..\RunOnce: [InnoSetupRegFile.0000000003] "C:\Windows\is-GQ4SJ.exe" /REG
O4 - HKLM\..\RunOnce: [Trojan Remover] "C:\Program Files\Trojan Remover\RMVTRJAN.EXE" /restart
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA6145] command.com /c del "C:\Windows\System32\w.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9073] cmd.exe /c del "C:\Windows\System32\w.exe_old"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618; eMusic DLM/4; Zune 4.0)" -"http://www.forgefx.com/casestudies/prenticehall/ph/solar_system/solarsystem.htm"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8212] command.com /c del "C:\Windows\System32\w.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7298] cmd.exe /c del "C:\Windows\System32\w.exe_old"
O4 - HKUS\S-1-5-18\..\Run: [syncman] c:\windows\system32\config\systemprofile\wuaucldt.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fzwkht] RUNDLL32.EXE C:\Windows\TEMP\msuqddft.dll,w (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [syncman] c:\windows\system32\config\systemprofile\wuaucldt.exe (User 'Default user')
O4 - Startup: GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe
O4 - Startup: RoadRunner Setup Wizard.lnk = C:\Program Files\Internet\SetupWd.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll
O20 - Winlogon Notify: DeviceNP - C:\Windows\SYSTEM32\DeviceNP.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\Windows\system32\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: lxce_device - - C:\Windows\system32\lxcecoms.exe
O23 - Service: peresvc Service (peresvc) - Neto systems - C:\Windows\system32\PereSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: WD SmartWare Drive Manager (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

--
End of file - 12288 bytes

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 12 April 2010 - 09:58 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 outpost_token

outpost_token
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 15 April 2010 - 08:15 AM

I am only able to get into safemode so i ran OTL there. Here are the two reports that you asked for. sorry for the delay.

OTL.txt

OTL logfile created on: 4/14/2010 11:43:32 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Public\Downloads\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.40 Gb Total Space | 97.82 Gb Free Space | 69.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.84% Space Free | Partition Type: NTFS
Drive F: | 7.09 Gb Total Space | 0.76 Gb Free Space | 10.78% Space Free | Partition Type: NTFS
Drive G: | 1.89 Gb Total Space | 1.66 Gb Free Space | 87.58% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBMEN-PC
Current User Name: robmen
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/14 22:36:34 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Downloads\Desktop\OTL.exe
PRC - [2008/10/29 01:29:41 | 002,948,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2010/04/14 22:36:34 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Downloads\Desktop\OTL.exe
MOD - [2008/01/19 02:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/02 08:39:27 | 000,066,048 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2010/01/07 15:38:18 | 000,447,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2010/01/07 15:38:08 | 005,950,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2009/10/14 15:31:02 | 000,122,880 | ---- | M] (WDC) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/12 17:03:38 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/16 10:58:08 | 000,045,056 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/05/27 03:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2008/11/24 22:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/10/06 16:58:48 | 000,800,768 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS)
SRV - [2008/08/01 15:56:42 | 000,094,311 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS)
SRV - [2008/08/01 15:55:28 | 000,168,043 | ---- | M] () [Auto | Stopped] -- C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe -- (BsMobileCS)
SRV - [2008/07/10 19:28:06 | 040,999,448 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2008/07/10 19:28:06 | 000,369,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2008/07/10 19:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008/07/10 03:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/07/10 03:49:34 | 000,258,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/06/16 18:26:26 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/12 20:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 20:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/06/08 12:06:42 | 000,196,707 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\Windows\System32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/15 20:00:06 | 000,030,720 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/03/08 07:21:18 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\System32\lxcecoms.exe -- (lxce_device)
SRV - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)
SRV - [2007/03/05 13:30:06 | 000,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2007/02/06 01:44:24 | 000,094,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007/01/13 18:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/12 14:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/09 16:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 16:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 16:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 16:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/04 21:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2007/01/04 19:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2005/05/04 02:04:28 | 009,175,040 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 23:42:56 | 000,348,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)


========== Driver Services (SafeList) ==========

DRV - [2009/06/08 19:55:27 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/03 14:14:12 | 000,037,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2008/10/03 14:14:10 | 000,187,952 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/10/03 14:14:10 | 000,146,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2008/10/03 14:14:10 | 000,039,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2008/10/03 14:14:10 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/10/03 14:14:08 | 000,012,848 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2008/08/12 03:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2008/08/12 03:00:00 | 000,099,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2008/07/31 20:45:42 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008/07/10 03:49:14 | 000,242,712 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0102.sys -- (RsFx0102)
DRV - [2008/07/02 14:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008/07/02 14:58:36 | 000,029,960 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VCommMgr.sys -- (VcommMgr)
DRV - [2008/07/02 14:58:28 | 000,038,920 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2008/06/15 17:22:02 | 001,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2008/06/15 17:22:02 | 001,044,472 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2008/06/03 19:55:18 | 000,261,680 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20080813.001\IDSvix86.sys -- (IDSvix86)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/21 19:28:12 | 000,014,600 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btnetdrv.sys -- (BT)
DRV - [2008/01/21 19:28:00 | 000,017,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VHIDMini.sys -- (VHidMinidrv)
DRV - [2008/01/21 19:27:50 | 000,014,856 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VComm.sys -- (VComm)
DRV - [2008/01/19 00:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/12/01 01:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/12/01 01:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | System | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/12/01 01:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/29 19:37:22 | 012,214,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2007/08/24 07:39:56 | 001,899,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/06/08 11:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/06/07 13:14:18 | 000,181,432 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/05/24 09:07:18 | 000,223,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/15 20:00:06 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/04/14 04:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/03/09 11:49:46 | 000,309,248 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/11/30 14:24:58 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/02 05:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:50 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (HSF_DPV)
DRV - [2006/11/02 02:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:41:48 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/11/02 02:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2006/06/28 13:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com/browsers/redirect/?b=RRH...RR&d=homerr
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/browsers/redirect/?b=RRH...RR&d=homerr


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3783738875-507401226-299097535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com/browsers/redirect/?b=RRH...RR&d=homerr
IE - HKU\S-1-5-21-3783738875-507401226-299097535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3783738875-507401226-299097535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3783738875-507401226-299097535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
IE - HKU\S-1-5-21-3783738875-507401226-299097535-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3783738875-507401226-299097535-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3783738875-507401226-299097535-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/03/24 20:43:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/03/24 20:43:08 | 000,000,000 | ---D | M]

[2009/05/03 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\robmen\AppData\Roaming\Mozilla\Extensions
[2009/05/03 17:21:39 | 000,000,000 | ---D | M] -- C:\Users\robmen\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2009/11/30 02:12:36 | 000,000,000 | ---D | M] -- C:\Users\robmen\AppData\Roaming\Mozilla\Firefox\extensions
[2009/11/30 02:19:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\robmen\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}

