Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Google Redirect Virus w/ Chrome Issues


  • This topic is locked This topic is locked
42 replies to this topic

#1 magicjax

magicjax

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 22 April 2010 - 07:27 PM

This virus may be another version of another redirect virus I had. Not sure if it is the Google Redirect virus but I know Chrome was sending me to all these phishing sites to change my password and now it crashes GMER when I open GMER and start the SCAN and when I open GMER and it freezes then it freezes the computer both in normal startup and safe mode startup. Then to get past the freeze It requires me to take out battery and power and gives me blue screens, the virus gets even more virulent at that stage. Microsoft Firewall is turned on spontaneously and it is attempting to trick me to turn off my Trend Micro firewall which is set at Maximum. It tricks me because I keep seeing that computers and devices are connected to my network as well and so I try and block those but then it tricks me to my internet not working so I have to mess with the firewall because that's the reason that comes up. I can not after 10 attempts in both normal and safe startup mode can not get GMER to run a full scan to get a log. Please help. dance.gif


DDS.txt (For some reason 2 popped up and they were identical I think so I deleted one and kept the other)


DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 2:05:33.22 on Thu 04/22/2010
Internet Explorer: 8.0.6001.18904
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1917.1052 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\IDT\WDM\STacSV.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\WINDOWS\sttray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Downloads\dds.scr
C:\Windows\system32\consent.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-1625
uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-1625
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-1625
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-1625
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-1625
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [eFax 4.4] "c:\program files\efax messenger 4.4\J2GDllCmd.exe" /R
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [OE] "c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for gateway\traybar.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\efax44~1.lnk - c:\program files\efax messenger 4.4\J2GTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\ff8kmyex.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\users\owner\appdata\roaming\mozilla\firefox\profiles\ff8kmyex.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2009-7-29 146448]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2009-9-26 819600]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2009-9-23 447832]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-4-14 36368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2009-7-29 283152]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2010-4-7 281088]
R3 sftfs;sftfs;c:\program files\microsoft application virtualization client\drivers\SftFSlh.sys [2009-9-23 543064]
R3 sftplay;sftplay;c:\program files\microsoft application virtualization client\drivers\sftplaylh.sys [2009-9-23 190312]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2009-9-23 21848]
R3 sftvol;sftvol;c:\program files\microsoft application virtualization client\drivers\SftVollh.sys [2009-9-23 14680]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2009-9-23 203608]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2009-7-29 50704]
R3 TmPfw;Trend Micro Personal Firewall;c:\program files\trend micro\internet security\TmPfw.exe [2010-4-8 497008]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-4-8 689416]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2009-9-26 4639136]