O1 HOSTS File: ([2010/04/14 23:39:17 | 000,000,740 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 jL.chura.pl
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {8ebc404a-6f35-43d8-8d88-db0c0ff8082a} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3783738875-507401226-299097535-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3783738875-507401226-299097535-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 4300 Series\ezprint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\Windows\System32\ezsp_px.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\hphc_scheduler.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LXCECATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCEtime.DLL ()
O4 - HKLM..\Run: [lxcemon.exe] C:\Program Files\Lexmark 4300 Series\lxcemon.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Users\Public\Downloads\Desktop\Malwarebytes_Portable_1.44_Multilingual\MalwarebytesPortable\App\Malwarebytes\mbam.exe (Microsoft Corporation)
O4 - HKLM..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [autofmtxp.exe] C:\Windows\TEMP\autofmtxp.exe File not found
O4 - HKU\.DEFAULT..\Run: [hsa8ffushf83hoigjhs98jgijg9sd8e] C:\Windows\TEMP\z7ssc.exe File not found
O4 - HKU\.DEFAULT..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Windows\TEMP\winamp.exe File not found
O4 - HKU\.DEFAULT..\Run: [owjngz] C:\Windows\TEMP\msbyylfy.DLL File not found
O4 - HKU\.DEFAULT..\Run: [reader_s] C:\Windows\System32\config\systemprofile\reader_s.exe File not found
O4 - HKU\.DEFAULT..\Run: [rmosnq] C:\Windows\TEMP\msyblkya.DLL File not found
O4 - HKU\S-1-5-18..\Run: [autofmtxp.exe] C:\Windows\TEMP\autofmtxp.exe File not found
O4 - HKU\S-1-5-18..\Run: [hsa8ffushf83hoigjhs98jgijg9sd8e] C:\Windows\TEMP\z7ssc.exe File not found
O4 - HKU\S-1-5-18..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\Windows\TEMP\winamp.exe File not found
O4 - HKU\S-1-5-18..\Run: [owjngz] C:\Windows\TEMP\msbyylfy.DLL File not found
O4 - HKU\S-1-5-18..\Run: [reader_s] C:\Windows\System32\config\systemprofile\reader_s.exe File not found
O4 - HKU\S-1-5-18..\Run: [rmosnq] C:\Windows\TEMP\msyblkya.DLL File not found
O4 - HKU\S-1-5-19..\Run: [lazidajivu] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [lazidajivu] File not found
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-ALR5A.exe ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000002] C:\Windows\is-AOM6P.exe ()
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000003] C:\Windows\is-GQ4SJ.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware (registration)] C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [O@] Reg Error: Invalid data type. File not found
O4 - HKU\S-1-5-21-3783738875-507401226-299097535-1006..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150595.exe -Update -1150595 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; GTB6; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30618; eMusic DLM\4; Zune 4.0) File not found
O4 - Startup: C:\Users\robmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GoZone iSync.lnk = C:\Program Files\GoZone\GoZone_iSync.exe (Virgin HealthMiles Inc.)
O4 - Startup: C:\Users\robmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RoadRunner Setup Wizard.lnk = C:\Program Files\Internet\SetupWd.exe (UsefulWare, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm ()
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3783738875-507401226-299097535-1006\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\System32\skype4com.dll (Skype Technologies)
O20 - AppInit_DLLs: (app_dll.dll) - File not found
O20 - AppInit_DLLs: (jegehude.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\Windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Forest.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/04/30 20:01:00 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/04/09 22:43:04 | 000,000,025 | ---- | M] () - G:\AUTORUN.INF -- [ FAT ]
O33 - MountPoints2\{026c6760-118e-11de-82b8-001cc4cc834c}\Shell - "" = AutoRun
O33 - MountPoints2\{026c6760-118e-11de-82b8-001cc4cc834c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{463cfba2-4250-11de-800a-001e5831e959}\Shell - "" = AutoRun
O33 - MountPoints2\{463cfba2-4250-11de-800a-001e5831e959}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{6374de11-9f8a-11de-9dcd-001e5831e959}\Shell - "" = AutoRun
O33 - MountPoints2\{6374de11-9f8a-11de-9dcd-001e5831e959}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{79c485cf-d5b6-11de-bfe2-001e5831e959}\Shell\AutoRun\command - "" = H:\MP4CONVERTERSUITE.EXE -- File not found
O33 - MountPoints2\{79c485d4-d5b6-11de-bfe2-001e5831e959}\Shell - "" = AutoRun
O33 - MountPoints2\{79c485d4-d5b6-11de-bfe2-001e5831e959}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{997b648d-ecac-11de-8059-001e5831e959}\Shell - "" = AutoRun
O33 - MountPoints2\{997b648d-ecac-11de-8059-001e5831e959}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{eec72ff4-8ed4-11dd-8606-001cc4cc834c}\Shell\AutoRun\command - "" = G:\RAINFORESTCASCADE.EXE -- File not found
O33 - MountPoints2\{ef3496ac-92e0-11de-a3a4-001e5831e959}\Shell\AutoRun\command - "" = C:\Windows\System32\setupSNK.exe -- [2008/01/19 02:33:29 | 000,034,816 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{f4b7f942-5782-11de-8b31-001e5831e959}\Shell - "" = AutoRun
O33 - MountPoints2\{f4b7f942-5782-11de-8b31-001e5831e959}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Windows\system32\config\systemprofile\AppData\Local\ave.exe" /START "%1" %* File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/10/18 10:39:15 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "bootini" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{18CA3CAA-A8BD-4B5F-8A87-071F39D189A3} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.XVID - xvidvfw.dll File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/04/14 23:42:15 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Public\Downloads\Desktop\OTL.exe
[2010/04/09 23:09:48 | 000,000,000 | ---D | C] -- C:\Users\robmen\AppData\Local\Threat Expert
[2010/04/09 22:55:28 | 000,000,000 | ---D | C] -- C:\Users\robmen\AppData\Roaming\PC Tools
[2010/04/09 22:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/04/09 22:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/04/09 22:46:23 | 000,000,000 | ---D | C] -- C:\Users\robmen\Documents\a-squared Free
[2010/04/09 22:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Free
[2010/04/05 15:23:19 | 000,000,000 | ---D | C] -- C:\Users\robmen\Documents\Simply Super Software
[2010/04/05 15:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/04/05 15:23:07 | 000,000,000 | ---D | C] -- C:\Users\robmen\AppData\Roaming\Simply Super Software
[2010/04/05 15:23:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/04/02 14:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/04/02 00:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/01 22:50:47 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\531547.exe
[2010/04/01 22:50:37 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/01 22:48:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Downloads\Desktop\Malwarebytes_Portable_1.44_Multilingual
[2010/04/01 22:03:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/30 21:05:36 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/03/30 20:25:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/03/30 19:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\vijohato
[2010/03/30 19:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\bamagedo
[2010/03/30 19:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\raromozo
[2010/03/30 19:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ledamine
[2010/03/30 19:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\dadirova
[2010/03/30 19:48:41 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\38917.exe
[2010/03/30 19:47:33 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/03/30 14:42:28 | 000,238,920 | ---- | C] (Tencent ) -- C:\Windows\System32\1574625.exe
[2010/03/30 14:42:16 | 000,044,544 | ---- | C] (Neto systems) -- C:\Windows\System32\so.bin
[2010/03/30 14:26:05 | 000,516,096 | ---- | C] (CyberLink Corp.) -- C:\Windows\System32\CLVSD.ax
[2010/03/30 14:26:05 | 000,364,544 | ---- | C] (Cucusoft Inc.) -- C:\Windows\System32\cdg.dll
[2010/03/30 14:26:05 | 000,114,688 | ---- | C] (Cucusoft Inc.) -- C:\Windows\System32\PropListCtrl.ocx
[2010/03/30 13:52:25 | 000,000,000 | ---D | C] -- C:\Program Files\zune-converter
[2010/03/30 12:46:04 | 000,000,000 | ---D | C] -- C:\Users\robmen\Documents\Cucusoft
[2010/03/30 12:44:26 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unicows.dll
[2010/03/30 12:44:26 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\System32\pthreadGC2.dll
[2010/03/30 12:32:09 | 001,295,582 | ---- | C] (Red Hat) -- C:\Windows\System32\cygwin1.dll
[2010/03/30 12:32:09 | 000,780,288 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTVideoCompress.dll
[2010/03/30 12:32:09 | 000,764,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTRMFile.dll
[2010/03/30 12:32:09 | 000,626,688 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTImageFile.dll
[2010/03/30 12:32:09 | 000,495,104 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTVideoCoreM.dll
[2010/03/30 12:32:09 | 000,382,464 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTAVIFile.dll
[2010/03/30 12:32:09 | 000,249,856 | ---- | C] (Online Media Technologies Company Ltd.) -- C:\Windows\System32\NCTQuickTimeFile.dll
[2010/03/30 12:32:08 | 002,846,720 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioCompress3.dll
[2010/03/30 12:32:08 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2010/03/30 12:32:08 | 000,778,240 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioCompress2.dll
[2010/03/30 12:32:08 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
[2010/03/30 12:32:08 | 000,312,320 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTVideoView.dll
[2010/03/30 12:32:08 | 000,215,552 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTWMVFile.dll
[2010/03/30 12:32:08 | 000,188,416 | ---- | C] (NCT Company Ltd.) -- C:\Windows\System32\NCTVideoFile.dll
[2010/03/30 12:32:08 | 000,090,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\System32\NCTAudioFormatSettings3.dll
[2010/03/30 12:32:07 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
[2010/03/30 12:32:05 | 000,856,064 | ---- | C] (Essien Research & Development) -- C:\Windows\System32\mpgfiltr.ax
[2010/03/30 12:32:05 | 000,421,888 | ---- | C] (Gabest) -- C:\Windows\System32\RealMediaSplitter.ax
[2010/03/30 12:32:05 | 000,208,896 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\System32\VideoEdit.ocx
[2010/03/30 12:32:05 | 000,147,456 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\System32\viscomqtenc.dll
[2010/03/30 12:32:05 | 000,139,264 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\Windows\System32\viscomqtde.dll
[2010/03/30 12:32:05 | 000,081,920 | ---- | C] (Viscom Software) -- C:\Windows\System32\viscomwave.dll
[2010/03/30 12:32:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\RMBin
[2010/03/30 12:32:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apex
[2010/03/27 22:01:16 | 000,000,000 | ---D | C] -- C:\Users\robmen\AppData\Roaming\Arkadium
[2010/03/26 10:41:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\1Click DVD Copy Pro
[2010/03/26 10:39:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\robmen\AppData\Roaming\pcouffin.sys
[2010/03/26 10:39:02 | 000,000,000 | ---D | C] -- C:\Users\robmen\Documents\PcSetup
[2010/03/25 18:14:11 | 000,000,000 | ---D | C] -- C:\Users\robmen\AppData\Roaming\iMaxGen
[2010/03/24 21:36:48 | 000,000,000 | ---D | C] -- C:\Users\robmen\AppData\Roaming\EscapeTheMuseum2
[2010/03/24 20:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\EdensQuest
[2010/03/24 20:50:45 | 000,000,000 | ---D | C] -- C:\Users\robmen\Documents\Downloads
[2010/03/24 20:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Zylom Games
[2010/03/24 20:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Zylom
[2010/03/22 19:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2010/03/20 14:33:30 | 000,000,000 | ---D | C] -- C:\Users\robmen\AppData\Roaming\Ancient Quest of Saqqarah__real
[2010/03/20 14:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Codeminion
[2010/03/20 12:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Rumbic Studio
[2010/03/20 12:43:24 | 000,000,000 | ---D | C] -- C:\Games
[2010/03/16 19:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Games
[2010/03/16 19:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2010/03/16 19:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo! Games
[2008/09/16 00:23:16 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2008/09/16 00:23:16 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[2008/07/08 13:04:44 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxcehcp.dll
[2008/07/08 13:04:43 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxceserv.dll
[2008/07/08 13:04:43 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxceusb1.dll
[2008/07/08 13:04:43 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxceinpa.dll
[2008/07/08 13:04:43 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxceiesc.dll
[2008/07/08 13:04:42 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxcepmui.dll
[2008/07/08 13:04:42 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxcelmpm.dll
[2008/07/08 13:04:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxceprox.dll
[2008/07/08 13:04:42 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxcepplc.dll
[2008/07/08 13:04:41 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcehbn3.dll
[2008/07/08 13:04:41 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxcecomc.dll
[2008/07/08 13:04:41 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxcecomm.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/14 23:42:37 | 002,883,584 | -HS- | M] () -- C:\Users\robmen\ntuser.dat
[2010/04/14 23:39:17 | 000,000,740 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/14 23:39:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/14 22:36:34 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Downloads\Desktop\OTL.exe
[2010/04/10 14:07:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{41D47AD0-7BD9-41EC-898C-02D969229C53}.job
[2010/04/10 14:03:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/10 14:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At399.job
[2010/04/10 13:04:55 | 000,735,548 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/10 13:04:54 | 000,890,322 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/10 13:04:54 | 000,156,402 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/10 13:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At398.job
[2010/04/10 12:57:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/10 12:57:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/10 12:56:55 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/10 12:09:58 | 000,524,288 | -HS- | M] () -- C:\Users\robmen\ntuser.dat{79d4cc61-e139-11de-9c7a-001e5831e959}.TMContainer00000000000000000001.regtrans-ms
[2010/04/10 12:09:58 | 000,065,536 | -HS- | M] () -- C:\Users\robmen\ntuser.dat{79d4cc61-e139-11de-9c7a-001e5831e959}.TM.blf
[2010/04/07 22:23:21 | 000,001,356 | ---- | M] () -- C:\Users\robmen\AppData\Local\d3d9caps.dat
[2010/04/02 11:03:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/02 11:00:00 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At396.job
[2010/04/02 10:07:48 | 000,044,544 | ---- | M] (Neto systems) -- C:\Windows\System32\so.bin
[2010/04/02 10:00:07 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At395.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At408.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At407.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At406.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At405.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At404.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At403.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At402.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At401.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At400.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At397.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At394.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At393.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At392.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At391.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At390.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At389.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At388.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At387.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At386.job
[2010/04/02 08:44:27 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At385.job
[2010/04/02 08:39:26 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ezsp_px.exe
[2010/04/02 08:36:52 | 000,091,648 | ---- | M] () -- C:\Windows\System32\rundll32.exe.delme300
[2010/04/02 08:35:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At384.job
[2010/04/02 08:35:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At383.job
[2010/04/02 08:35:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At382.job
[2010/04/02 08:35:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At381.job
[2010/04/02 08:35:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At380.job
[2010/04/02 08:35:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At379.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At378.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At377.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At376.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At375.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At374.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At373.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At372.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At371.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At370.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At369.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At368.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At367.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At366.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At365.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At364.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At363.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At362.job
[2010/04/02 08:35:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At361.job
[2010/04/02 00:12:30 | 000,004,904 | ---- | M] () -- C:\Users\robmen\Documents\cc_20100402_001152.reg
[2010/04/02 00:06:11 | 000,001,676 | ---- | M] () -- C:\Users\Public\Downloads\Desktop\CCleaner.lnk
[2010/04/01 23:57:30 | 000,006,456 | -H-- | M] () -- C:\Windows\System32\jutamayu
[2010/04/01 22:50:47 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\531547.exe
[2010/04/01 22:50:47 | 000,000,102 | ---- | M] () -- C:\gyudekrjh4wh108.bat
[2010/04/01 22:50:41 | 000,721,408 | ---- | M] () -- C:\Windows\is-GQ4SJ.exe
[2010/04/01 22:50:41 | 000,010,498 | ---- | M] () -- C:\Windows\is-GQ4SJ.msg
[2010/04/01 22:50:41 | 000,000,361 | ---- | M] () -- C:\Windows\is-GQ4SJ.lst
[2010/04/01 22:50:36 | 000,168,400 | ---- | M] () -- C:\Windows\System32\5996668.exe
[2010/04/01 22:03:46 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 21:55:05 | 000,420,344 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/01 21:45:10 | 000,718,336 | ---- | M] () -- C:\Windows\is-AOM6P.exe
[2010/04/01 21:45:10 | 000,010,498 | ---- | M] () -- C:\Windows\is-AOM6P.msg
[2010/04/01 21:45:10 | 000,000,309 | ---- | M] () -- C:\Windows\is-AOM6P.lst
[2010/04/01 21:40:01 | 000,718,336 | ---- | M] () -- C:\Windows\is-ALR5A.exe
[2010/04/01 21:40:01 | 000,010,498 | ---- | M] () -- C:\Windows\is-ALR5A.msg
[2010/04/01 21:40:01 | 000,000,309 | ---- | M] () -- C:\Windows\is-ALR5A.lst
[2010/04/01 21:16:41 | 000,003,884 | -HS- | M] () -- C:\Users\robmen\AppData\Local\PqC8sw32avv
[2010/04/01 21:16:41 | 000,003,884 | -HS- | M] () -- C:\ProgramData\PqC8sw32avv
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At336.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At335.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At334.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At333.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At332.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At331.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At330.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At329.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At328.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At327.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At326.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At325.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At324.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At323.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At322.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At321.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At320.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At319.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At318.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At317.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At316.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At315.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At314.job
[2010/03/31 00:19:22 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At313.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At360.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At359.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At358.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At357.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At356.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At355.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At354.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At353.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At352.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At351.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At350.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At349.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At348.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At347.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At346.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At345.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At344.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At343.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At342.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At341.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At340.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At339.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At338.job
[2010/03/31 00:19:22 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At337.job
[2010/03/30 23:11:14 | 000,029,260 | -HS- | M] () -- C:\ProgramData\1060167760
[2010/03/30 23:06:15 | 000,000,965 | ---- | M] () -- C:\Windows\System32\bscs.ini
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At288.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At287.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At286.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At285.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At284.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At283.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At282.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At281.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At280.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At279.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At278.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At277.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At276.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At275.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At274.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At273.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At272.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At271.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At270.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At269.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At268.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At267.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At266.job
[2010/03/30 23:06:09 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At265.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At312.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At311.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At310.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At309.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At308.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At307.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At306.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At305.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At304.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At303.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At302.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At301.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At300.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At299.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At298.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At297.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At296.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At295.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At294.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At293.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At292.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At291.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At290.job
[2010/03/30 23:06:09 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At289.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At240.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At239.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At238.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At237.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At236.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At235.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At234.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At233.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At232.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At231.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At230.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At229.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At228.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At227.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At226.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At225.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At224.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At223.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At222.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At221.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At220.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At219.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At218.job
[2010/03/30 22:53:03 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At217.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At264.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At263.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At262.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At261.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At260.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At259.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At258.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At257.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At256.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At255.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At254.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At253.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At252.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At251.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At250.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At249.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At248.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At247.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At246.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At245.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At244.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At243.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At242.job
[2010/03/30 22:53:03 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At241.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At192.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At191.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At190.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At189.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At188.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At187.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At186.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At185.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At184.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At183.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At182.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At181.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At180.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At179.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At178.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At177.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At176.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At175.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At174.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At173.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At172.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At171.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At170.job
[2010/03/30 22:29:46 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At169.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At216.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At215.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At214.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At213.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At212.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At211.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At210.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At209.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At208.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At207.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At206.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At205.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At204.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At203.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At202.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At201.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At200.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At199.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At198.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At197.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At196.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At195.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At194.job
[2010/03/30 22:29:46 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At193.job
[2010/03/30 22:15:03 | 000,000,000 | -HS- | M] () -- C:\Users\robmen\AppData\Local\3311182247
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At99.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At98.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At97.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At120.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At119.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At118.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At117.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At116.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At115.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At114.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At113.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At112.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At111.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At110.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At109.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At108.job