=============== Created Last 30 ================

2010-04-22 07:04:20 0 ----a-w- c:\users\owner\defogger_reenable
2010-04-20 20:30:54 0 d-----w- c:\programdata\Yahoo! Companion
2010-04-20 20:30:30 0 d-----w- c:\programdata\Yahoo!
2010-04-20 20:27:56 0 d-----w- c:\program files\Yahoo!
2010-04-18 20:59:26 0 d-----w- c:\program files\common files\Supportsoft
2010-04-18 01:53:36 0 d-----w- c:\program files\common files\PX Storage Engine
2010-04-18 01:49:30 0 d-----w- c:\program files\common files\DivX Shared
2010-04-18 01:48:05 0 d-----w- c:\program files\DivX
2010-04-18 01:47:10 0 d-----w- c:\programdata\DivX
2010-04-17 14:51:32 0 d-----w- C:\PFiles
2010-04-16 16:42:20 0 d-----w- c:\program files\Veoh Networks
2010-04-15 04:58:02 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-04-15 04:58:02 230928 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-04-15 04:58:02 1322680 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-04-15 03:22:35 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-15 03:22:35 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-15 03:22:35 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-15 03:18:31 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-15 03:18:30 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-15 03:18:24 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-04-15 03:15:50 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-04-15 03:15:46 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-15 03:15:46 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-15 03:15:46 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-04-14 14:06:58 0 d-----w- c:\users\owner\appdata\roaming\j2 Global
2010-04-14 14:05:47 0 d-----w- c:\users\owner\appdata\roaming\eFax Messenger
2010-04-14 14:05:27 0 d-----w- c:\programdata\eFax Messenger 4.4 Output
2010-04-14 14:05:27 0 ----a-w- c:\windows\system32\eFax_4_4_Port
2010-04-14 13:59:36 0 d-----w- c:\program files\eFax Messenger 4.4
2010-04-14 10:19:35 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 10:19:25 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-12 14:49:13 1816 ---ha-w- C:\IPH.PH
2010-04-12 14:49:12 0 d--h--w- C:\TEMP
2010-04-11 03:37:36 0 d-----w- c:\programdata\VirtualizedApplications
2010-04-11 01:27:26 0 d-----w- c:\users\owner\appdata\roaming\NVD
2010-04-11 01:21:22 0 d-----w- c:\users\owner\appdata\roaming\SoftGrid Client
2010-04-11 01:19:48 0 d-----w- c:\program files\Microsoft Application Virtualization Client
2010-04-11 01:18:17 0 d-----w- c:\users\owner\appdata\roaming\TP
2010-04-10 10:19:03 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-04-09 21:39:23 270848 ----a-w- c:\windows\system32\schannel.dll
2010-04-09 21:39:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-04-08 17:55:03 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-08 17:55:03 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-08 17:54:01 0 d-----w- c:\program files\iPod
2010-04-08 17:53:59 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-08 17:53:59 0 d-----w- c:\program files\iTunes
2010-04-08 17:50:15 0 d-----w- c:\programdata\Apple Computer
2010-04-08 17:46:22 0 d-----w- c:\program files\Bonjour
2010-04-08 17:46:01 0 d-----w- c:\programdata\Apple
2010-04-08 15:49:24 178314 ----a-w- c:\users\owner\bushie.jpg
2010-04-08 15:15:30 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-04-08 14:40:42 72704 ----a-w- c:\windows\system32\admparse.dll
2010-04-08 14:22:40 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-04-08 14:22:40 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-04-08 14:22:39 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-04-08 14:22:39 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-04-08 14:22:39 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-04-08 14:22:39 11264 ----a-w- c:\windows\system32\icardres.dll
2010-04-08 14:22:37 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-04-08 14:22:35 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2010-04-08 14:16:22 96760 ----a-w- c:\windows\system32\dfshim.dll
2010-04-08 14:16:20 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-04-08 14:16:20 282112 ----a-w- c:\windows\system32\mscoree.dll
2010-04-08 14:16:14 158720 ----a-w- c:\windows\system32\mscorier.dll
2010-04-08 14:16:10 83968 ----a-w- c:\windows\system32\mscories.dll
2010-04-08 14:15:09 0 d-----w- c:\programdata\Trend Micro
2010-04-08 14:14:47 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-04-08 14:14:47 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-04-08 14:14:47 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-04-08 14:11:46 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2010-04-08 14:06:56 0 d-----w- c:\program files\Trend Micro
2010-04-08 14:04:54 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-04-08 14:04:41 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-04-08 14:04:36 738304 ----a-w- c:\windows\system32\inetcomm.dll