[2010/03/30 21:10:06 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At107.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At168.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At167.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At166.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At165.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At164.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At163.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At162.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At161.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At160.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At159.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At158.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At157.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At156.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At155.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At154.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At153.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At152.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At151.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At150.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At149.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At148.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At147.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At146.job
[2010/03/30 21:10:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At145.job
[2010/03/30 21:10:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At106.job
[2010/03/30 21:10:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At105.job
[2010/03/30 21:10:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At104.job
[2010/03/30 21:10:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At103.job
[2010/03/30 21:10:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At102.job
[2010/03/30 21:10:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At101.job
[2010/03/30 21:10:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At100.job
[2010/03/30 20:32:54 | 000,035,894 | -HS- | M] () -- C:\ProgramData\3311182247
[2010/03/30 20:30:06 | 000,001,176 | ---- | M] () -- C:\ProgramData\_VOIDmfeklnmal.dll
[2010/03/30 20:28:43 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At144.job
[2010/03/30 20:28:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At143.job
[2010/03/30 20:28:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At142.job
[2010/03/30 20:28:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At141.job
[2010/03/30 20:28:42 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At140.job
[2010/03/30 20:28:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At139.job
[2010/03/30 20:28:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At138.job
[2010/03/30 20:28:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At137.job
[2010/03/30 20:28:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At136.job
[2010/03/30 20:28:41 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At135.job
[2010/03/30 20:28:40 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At134.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At133.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At132.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At131.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At130.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At129.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At128.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At127.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At126.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At125.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At124.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At123.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At122.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At121.job
[2010/03/30 20:27:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At96.job
[2010/03/30 20:27:06 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At95.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At72.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At71.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At70.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At69.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At68.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At67.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At66.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At65.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At64.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At63.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At62.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At61.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At60.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At59.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At58.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At57.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At56.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At55.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At54.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At53.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At52.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At51.job
[2010/03/30 20:27:05 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At50.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At94.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At93.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At92.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At91.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At90.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At89.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At88.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At87.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At86.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At85.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At84.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At83.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At82.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At81.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At80.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At79.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At78.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At77.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At76.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At75.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At74.job
[2010/03/30 20:27:05 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At73.job
[2010/03/30 20:27:04 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At49.job
[2010/03/30 20:03:40 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010/03/30 20:03:40 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010/03/30 20:03:40 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010/03/30 20:03:39 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At48.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At47.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At46.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At45.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At44.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At43.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At42.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At41.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At40.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At39.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At38.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At37.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010/03/30 20:03:39 | 000,000,358 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010/03/30 19:50:07 | 000,126,504 | ---- | M] () -- C:\Users\robmen\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/03/30 19:49:33 | 000,001,332 | ---- | M] () -- C:\Users\Public\Downloads\Desktop\Clean Registry for Free!.lnk
[2010/03/30 19:48:41 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\38917.exe
[2010/03/30 19:47:52 | 000,004,608 | ---- | M] () -- C:\Windows\System32\srsvc.dll
[2010/03/30 19:46:47 | 000,000,000 | ---- | M] () -- C:\Windows\SC.INS
[2010/03/30 19:46:10 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/03/30 14:42:28 | 000,238,920 | ---- | M] (Tencent ) -- C:\Windows\System32\1574625.exe
[2010/03/30 14:35:00 | 000,016,384 | ---- | M] () -- C:\Users\robmen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/30 09:50:28 | 103,146,772 | ---- | M] () -- C:\Users\Public\Downloads\Desktop\Super.Troopers.2001.DvDrip.Up.By.XsX.mkv.003
[2010/03/30 09:45:22 | 104,857,600 | ---- | M] () -- C:\Users\Public\Downloads\Desktop\Super.Troopers.2001.DvDrip.Up.By.XsX.mkv.002
[2010/03/30 09:40:10 | 104,857,600 | ---- | M] () -- C:\Users\Public\Downloads\Desktop\Super.Troopers.2001.DvDrip.Up.By.XsX.mkv.001
[2010/03/30 05:30:08 | 000,017,408 | ---- | M] () -- C:\Users\Public\Downloads\Desktop\Payments.xls
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/03/29 20:01:57 | 000,000,548 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - robmen.job
[2010/03/26 10:42:40 | 000,087,608 | ---- | M] () -- C:\Users\robmen\AppData\Roaming\inst.exe
[2010/03/26 10:42:40 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\robmen\AppData\Roaming\pcouffin.sys
[2010/03/26 10:42:40 | 000,007,887 | ---- | M] () -- C:\Users\robmen\AppData\Roaming\pcouffin.cat
[2010/03/26 10:42:40 | 000,001,144 | ---- | M] () -- C:\Users\robmen\AppData\Roaming\pcouffin.inf
[2010/03/24 22:06:01 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/03/19 09:13:31 | 000,000,137 | ---- | M] () -- C:\Users\Public\Downloads\Desktop\More Games at GameHouse.com.url
[2010/03/16 19:45:37 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Bejeweled 2 Deluxe.lnk
[2010/03/16 19:45:23 | 000,001,284 | ---- | M] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\jutamayu
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At408.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At407.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At406.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At405.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At404.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At403.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At402.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At401.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At400.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At399.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At398.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At397.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At396.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At395.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At394.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At393.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At392.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At391.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At390.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At389.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At388.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At387.job
[2010/04/02 08:39:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At386.job
[2010/04/02 08:39:48 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At385.job
[2010/04/02 00:12:12 | 000,004,904 | ---- | C] () -- C:\Users\robmen\Documents\cc_20100402_001152.reg
[2010/04/02 00:06:11 | 000,001,676 | ---- | C] () -- C:\Users\Public\Downloads\Desktop\CCleaner.lnk
[2010/04/01 22:50:47 | 000,000,102 | ---- | C] () -- C:\gyudekrjh4wh108.bat
[2010/04/01 22:50:41 | 000,721,408 | ---- | C] () -- C:\Windows\is-GQ4SJ.exe
[2010/04/01 22:50:41 | 000,010,498 | ---- | C] () -- C:\Windows\is-GQ4SJ.msg
[2010/04/01 22:50:41 | 000,000,361 | ---- | C] () -- C:\Windows\is-GQ4SJ.lst
[2010/04/01 22:50:36 | 000,168,400 | ---- | C] () -- C:\Windows\System32\5996668.exe
[2010/04/01 22:03:46 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/01 21:45:10 | 000,718,336 | ---- | C] () -- C:\Windows\is-AOM6P.exe
[2010/04/01 21:45:10 | 000,010,498 | ---- | C] () -- C:\Windows\is-AOM6P.msg
[2010/04/01 21:45:10 | 000,000,309 | ---- | C] () -- C:\Windows\is-AOM6P.lst
[2010/04/01 21:40:01 | 000,718,336 | ---- | C] () -- C:\Windows\is-ALR5A.exe
[2010/04/01 21:40:01 | 000,010,498 | ---- | C] () -- C:\Windows\is-ALR5A.msg
[2010/04/01 21:40:01 | 000,000,309 | ---- | C] () -- C:\Windows\is-ALR5A.lst
[2010/03/31 00:21:15 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At384.job
[2010/03/31 00:21:15 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At383.job
[2010/03/31 00:21:15 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At382.job
[2010/03/31 00:21:15 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At381.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At380.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At379.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At378.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At377.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At376.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At375.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At374.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At373.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At372.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At371.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At370.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At369.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At368.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At367.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At366.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At365.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At364.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At363.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At362.job
[2010/03/31 00:21:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At361.job
[2010/03/30 23:08:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At360.job
[2010/03/30 23:08:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At359.job
[2010/03/30 23:08:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At358.job
[2010/03/30 23:08:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At357.job
[2010/03/30 23:08:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At356.job
[2010/03/30 23:08:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At355.job
[2010/03/30 23:08:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At354.job
[2010/03/30 23:08:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At353.job
[2010/03/30 23:08:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At352.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At351.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At350.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At349.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At348.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At347.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At346.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At345.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At344.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At343.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At342.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At341.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At340.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At339.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At338.job
[2010/03/30 23:08:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At337.job
[2010/03/30 23:08:03 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At336.job
[2010/03/30 23:08:03 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At335.job
[2010/03/30 23:08:03 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At334.job
[2010/03/30 23:08:03 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At333.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At332.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At331.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At330.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At329.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At328.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At327.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At326.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At325.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At324.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At323.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At322.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At321.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At320.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At319.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At318.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At317.job
[2010/03/30 23:08:02 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At316.job
[2010/03/30 23:08:01 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At315.job
[2010/03/30 23:08:01 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At314.job
[2010/03/30 23:08:01 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At313.job
[2010/03/30 22:54:54 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At312.job
[2010/03/30 22:54:54 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At311.job
[2010/03/30 22:54:54 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At310.job
[2010/03/30 22:54:54 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At309.job
[2010/03/30 22:54:53 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At308.job
[2010/03/30 22:54:53 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At307.job
[2010/03/30 22:54:53 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At306.job
[2010/03/30 22:54:53 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At305.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At304.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At303.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At302.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At301.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At300.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At299.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At298.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At297.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At296.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At295.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At294.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At293.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At292.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At291.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At290.job
[2010/03/30 22:54:52 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At289.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At288.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At287.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At286.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At285.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At284.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At283.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At282.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At281.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At280.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At279.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At278.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At277.job
[2010/03/30 22:54:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At276.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At275.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At274.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At273.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At272.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At271.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At270.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At269.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At268.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At267.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At266.job
[2010/03/30 22:54:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At265.job
[2010/03/30 22:32:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At264.job
[2010/03/30 22:32:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At263.job
[2010/03/30 22:32:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At262.job
[2010/03/30 22:32:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At261.job
[2010/03/30 22:32:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At260.job
[2010/03/30 22:32:14 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At259.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At258.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At257.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At256.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At255.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At254.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At253.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At252.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At251.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At250.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At249.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At248.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At247.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At246.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At245.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At244.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At243.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At242.job
[2010/03/30 22:32:13 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At241.job
[2010/03/30 22:32:11 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At240.job
[2010/03/30 22:32:11 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At239.job
[2010/03/30 22:32:11 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At238.job
[2010/03/30 22:32:11 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At237.job
[2010/03/30 22:32:11 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At236.job
[2010/03/30 22:32:11 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At235.job
[2010/03/30 22:32:11 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At234.job
[2010/03/30 22:32:11 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At233.job
[2010/03/30 22:32:11 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At232.job
[2010/03/30 22:32:11 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At231.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At230.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At229.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At228.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At227.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At226.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At225.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At224.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At223.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At222.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At221.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At220.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At219.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At218.job
[2010/03/30 22:32:10 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At217.job
[2010/03/30 22:15:05 | 000,029,260 | -HS- | C] () -- C:\ProgramData\1060167760
[2010/03/30 22:15:03 | 000,000,000 | -HS- | C] () -- C:\Users\robmen\AppData\Local\3311182247
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At216.job
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At215.job
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At214.job
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At213.job
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At212.job
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At211.job
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At210.job
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At209.job
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At208.job
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At207.job
[2010/03/30 21:19:10 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At206.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At205.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At204.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At203.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At202.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At201.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At200.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At199.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At198.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At197.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At196.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At195.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At194.job
[2010/03/30 21:19:09 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At193.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At192.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At191.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At190.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At189.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At188.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At187.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At186.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At185.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At184.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At183.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At182.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At181.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At180.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At179.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At178.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At177.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At176.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At175.job
[2010/03/30 21:19:07 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At174.job
[2010/03/30 21:19:06 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At173.job
[2010/03/30 21:19:06 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At172.job
[2010/03/30 21:19:06 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At171.job
[2010/03/30 21:19:05 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At170.job
[2010/03/30 21:19:05 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At169.job
[2010/03/30 20:39:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At168.job
[2010/03/30 20:39:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At167.job
[2010/03/30 20:39:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At166.job
[2010/03/30 20:39:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At165.job
[2010/03/30 20:39:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At164.job
[2010/03/30 20:39:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At163.job
[2010/03/30 20:39:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At162.job
[2010/03/30 20:39:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At161.job
[2010/03/30 20:39:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At160.job
[2010/03/30 20:39:38 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At159.job
[2010/03/30 20:39:37 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At158.job
[2010/03/30 20:39:37 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At157.job
[2010/03/30 20:39:37 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At156.job
[2010/03/30 20:39:37 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At155.job
[2010/03/30 20:39:36 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At154.job
[2010/03/30 20:39:35 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At153.job
[2010/03/30 20:39:34 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At152.job
[2010/03/30 20:39:34 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At151.job
[2010/03/30 20:39:32 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At150.job
[2010/03/30 20:39:32 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At149.job
[2010/03/30 20:39:32 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At148.job
[2010/03/30 20:39:31 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At147.job
[2010/03/30 20:39:31 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At146.job
[2010/03/30 20:39:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At145.job
[2010/03/30 20:28:42 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At144.job
[2010/03/30 20:28:42 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At143.job
[2010/03/30 20:28:42 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At142.job
[2010/03/30 20:28:42 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At141.job
[2010/03/30 20:28:41 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At140.job
[2010/03/30 20:28:41 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At139.job
[2010/03/30 20:28:41 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At138.job
[2010/03/30 20:28:41 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At137.job
[2010/03/30 20:28:41 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At136.job
[2010/03/30 20:28:40 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At135.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At134.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At133.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At132.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At131.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At130.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At129.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At128.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At127.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At126.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At125.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At124.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At123.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At122.job
[2010/03/30 20:28:39 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At121.job
[2010/03/30 20:28:36 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At120.job
[2010/03/30 20:28:36 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At119.job
[2010/03/30 20:28:36 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At118.job
[2010/03/30 20:28:36 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At117.job
[2010/03/30 20:28:36 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At116.job
[2010/03/30 20:28:36 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At115.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At99.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At114.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At113.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At112.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At111.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At110.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At109.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At108.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At107.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At106.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At105.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At104.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At103.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At102.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At101.job
[2010/03/30 20:28:35 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At100.job
[2010/03/30 20:28:34 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At98.job
[2010/03/30 20:28:34 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At97.job
[2010/03/30 20:12:38 | 000,001,176 | ---- | C] () -- C:\ProgramData\_VOIDmfeklnmal.dll
[2010/03/30 20:12:24 | 000,003,884 | -HS- | C] () -- C:\Users\robmen\AppData\Local\PqC8sw32avv