2010-04-08 14:04:27 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-04-08 14:04:21 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-04-08 14:04:00 61440 ----a-w- c:\windows\system32\msasn1.dll
2010-04-08 14:01:31 40960 ----a-w- c:\windows\system32\srclient.dll
2010-04-08 14:01:31 378368 ----a-w- c:\windows\system32\srcore.dll
2010-04-08 14:01:31 14848 ----a-w- c:\windows\system32\srdelayed.exe
2010-04-08 14:01:30 318464 ----a-w- c:\windows\system32\rstrui.exe
2010-04-08 14:01:18 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-04-08 14:01:16 615992 ----a-w- c:\windows\system32\ci.dll
2010-04-08 14:01:14 988216 ----a-w- c:\windows\system32\winload.exe
2010-04-08 14:01:14 927288 ----a-w- c:\windows\system32\winresume.exe
2010-04-08 14:01:13 19000 ----a-w- c:\windows\system32\kd1394.dll
2010-04-08 14:01:11 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2010-04-08 14:00:38 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-04-08 13:59:56 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-04-08 13:59:56 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-04-08 13:59:36 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2010-04-08 13:59:35 94720 ----a-w- c:\windows\system32\logagent.exe
2010-04-08 13:59:11 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-04-08 13:58:51 71680 ----a-w- c:\windows\system32\atl.dll
2010-04-08 13:58:04 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-04-08 13:58:04 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-04-08 13:58:04 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-04-08 13:58:02 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-04-08 13:58:01 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-04-08 13:58:01 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-04-08 13:57:56 98304 ----a-w- c:\windows\system32\iasrecst.dll
2010-04-08 13:57:56 54784 ----a-w- c:\windows\system32\iasads.dll
2010-04-08 13:57:56 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2010-04-08 13:57:56 183296 ----a-w- c:\windows\system32\sdohlp.dll
2010-04-08 13:57:56 17408 ----a-w- c:\windows\system32\iashost.exe
2010-04-08 13:57:55 551424 ----a-w- c:\windows\system32\rpcss.dll
2010-04-08 13:57:13 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-04-08 13:57:13 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-04-08 13:57:13 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-04-08 13:56:20 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-04-08 13:56:20 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-04-08 13:56:20 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-04-08 13:56:20 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-04-08 13:56:16 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-04-08 13:54:20 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2010-04-08 13:54:19 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2010-04-08 13:53:55 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-04-08 13:52:36 636928 ----a-w- c:\windows\system32\localspl.dll
2010-04-08 13:52:22 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-04-08 13:51:37 296960 ----a-w- c:\windows\system32\gdi32.dll
2010-04-08 13:51:31 2927104 ----a-w- c:\windows\explorer.exe
2010-04-08 13:49:59 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-04-08 13:49:47 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-04-08 13:49:46 9728 ----a-w- c:\windows\system32\lsass.exe
2010-04-08 13:49:46 72704 ----a-w- c:\windows\system32\secur32.dll
2010-04-08 13:49:46 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-04-08 13:49:46 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-04-08 13:49:46 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-08 13:48:45 0 d-----w- c:\programdata\Sun
2010-04-08 13:48:21 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-04-08 13:48:11 2868224 ----a-w- c:\windows\system32\mf.dll
2010-04-08 13:47:44 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-04-08 13:47:44 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-04-08 13:47:43 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-04-08 13:47:37 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-04-08 13:47:13 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-04-08 13:47:13 1695744 ----a-w- c:\windows\system32\gameux.dll
2010-04-08 13:47:06 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-04-08 13:46:58 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-04-08 13:46:35 24064 ----a-w- c:\windows\system32\amxread.dll
2010-04-08 13:46:35 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-04-08 13:46:13 1645568 ----a-w- c:\windows\system32\connect.dll