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At96.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At95.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At94.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At93.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At92.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At91.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At90.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At89.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At88.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At87.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At86.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At85.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At84.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At83.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At82.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At81.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At80.job
[2010/03/30 20:10:27 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At79.job
[2010/03/30 20:10:26 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At78.job
[2010/03/30 20:10:26 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At77.job
[2010/03/30 20:10:26 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At76.job
[2010/03/30 20:10:26 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At75.job
[2010/03/30 20:10:26 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At74.job
[2010/03/30 20:10:26 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At73.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At72.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At71.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At70.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At69.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At68.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At67.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At66.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At65.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At64.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At63.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At62.job
[2010/03/30 20:10:24 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At61.job
[2010/03/30 20:10:23 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At60.job
[2010/03/30 20:10:23 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At59.job
[2010/03/30 20:10:23 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At58.job
[2010/03/30 20:10:23 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At57.job
[2010/03/30 20:10:22 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At56.job
[2010/03/30 20:10:21 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At55.job
[2010/03/30 20:10:21 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At54.job
[2010/03/30 20:10:21 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At53.job
[2010/03/30 20:10:18 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At52.job
[2010/03/30 20:10:18 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At51.job
[2010/03/30 20:10:17 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At50.job
[2010/03/30 20:10:14 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At49.job
[2010/03/30 20:09:46 | 000,294,912 | ---- | C] () -- C:\Windows\tsnp2std .exe
[2010/03/30 19:54:07 | 000,035,894 | -HS- | C] () -- C:\ProgramData\3311182247
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At48.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At47.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At46.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At45.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At44.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At43.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At42.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At41.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At40.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At39.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At38.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At37.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010/03/30 19:50:00 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010/03/30 19:49:59 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010/03/30 19:49:59 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010/03/30 19:49:59 | 000,000,358 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010/03/30 19:48:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010/03/30 19:48:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010/03/30 19:48:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010/03/30 19:48:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010/03/30 19:48:51 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010/03/30 19:48:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010/03/30 19:48:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010/03/30 19:48:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010/03/30 19:48:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010/03/30 19:48:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010/03/30 19:48:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010/03/30 19:48:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010/03/30 19:48:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010/03/30 19:48:50 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010/03/30 19:48:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010/03/30 19:48:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010/03/30 19:48:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010/03/30 19:48:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010/03/30 19:48:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010/03/30 19:48:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010/03/30 19:48:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010/03/30 19:48:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010/03/30 19:48:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010/03/30 19:48:49 | 000,000,380 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010/03/30 19:47:58 | 000,003,884 | -HS- | C] () -- C:\ProgramData\PqC8sw32avv
[2010/03/30 19:47:52 | 000,004,608 | ---- | C] () -- C:\Windows\System32\srsvc.dll
[2010/03/30 19:46:47 | 000,000,000 | ---- | C] () -- C:\Windows\SC.INS
[2010/03/30 19:46:10 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/30 14:26:06 | 000,014,909 | ---- | C] () -- C:\Windows\System32\A_reg.reg
[2010/03/30 14:26:05 | 000,348,160 | ---- | C] () -- C:\Windows\System32\cdga.dll
[2010/03/30 12:57:27 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2010/03/30 12:44:26 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/30 12:44:26 | 000,006,144 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2010/03/30 12:44:26 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010/03/30 12:32:09 | 004,777,472 | ---- | C] () -- C:\Windows\System32\apexconverter.exe
[2010/03/30 12:32:09 | 000,107,520 | ---- | C] () -- C:\Windows\System32\AddiTunes.exe
[2010/03/30 12:32:09 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll
[2010/03/30 09:48:25 | 103,146,772 | ---- | C] () -- C:\Users\Public\Downloads\Desktop\Super.Troopers.2001.DvDrip.Up.By.XsX.mkv.003
[2010/03/30 09:42:22 | 104,857,600 | ---- | C] () -- C:\Users\Public\Downloads\Desktop\Super.Troopers.2001.DvDrip.Up.By.XsX.mkv.002
[2010/03/30 09:35:43 | 104,857,600 | ---- | C] () -- C:\Users\Public\Downloads\Desktop\Super.Troopers.2001.DvDrip.Up.By.XsX.mkv.001
[2010/03/26 10:40:35 | 000,000,033 | ---- | C] () -- C:\Users\robmen\AppData\Roaming\pcouffin.log
[2010/03/26 10:39:02 | 000,087,608 | ---- | C] () -- C:\Users\robmen\AppData\Roaming\inst.exe
[2010/03/26 10:39:02 | 000,007,887 | ---- | C] () -- C:\Users\robmen\AppData\Roaming\pcouffin.cat
[2010/03/26 10:39:02 | 000,001,144 | ---- | C] () -- C:\Users\robmen\AppData\Roaming\pcouffin.inf
[2010/03/24 20:42:57 | 000,001,971 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010/03/19 10:48:04 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/19 10:48:03 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/19 09:13:31 | 000,000,137 | ---- | C] () -- C:\Users\Public\Downloads\Desktop\More Games at GameHouse.com.url
[2010/03/16 19:45:37 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Bejeweled 2 Deluxe.lnk
[2010/03/16 19:45:23 | 000,001,284 | ---- | C] () -- C:\Users\Public\Desktop\More Yahoo! Games.lnk
[2010/02/20 17:19:23 | 000,001,341 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010/02/06 16:13:26 | 000,336,896 | ---- | C] () -- C:\Windows\System32\ammppg.dll
[2010/02/06 16:13:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\qscl.dll
[2010/02/06 16:13:26 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010/02/06 16:13:26 | 000,212,992 | ---- | C] () -- C:\Windows\System32\amrdec.dll
[2010/02/06 16:13:26 | 000,081,920 | ---- | C] () -- C:\Windows\System32\qcpsdk.dll
[2010/02/06 16:13:26 | 000,073,728 | ---- | C] () -- C:\Windows\System32\a1.dll
[2010/02/06 14:23:13 | 000,000,668 | ---- | C] () -- C:\Users\robmen\AppData\Roaming\vso_ts_preview.xml
[2010/02/06 02:32:19 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010/02/06 02:31:46 | 000,005,937 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010/02/01 20:38:20 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2010/02/01 20:38:20 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2010/02/01 20:38:20 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2009/12/11 23:16:46 | 000,757,760 | ---- | C] () -- C:\Users\robmen\math ppt dec.ppt
[2009/12/04 20:01:14 | 000,524,288 | -HS- | C] () -- C:\Users\robmen\ntuser.dat{79d4cc61-e139-11de-9c7a-001e5831e959}.TMContainer00000000000000000002.regtrans-ms
[2009/12/04 20:01:14 | 000,524,288 | -HS- | C] () -- C:\Users\robmen\ntuser.dat{79d4cc61-e139-11de-9c7a-001e5831e959}.TMContainer00000000000000000001.regtrans-ms
[2009/12/04 20:01:13 | 000,065,536 | -HS- | C] () -- C:\Users\robmen\ntuser.dat{79d4cc61-e139-11de-9c7a-001e5831e959}.TM.blf
[2009/11/30 00:26:00 | 000,524,288 | -HS- | C] () -- C:\Users\robmen\ntuser.dat{a88789c2-dd70-11de-8c25-001e5831e959}.TMContainer00000000000000000002.regtrans-ms
[2009/11/30 00:25:59 | 000,524,288 | -HS- | C] () -- C:\Users\robmen\ntuser.dat{a88789c2-dd70-11de-8c25-001e5831e959}.TMContainer00000000000000000001.regtrans-ms
[2009/11/30 00:25:59 | 000,065,536 | -HS- | C] () -- C:\Users\robmen\ntuser.dat{a88789c2-dd70-11de-8c25-001e5831e959}.TM.blf
[2009/11/06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/08/30 18:20:17 | 000,001,356 | ---- | C] () -- C:\Users\robmen\AppData\Local\d3d9caps.dat
[2009/04/11 08:33:02 | 000,000,215 | ---- | C] () -- C:\Windows\BsMobileModel.ini
[2009/04/08 16:42:32 | 000,000,359 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/29 17:01:09 | 000,004,393 | ---- | C] () -- C:\Windows\System32\SHORTCUT.INI
[2009/03/29 16:57:32 | 000,000,235 | ---- | C] () -- C:\Windows\System32\REMOTEDEVICE.INI
[2009/03/29 16:44:15 | 000,004,535 | ---- | C] () -- C:\Windows\System32\LOCALSERVICE.INI
[2009/03/29 16:44:00 | 000,000,101 | ---- | C] () -- C:\Windows\System32\LOCALDEVICE.INI
[2009/03/29 16:40:28 | 000,000,000 | ---- | C] () -- C:\Windows\System32\BSPRINT.INI
[2009/02/15 11:44:15 | 000,756,499 | ---- | C] () -- C:\Users\robmen\presidents-day-writing-prompt[1].pdf
[2009/02/15 11:40:26 | 000,684,205 | ---- | C] () -- C:\Users\robmen\presidents-day-color-by-number_v2[1].pdf
[2008/11/30 10:53:31 | 000,524,288 | -HS- | C] () -- C:\Users\robmen\NTUSER.DAT{e0a1c112-bef6-11dd-988e-001cc4cc834c}.TMContainer00000000000000000002.regtrans-ms
[2008/11/30 10:53:31 | 000,524,288 | -HS- | C] () -- C:\Users\robmen\NTUSER.DAT{e0a1c112-bef6-11dd-988e-001cc4cc834c}.TMContainer00000000000000000001.regtrans-ms
[2008/11/30 10:53:31 | 000,065,536 | -HS- | C] () -- C:\Users\robmen\NTUSER.DAT{e0a1c112-bef6-11dd-988e-001cc4cc834c}.TM.blf
[2008/09/16 00:23:17 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2008/09/16 00:23:17 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2008/09/16 00:23:16 | 012,214,272 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2008/08/04 18:04:44 | 000,000,965 | ---- | C] () -- C:\Windows\System32\bscs.ini
[2008/08/04 17:36:50 | 000,405,589 | ---- | C] () -- C:\Windows\System32\BsUI.dll
[2008/08/01 15:58:50 | 000,278,647 | ---- | C] () -- C:\Windows\System32\outlookAddin.dll
[2008/08/01 15:58:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HtmPrintHelper.dll
[2008/08/01 15:58:14 | 000,622,693 | ---- | C] () -- C:\Windows\System32\BSShell.dll
[2008/08/01 15:56:14 | 000,098,403 | ---- | C] () -- C:\Windows\System32\Bs2Res.dll
[2008/08/01 15:55:40 | 000,118,880 | ---- | C] () -- C:\Windows\System32\BsMobileSDK.dll
[2008/08/01 15:55:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BsMobileCSps.dll
[2008/08/01 15:46:30 | 017,907,824 | ---- | C] () -- C:\Windows\System32\BsLangInDepRes.dll
[2008/08/01 15:46:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\BsVistaCommon.dll
[2008/07/12 21:32:38 | 000,000,101 | ---- | C] () -- C:\Users\robmen\AppData\Local\DownloadLog.txt
[2008/07/12 13:09:33 | 000,000,372 | ---- | C] () -- C:\Users\robmen\Documents - Shortcut.lnk
[2008/07/12 13:05:15 | 000,016,384 | ---- | C] () -- C:\Users\robmen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/08 13:04:44 | 000,274,432 | ---- | C] () -- C:\Windows\System32\lxceinst.dll
[2008/06/16 19:00:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/06/16 18:38:47 | 000,000,184 | ---- | C] () -- C:\Windows\_delis43.ini
[2008/06/15 17:30:42 | 000,000,000 | ---- | C] () -- C:\Users\robmen\AppData\Local\QSwitch.txt
[2008/06/15 17:30:42 | 000,000,000 | ---- | C] () -- C:\Users\robmen\AppData\Local\DSwitch.txt
[2008/06/15 17:30:42 | 000,000,000 | ---- | C] () -- C:\Users\robmen\AppData\Local\AtStart.txt
[2008/06/15 17:20:45 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008/06/15 17:20:45 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008/06/15 17:20:45 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008/06/15 17:20:45 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008/06/15 17:20:45 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008/06/15 17:20:45 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008/06/15 17:17:34 | 000,000,020 | -HS- | C] () -- C:\Users\robmen\ntuser.ini
[2008/06/15 17:17:33 | 002,883,584 | -HS- | C] () -- C:\Users\robmen\ntuser.dat
[2008/06/15 17:17:33 | 000,524,288 | -HS- | C] () -- C:\Users\robmen\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms
[2008/06/15 17:17:33 | 000,524,288 | -HS- | C] () -- C:\Users\robmen\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2008/06/15 17:17:33 | 000,262,144 | -H-- | C] () -- C:\Users\robmen\ntuser.dat.LOG1
[2008/06/15 17:17:33 | 000,065,536 | -HS- | C] () -- C:\Users\robmen\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2008/06/15 17:17:33 | 000,000,000 | -H-- | C] () -- C:\Users\robmen\ntuser.dat.LOG2
[2008/02/04 20:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007/08/24 07:46:48 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1322.dll
[2007/08/24 07:38:54 | 001,238,832 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/08/24 07:38:54 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/08/24 07:28:04 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2007/06/08 12:05:38 | 000,274,432 | ---- | C] () -- C:\Windows\System32\flcdlmsg.dll
[2007/02/22 20:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxcecoin.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/08/18 08:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxcevs.dll
[2005/02/24 19:23:52 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxcecnv4.dll
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 02:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007/12/11 07:14:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007/12/11 07:14:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007/12/11 07:14:58 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 04:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 02:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/06/15 22:37:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/06/15 22:37:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/06/15 22:37:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\SwSetup\Drivers\32\HDD\iastor.sys
[2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/03/21 07:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 02:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 04:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/19 02:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 02:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/19 02:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 04:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:4BF2F6B5
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Extras.txt