2010-04-08 13:43:43 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-04-08 13:43:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-04-08 13:43:36 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-04-08 13:43:36 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-04-08 13:43:36 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-04-08 13:42:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-04-08 13:21:37 0 d-----w- c:\users\owner\appdata\roaming\Symantec
2010-04-08 13:17:21 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-04-08 13:17:00 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-04-08 13:16:50 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-04-08 13:16:50 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-04-08 13:15:51 0 d-sh--we c:\programdata\Documents
2010-04-08 13:15:51 0 d-sh--we C:\Documents and Settings
2010-04-08 00:45:48 7680 ----a-w- c:\windows\system32\drivers\AtiPcie.sys
2010-04-08 00:45:48 0 d-----w- c:\windows\i386
2010-04-08 00:40:32 0 d-----w- c:\windows\SMINST
2010-04-07 22:33:46 0 ----a-w- c:\windows\ativpsrm.bin
2010-04-07 22:31:32 0 d-----w- c:\programdata\ATI
2010-04-07 22:30:30 0 d-sh--w- C:\$RECYCLE.BIN
2010-04-07 22:30:18 3432 ----a-w- c:\windows\system32\USBMediaReaderPatch.vbs
2010-04-07 22:30:05 24536 ----a-w- c:\windows\system32\gateway.bmp
2010-04-07 22:30:04 0 d-----w- C:\Graphics
2010-04-07 22:26:31 0 d-----w- c:\program files\Gateway Games
2010-04-07 22:26:22 0 d-----w- c:\programdata\WildTangent
2010-04-07 22:26:09 0 d-----w- C:\Documents
2010-04-07 22:25:26 0 d-----w- c:\programdata\Napster
2010-04-07 22:23:05 0 d-----w- c:\program files\Microsoft Money 2007
2010-04-07 22:23:02 0 d-----w- C:\google
2010-04-07 22:23:01 94208 ----a-w- c:\windows\system32\BAE.dll
2010-04-07 22:22:29 0 d-----w- c:\program files\MSN Messenger
2010-04-07 22:22:22 0 d-----w- c:\programdata\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
2010-04-07 22:22:15 0 d-----w- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2010-04-07 22:22:00 0 d-----w- c:\program files\NetZero
2010-04-07 22:21:57 0 d-----w- c:\program files\Acceller
2010-04-07 22:20:30 0 ----a-w- c:\windows\system32\drivers\Gateway_M-1625_Rev.1_T4C8311023505.MRK
2010-04-07 22:20:30 0 ----a-w- c:\windows\system32\drivers\Gateway_M-1625_Rev.1_T000000000000.MRK
2010-04-07 22:20:05 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-04-07 22:19:10 0 d-----w- c:\windows\PCHEALTH
2010-04-07 22:17:46 0 d-----w- c:\programdata\Microsoft Help
2010-04-07 22:16:28 7168 ----a-w- c:\windows\BigFixClientOverride.dll
2010-04-07 22:16:27 0 d-----w- c:\program files\BigFix
2010-04-07 22:16:20 0 d-----w- c:\programdata\Google
2010-04-07 22:15:09 0 d-----w- c:\programdata\Adobe
2010-04-07 22:14:39 1066544 ------w- c:\windows\system32\MFC71.dll
2010-04-07 22:14:39 1053232 ------w- c:\windows\system32\MFC71u.dll
2010-04-07 22:12:54 44544 ----a-w- c:\windows\system32\agremove.exe
2010-04-07 22:11:48 0 d-----w- c:\program files\eBay
2010-04-07 22:11:39 0 d-----w- c:\program files\AOL 9.0
2010-04-07 22:09:29 0 d-----w- c:\program files\ATI Technologies
2010-04-07 22:08:22 0 d-----w- c:\program files\ATI
2010-04-07 22:07:07 11776 ----a-w- c:\windows\system32\drivers\UVCFTR_S.SYS
2010-04-07 22:07:06 0 d-----w- c:\program files\Camera Assistant Software for Gateway
2010-04-07 22:06:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2010-04-07 22:06:33 0 d-----w- c:\program files\Synaptics
2010-04-07 22:06:12 205312 ----a-w- c:\windows\system32\drivers\rtl8187.sys
2010-04-07 22:04:53 281088 ----a-w- c:\windows\system32\drivers\rtl8187B.sys
2010-04-07 22:04:44 0 d-----w- c:\program files\REALTEK USB Wireless LAN Driver
2010-04-07 22:04:31 50752 ------w- c:\windows\system32\agrsmdel.exe
2010-04-07 22:03:23 99840 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2010-04-07 22:03:21 0 d-----w- c:\program files\Realtek
2010-04-07 22:02:28 56832 ----a-w- c:\windows\system32\drivers\RTSTOR.sys
2010-04-07 22:02:28 5631520 ----a-w- c:\windows\system\DriveIcon.dll
2010-04-07 22:02:28 5430 ----a-w- c:\windows\system\MyMulti.ico
2010-04-07 22:01:47 5459968 ----a-w- c:\windows\system32\idtsg.cpl
2010-04-07 22:01:47 405504 ----a-w- c:\windows\sttray.exe
2010-04-07 22:01:47 1601536 ----a-w- c:\windows\system32\stlang.dll
2010-04-07 22:01:47 102400 ----a-w- c:\windows\system32\stacsv.exe
2010-04-07 22:01:47 0 d-----w- c:\program files\Sigmatel
2010-04-07 22:00:54 146944 ----a-w- c:\windows\system32\staco.dll
2010-04-07 22:00:52 562176 ----a-w- c:\windows\system32\stapo.dll
2010-04-07 22:00:52 330240 ----a-w- c:\windows\system32\drivers\stwrt.sys
2010-04-07 22:00:52 328704 ----a-w- c:\windows\system32\stcplx.dll
2010-04-07 22:00:52 299520 ----a-w- c:\windows\system32\stapi32.dll
2010-04-07 22:00:51 0 d-----w- c:\program files\IDT
2010-04-07 21:56:50 0 d-----w- c:\programdata\Symantec
2010-04-07 21:56:49 0 d-----w- c:\program files\common files\Symantec Shared
2010-04-07 21:56:26 0 d-sh--w- c:\windows\Installer
2010-04-07 21:56:18 2 --sh--r- C:\USER
2010-03-31 01:58:24 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