OTL Extras logfile created on: 4/14/2010 11:43:32 PM - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Public\Downloads\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 80.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 140.40 Gb Total Space | 97.82 Gb Free Space | 69.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1.55 Gb Total Space | 1.32 Gb Free Space | 84.84% Space Free | Partition Type: NTFS
Drive F: | 7.09 Gb Total Space | 0.76 Gb Free Space | 10.78% Space Free | Partition Type: NTFS
Drive G: | 1.89 Gb Total Space | 1.66 Gb Free Space | 87.58% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROBMEN-PC
Current User Name: robmen
Logged in as Administrator.

Current Boot Mode: SafeMode
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Windows\System32\config\systemprofile\AppData\Local\ave.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.exe [@ = secfile] -- C:\Windows\System32\config\systemprofile\AppData\Local\ave.exe File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6F9E2413-2C9A-43D0-840D-AC46BC5B4901}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CE5B6E-E5C3-46C6-8B38-4A57FE19F95A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcepswx.exe |
"{09D76D73-DBF1-4713-A57E-7C07C64DFD5F}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{0ACC9D65-8486-494E-801F-B2D1B146FDAA}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{0C6E2155-72BE-4551-B4F3-F0D09DA3FE19}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13F74B42-B42C-40FD-85D0-3B4E279AEFDB}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"{13F9EE00-0F5B-4F23-9B77-28E075197ED7}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxcepswx.exe |
"{1C4C6B89-86BB-4D39-99AB-35672421DE9B}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
"{34EDE8AF-7160-4CC9-85B7-5EF75BD5FF6E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{467E5EBF-9FDF-4DDC-B129-F90F45EC9081}" = protocol=17 | dir=in | app=c:\windows\temp\vrt7d2a.tmp |
"{57A2145E-CF3D-421B-B953-80DC4C227C28}" = protocol=6 | dir=in | app=c:\windows\temp\vrt7d2a.tmp |
"{65CE7279-8B1C-4917-BABF-DD3433B56998}" = protocol=6 | dir=in | app=c:\program files\ipod\bin\ipodservice.exe |
"{80633314-C16D-488B-8C6C-6B151563464B}" = protocol=6 | dir=in | app=c:\windows\system32\wininit.exe |
"{8A5326F0-DEBE-4ADA-BFEA-D30C41525B5C}" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"{8CA09CFE-DDA5-48D4-8836-A4E8E5B68439}" = protocol=17 | dir=in | app=c:\windows\system32\lxcecoms.exe |
"{91EC73B8-4ADC-414A-B7EA-A1ACF1E492A7}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{9687105F-D307-480E-A3B0-BDAE65A632D7}" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"{991858A6-2FC9-4A04-9254-06B2AEC07570}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{A31800DF-6E0A-417C-866E-39BBD238F460}" = dir=in | app=c:\program files\common files\microsoft shared\xna\xnatrans\v3.0\xnatransx.exe |
"{B488C431-4A7E-4581-B2ED-1E99ADCB883E}" = dir=in | app=c:\program files\microsoft xna\xna game studio\v3.0\bin\xnaliveproxy.exe |
"{B8EBB8C4-A18C-4791-8E99-B27A2F71D0D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B9AB4541-E91A-48E2-99A4-1B7F1885D0F2}" = protocol=17 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{C0C57434-AF55-4B60-8C29-29D49A3900B9}" = protocol=6 | dir=in | app=c:\windows\system32\lsass.exe |
"{C711A9BB-4FD0-4D63-BB13-39FFAFB77438}" = protocol=6 | dir=in | app=c:\windows\system32\wermgr.exe |
"{D492DF35-F55F-4600-826D-129DA95618D6}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
"{D5CF0CBC-ECF6-4BC6-A888-311BA8C7EF05}" = protocol=17 | dir=in | app=c:\windows\system32\wermgr.exe |
"{D7CD05E6-F8CC-4347-A032-4408FC3B73E4}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"{DCE1D806-FE65-4F31-B4F0-797E645F020F}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"{E03B5143-4526-45BA-8B5D-46561F76A9CB}" = protocol=17 | dir=in | app=c:\windows\system32\winlogon.exe |
"{E8814832-37BF-4778-8417-8A3FEA457593}" = protocol=17 | dir=in | app=c:\program files\ipod\bin\ipodservice.exe |
"{F02BD425-ABB4-41E8-B71A-5884A884542D}" = protocol=17 | dir=in | app=c:\windows\system32\lsass.exe |
"{F3EC3F04-4058-4005-9E37-3AA1AB48A35E}" = protocol=6 | dir=in | app=c:\windows\system32\lxcecoms.exe |
"{F4F1C7E6-2E95-453D-BA11-932DC084CC2E}" = protocol=6 | dir=in | app=c:\program files\ivt corporation\bluesoleil\bluesoleilcs.exe |
"{FDB7CFD7-E45C-46D9-B936-A52D59E9DDEE}" = protocol=6 | dir=in | app=c:\windows\system32\winlogon.exe |
"{FE96133E-C054-4285-B3E4-640E00B73376}" = protocol=17 | dir=in | app=c:\windows\system32\wininit.exe |
"TCP Query User{1F79995D-25FA-460E-8A47-019F90D12923}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{6AB6B550-3CB5-4499-9945-74B12DD9F61C}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{86B496B0-D193-4654-95DD-1107AD2CF3DA}C:\users\public\downloads\desktop\scrabble\scrabblecomplete.exe" = protocol=6 | dir=in | app=c:\users\public\downloads\desktop\scrabble\scrabblecomplete.exe |
"TCP Query User{96A26AE9-FCA8-4FEC-A5C9-F2869E051160}H:\portable programs\programs and computer\fun&handy\opera\app\opera\opera.exe" = protocol=6 | dir=in | app=h:\portable programs\programs and computer\fun&handy\opera\app\opera\opera.exe |
"TCP Query User{EB44487B-2341-4D98-8FF6-BB99D68FC50C}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe |
"TCP Query User{F0744443-2CB2-4D5E-818F-7E86A9617B24}H:\portable programs\programs and computer\fun&handy\opera\app\opera\opera.exe" = protocol=6 | dir=in | app=h:\portable programs\programs and computer\fun&handy\opera\app\opera\opera.exe |
"UDP Query User{17CECB9C-A523-4487-8F50-BB701A7DDEF5}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{498FF4E3-CB0B-448C-828D-D54F74F20714}H:\portable programs\programs and computer\fun&handy\opera\app\opera\opera.exe" = protocol=17 | dir=in | app=h:\portable programs\programs and computer\fun&handy\opera\app\opera\opera.exe |
"UDP Query User{79CBF7C4-BAEF-46ED-9073-952A6129A2C5}C:\users\public\downloads\desktop\scrabble\scrabblecomplete.exe" = protocol=17 | dir=in | app=c:\users\public\downloads\desktop\scrabble\scrabblecomplete.exe |
"UDP Query User{8412C55C-5526-4058-B06B-59A6F2A38841}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{8418ED7C-F77C-4156-9ED3-7C06EF0772EE}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe |
"UDP Query User{846965BC-E3E7-4484-9DA0-A938A708063E}H:\portable programs\programs and computer\fun&handy\opera\app\opera\opera.exe" = protocol=17 | dir=in | app=h:\portable programs\programs and computer\fun&handy\opera\app\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{007BECB0-17DD-4230-9D2F-185287262B14}" = Microsoft XNA Game Studio 3.0 (Platformer)
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0289B18A-F99F-423F-B79F-1150D0F85492}" = HP Wireless Assistant
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DB67C01-CFEA-4DBA-85C8-C15399E3FBE0}" = gobeProductive
"{0DC16794-7E69-4534-82FA-9DD0500FF338}" = Microsoft XNA Game Studio 3.0 (Redists)
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10CCE5C1-6BAB-4B4F-992B-4F82CA568619}" = Symantec Real Time Storage Protection Component
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{2877881B-0736-42AB-B312-D4457D57E56D}" = BlackBerry Device Software Updater
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 G2
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{370BCBBA-67D7-4535-ADCD-58CD1C8DEC99}" = Zune Language Pack (DE)
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3912A629-0020-0005-3131-2FBA74D4DF0A}" = InterVideo WinDVD
"{3BA37E38-B53D-4520-B8DA-1DD62AD3A74E}" = Microsoft XNA Game Studio 3.0 (VCSExpress)
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager Installer
"{40EC6323-497B-44DA-8A88-74578622D9B3}" = Zune Language Pack (IT)
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{45C8C3C0-789C-4923-8E41-87D4761B99F1}" = AntiPack
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51D7494B-6C54-468F-98E1-1A9997C89329}" = BlackBerry Desktop Software 4.7
"{521F72F4-FFE4-4959-AA88-EED06125211F}" = HP Notebook Accessories Product Tour
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{584B0895-8EF3-4175-8E80-1B68BFA04636}" = HP Help and Support
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{64AE6DA6-8B61-4DF7-AFC0-7134E4C458FA}" = BIOS Configuration for HP ProtectTools
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{679068CA-C9E9-4C22-A90D-2C4F2881EF9C}" = Bluesoleil 6.2.227.11
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3DB611-D5E8-4E4B-8952-0D3F549F9CC6}" = HP Active Support Library 32 bit components
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = Application Installer 4.00.B14
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 PC Camera
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7766EE25-8A7A-4051-97CA-75B5F9C63DB8}" = Polar WebLink 2.4.9
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7CA4EF4B-DB5A-4E2F-81CC-6EE33FC9EF1E}" = HP User Guides 0084
"{7FD30AE7-281D-455F-AF9F-0C6C5E334EAD}" = Microsoft XNA Game Studio 3.0 Documentation
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{888FFC82-688D-46AB-A776-B417885432B6}" = Zune
"{89D7B2C2-496E-4F15-BC8B-A1BC349D7401}" = ESU for Microsoft Vista
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{924EB80F-C2BB-4B9F-8412-88BBA937393F}" = MobileMe Control Panel
"{93D44E47-EBE0-43FC-A427-8AC3CD026536}" = Vista Default Settings
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{9D81DD64-98F4-4F7D-8AC4-F3EEA00D3CDF}" = SymNet
"{9FE8E277-EBFC-4A5E-BD70-6F9B7F32AF0E}" = HP Total Care Advisor
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC3F9FEE-1A44-4FCE-BD72-BD27D4BC6279}" = Microsoft XNA Game Studio Platform Tools
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF9BDE67-11A5-449A-B9F0-BE572A093DDB}" = Microsoft XNA Game Studio 3.0 (Shared Components)
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBE5C83E-4DC5-494F-8A23-3AAE242E94C2}" = HP Easy Setup - Frontend
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D9B4D7EE-481C-4C36-86AB-A8F7417725FF}" = LightScribe 1.6.43.1
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DFB81F19-ED3A-4DA5-AFE4-1B999E2A8DC5}" = Microsoft XNA Game Studio 3.0 (XnaLiveProxy)
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{E1D78366-91DA-4AD0-B417-28155743CC22}" = Microsoft XNA Game Studio 3.0 (ARP entry)
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E59A46D4-699C-4DC8-969F-DAC3395B4543}" = HP Active Support Library
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"1f7080915ed3f064c12b4aae5c891ded" = Mahjongg Dimensions
"9ef80967c3dfcc23d4d5df1095806101" = Jane Angel - Templar Mystery
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Advanced Registry Optimizer_is1" = Advanced Registry Optimizer
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"am-edensquestthehuntforakua" = Eden's Quest - The Hunt for Akua
"am-escapethemuseum2" = Escape the Museum 2
"am-mirrormysteries" = Mirror Mysteries
"Apex Zune Video Converter_is1" = Apex Zune Video Converter 5.76
"Ask Toolbar_is1" = Ask Toolbar
"Bejeweled 2 Deluxe" = Bejeweled 2 Deluxe (remove only)
"BlackBerry_{51D7494B-6C54-468F-98E1-1A9997C89329}" = BlackBerry Desktop Software 4.7
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Cucusoft DVD to Zune + Zune Video Converter Suite_is1" = Cucusoft DVD to Zune + Zune Video Converter Suite 5.19.5.7
"eBook to Images_is1" = eBook to Images
"eMusic Download Manager" = eMusic Download Manager 4.1.3.1
"fbedeaa717461906e2c8c37e1b384df9" = Wizard Land
"Free Realms Installer" = Free Realms Installer
"Gazillionaire III_is1" = Gazillionaire III
"Google Chrome" = Google Chrome
"GoZone iSync" = GoZone iSync
"HDMI" = Intel® Graphics Media Accelerator Driver
"kidthing-0.86.01" = kidthing beta v.0.86.01
"Lexmark 4300 Series" = Lexmark 4300 Series
"LimeWire" = LimeWire 5.5.7
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Monopoly Here & Now Screensaver" = Monopoly Here & Now Screensaver
"Ms.Pacman" = Ms.Pacman
"NI ComponentWorks 3DGraph" = NI ComponentWorks 3DGraph
"NI LabVIEW Run-Time Engine 5.1.1" = NI LabVIEW Run-Time Engine 5.1.1
"Photo Viewer" = Photo Viewer V2.4
"PROHYBRIDR" = 2007 Microsoft Office system
"PROSet" = Intel® PRO Network Connections Drivers
"RealArcade 1.2" = RealArcade
"Reason4_is1" = Reason 4.0
"RoadRunner" = RoadRunner
"RoadRunnerMedic6.1_is1" = Road Runner Medic 6.1
"Saqqarah" = Saqqarah (remove only)
"Smoothboard 1.0" = Smoothboard 1.0
"Soulseek" = SoulSeek Client 156c
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Web Games Player Plugin" = Web Games Player Plugin
"WinRAR archiver" = WinRAR archiver
"XNA Game Studio 3.0" = Microsoft XNA Game Studio 3.0
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3783738875-507401226-299097535-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 15 April 2010 - 01:55 PM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 outpost_token