==================== Find3M ====================

2010-04-08 17:48:48 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-04-08 17:48:48 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-08 17:48:48 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-08 15:32:23 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-23 06:39:13 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33:45 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33:45 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55:36 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-12 16:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 16:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-25 12:48:34 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48:06 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45:56 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35:01 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35:00 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34:56 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34:56 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44:02 2048 ----a-w- c:\windows\system32\tzres.dll
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 2:06:59.12 ===============

Attached Files


Edited by magicjax, 22 April 2010 - 07:59 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:18 PM

Posted 28 April 2010 - 03:28 PM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 28 April 2010 - 05:07 PM

Yep just what I thought the browsers ALL of them have the virus .. Safari, Chrome, Internet Explorer and also the Mozilla. All when even I try your mirror I get this Redirect: gmer (5).zip http://www2.gmer.net/gmer.zip

Notice the different site and download. I tried last time and it ruined my computer the thing was setting off alarms left and right. It has set itself up so not to run GMER but to counteract its download with a Malicious GMER. How can we get around this? I wish I had the disk! Ha! I will try and post the rest though. I can not download that file though coming from ww2.gmer.net/gmer.zip or the other one mirror exact same..

#4 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 28 April 2010 - 05:09 PM

OTL logfile created on: 4/28/2010 4:59:47 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Owner\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 163.39 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
Drive D: | 11.04 Gb Total Space | 5.20 Gb Free Space | 47.15% Space Free | Partition Type: NTFS
Drive E: | 336.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/28 16:56:55 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\Downloads\OTL.exe
PRC - [2010/04/27 02:51:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/27 02:51:42 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/27 02:51:24 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/27 02:51:21 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/04/27 02:51:00 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/04/27 02:50:57 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/27 02:50:55 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/27 02:50:52 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/04/27 02:50:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/27 02:50:32 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/04/27 02:50:28 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/04/10 05:13:02 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/27 22:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/26 07:35:12 | 003,195,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
PRC - [2009/09/26 07:35:08 | 000,083,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\VirtualSearchProtocolHost.exe
PRC - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/09/26 07:35:02 | 000,045,392 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/20 21:23:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wsqmcons.exe
PRC - [2007/09/27 18:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2007/09/13 16:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2007/09/06 21:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2007/09/06 21:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/04/28 16:56:55 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\Downloads\OTL.exe
MOD - [2010/04/27 02:53:24 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/27 02:51:21 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/04/27 02:51:00 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/04/27 02:50:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/27 02:50:28 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/23 14:04:34 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/06 21:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2007/08/29 16:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/19 14:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 02:53:22 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/04/27 02:53:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/27 02:52:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/27 02:52:52 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/27 02:50:57 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/04/27 02:50:37 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/04/27 02:50:35 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/04/27 02:50:33 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/04/27 02:50:05 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/09/23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/09 09:09:20 | 003,172,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/10/03 03:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/09/27 19:33:26 | 000,056,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/09/06 21:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/07/18 03:40:00 | 000,281,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/05/23 19:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/04/26 04:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/28 02:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/10/29 21:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=M-1625