outpost_token
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 15 April 2010 - 07:21 PM

I have downloaded and saved combofix to my desktop but i keep getting an error, then combofix is removed. I have used both mirrors. I have also tried running combofix rather than saving it to the desktop. I still got the same error.
The error i am receiving is:

Error

!! ALERT !! It is NOT SAFE to continue!

The contents of the ComboFix package has been compromised.
Please download a fresh copy from:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus 'Virut'


I am not sure how to proceed from here.

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 16 April 2010 - 07:10 AM

Hi,

Could you please upload the ComboFix version for which you received the warning to virustotal:

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to ComboFix, then click Submit.

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 outpost_token

outpost_token
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 16 April 2010 - 06:48 PM

This is the info it gave me....

Jotti's malware scan
Filename: ComboFix.exe
Status: Scan finished. 2 out of 19 scanners reported malware.
Scan taken on: Sat 17 Apr 2010 01:38:37 (CET) Permalink

Additional info
File size: 3916775 bytes
Filetype: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 805bac1d341edbcc0626bbc4fd693573
SHA1: 2e8c3bd4cf150ec5525d3bf6ef2c9be48093acce
Packer (Drweb): UPX, PECOMPACT, BINARYRES, EXEPACK
Packer (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.PECompact, PecBundle, PECompact

Scanners
Kaspersky 2010-04-16 Scanner unavailable
CPsecure - 2010-04-16 BackDoor.W32.VB.bmm
VBA32 - 2010-04-14 Trojan.Win32.Agent2.cpop
All other scanners found nothing.

Edited by outpost_token, 16 April 2010 - 06:51 PM.


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 19 April 2010 - 04:13 AM

Hi,

it is possible that the download was compromised during download. Could you please delete the copy you currently have and download a fresh copy of ComboFix. Let me know if you get the same warning.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 outpost_token

outpost_token
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 19 April 2010 - 06:32 AM

i am still getting the same error msg, unfotunately.

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 19 April 2010 - 07:25 AM

Hi,

is your anti virus program popping up when you download the file?

could you please try to disable your anti virus program before downloading the file and try to run it.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 outpost_token

outpost_token
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 19 April 2010 - 07:29 PM

i made sure that all virus protection programs were turned off. i am still getting the error messages.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 20 April 2010 - 01:07 PM

Hi,

ok let's try something different then:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    CODE
    :otl
    [2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\Windows\System32\jutamayu
    [2010/04/01 22:50:47 | 000,000,102 | ---- | C] () -- C:\gyudekrjh4wh108.bat
    [2010/04/01 22:50:41 | 000,721,408 | ---- | C] () -- C:\Windows\is-GQ4SJ.exe
    [2010/04/01 22:50:41 | 000,010,498 | ---- | C] () -- C:\Windows\is-GQ4SJ.msg
    [2010/04/01 22:50:41 | 000,000,361 | ---- | C] () -- C:\Windows\is-GQ4SJ.lst
    [2010/04/01 22:50:36 | 000,168,400 | ---- | C] () -- C:\Windows\System32\5996668.exe
    [2010/04/01 21:45:10 | 000,718,336 | ---- | C] () -- C:\Windows\is-AOM6P.exe
    [2010/04/01 21:45:10 | 000,010,498 | ---- | C] () -- C:\Windows\is-AOM6P.msg
    [2010/04/01 21:45:10 | 000,000,309 | ---- | C] () -- C:\Windows\is-AOM6P.lst
    [2010/04/01 21:40:01 | 000,718,336 | ---- | C] () -- C:\Windows\is-ALR5A.exe
    [2010/04/01 21:40:01 | 000,010,498 | ---- | C] () -- C:\Windows\is-ALR5A.msg
    [2010/04/01 21:40:01 | 000,000,309 | ---- | C] () -- C:\Windows\is-ALR5A.lst
    [2010/03/30 22:15:05 | 000,029,260 | -HS- | C] () -- C:\ProgramData\1060167760
    [2010/03/30 22:15:03 | 000,000,000 | -HS- | C] () -- C:\Users\robmen\AppData\Local\3311182247
    [2010/03/30 20:12:38 | 000,001,176 | ---- | C] () -- C:\ProgramData\_VOIDmfeklnmal.dll
    [2010/03/30 20:12:24 | 000,003,884 | -HS- | C] () -- C:\Users\robmen\AppData\Local\PqC8sw32avv
    [2010/03/30 19:54:07 | 000,035,894 | -HS- | C] () -- C:\ProgramData\3311182247
    [2010/03/30 19:47:58 | 000,003,884 | -HS- | C] () -- C:\ProgramData\PqC8sw32avv
    :files
    C:\Windows\tasks\at*.job
    :commands
    [emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
    If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

Afterwards please try to download and install Malwarebytes:
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 outpost_token

outpost_token
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:54 PM

Posted 21 April 2010 - 08:42 PM

I ran OTL again, in safemode, with the new info that you gave me. the computer needed to reboot to fully remove the files. After reboot and before logging in i get a message saying "Configuring Updates Step 3 of 3 - 0% Complete please wait" then it sends me to log in screen. type in my password and i get another error message.

Windows Activation

An unauthorized change was made to Windows.

Windows has discovered a change that will result in
limited Windows functionality. Use the link below to
find out how to fix Windows.

when i click how to fix, then ie opens up and i get, "oops, Internet explorer could not find go.microsoft.com" i try microsoft.com and i get "oops, Internet explorer could not find go.microsoft.com" When i try to google any microsoft website, like the 1st 4 that pop up on google i am not able to go to them. though i am able to go to other places. my homepage (road runner), bleepingcomputer.com and cnn.com are just a couple i tried that worked just fine.
if i click close then i get logged out.
should i just go back into safemode and do the malwarebytes without the successful reboot?

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 24 April 2010 - 02:40 PM

Hi,

could you please post the link to Microsoft that you can not access?

Is this a message you are getting from Microsoft Validation? Could you please give me an exact error message. If the message is related to Windows Activation please try reactivation your system: http://support.microsoft.com/kb/940315

regards myrti

Edited by myrti, 24 April 2010 - 02:42 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:54 AM

Posted 15 May 2010 - 11:10 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users