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/04/22 01:25:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/04/26 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions
[2010/04/22 01:28:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/22 01:42:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/22 01:28:44 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/04/22 01:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\System32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-590825528-3676777514-165104037-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-590825528-3676777514-165104037-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 000,810,056 | R--- | M] () - E:\Autorun.bmp -- [ CDFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 000,694,768 | R--- | M] (Trend Micro Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 001,290,240 | R--- | M] (Trend Micro Inc.) - E:\Autorun.exe.mui -- [ CDFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 000,000,356 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/28 02:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/28 02:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/27 13:49:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2008-2009 Taxes
[2010/04/27 05:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/04/27 05:42:12 | 031,647,016 | ---- | C] (Apple Inc.) -- C:\Users\Owner\SafariSetup.exe
[2010/04/27 02:53:22 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/27 02:53:22 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/27 02:53:19 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/27 02:52:53 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/27 02:52:50 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/27 02:52:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/04/27 02:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/04/27 02:50:57 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/04/27 02:50:05 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/04/27 02:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/27 02:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/04/27 02:36:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Trend Micro
[2010/04/27 02:33:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/27 02:21:49 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/27 02:21:47 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/27 02:21:44 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/27 02:21:34 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/27 02:21:33 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/27 01:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2010/04/27 01:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/04/27 01:11:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads
[2010/04/27 01:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2010/04/27 01:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2010/04/27 01:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2010/04/27 01:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aol
[2010/04/27 01:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0a
[2010/04/26 21:21:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2010/04/26 21:15:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/22 02:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/22 01:24:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
[2010/04/22 01:24:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2010/04/22 01:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/20 15:32:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Yahoo
[2010/04/20 15:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/04/20 15:30:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yahoo!
[2010/04/20 15:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/04/20 15:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/18 15:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Supportsoft
[2010/04/17 20:53:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DivX
[2010/04/17 20:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/17 20:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/17 09:51:32 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/04/16 11:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/04/14 09:06:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\j2 Global
[2010/04/14 09:05:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\eFax Messenger
[2010/04/14 09:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\eFax Messenger 4.4 Output
[2010/04/14 08:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
[2010/04/12 09:49:12 | 000,000,000 | -H-D | C] -- C:\TEMP
[2010/04/11 01:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe(4)
[2010/04/11 01:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe(1)
[2010/04/10 22:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/04/10 20:37:14 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/10 20:27:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVD
[2010/04/10 20:27:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NVD
[2010/04/10 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SoftGrid Client
[2010/04/10 20:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2010/04/10 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SoftGrid Client
[2010/04/10 20:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/10 20:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/04/10 20:18:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TP
[2010/04/10 05:12:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
[2010/04/10 05:12:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment
[2010/04/08 12:55:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2010/04/08 12:55:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple Computer
[2010/04/08 12:55:03 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/04/08 12:55:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/04/08 12:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/08 12:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/08 12:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/08 12:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/08 12:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/08 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple
[2010/04/08 12:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/08 12:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/08 12:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/04/08 12:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/08 12:43:54 | 097,525,032 | ---- | C] (Apple Inc.) -- C:\Users\Owner\Desktop\iTunesSetup.exe
[2010/04/08 12:38:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Macromedia
[2010/04/08 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MORE FILES
[2010/04/08 10:49:29 | 001,830,424 | ---- | C] (Smallfrogs Studio) -- C:\Users\Owner\Desktop\SREngLdr.EXE
[2010/04/08 10:49:26 | 027,142,744 | ---- | C] (Macrovision Corporation) -- C:\Users\Owner\Desktop\GMATPrepSetup.exe
[2010/04/08 10:49:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Wal-Mart Malpractice
[2010/04/08 10:49:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\US Tax Court
[2010/04/08 10:49:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Upload
[2010/04/08 10:49:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Unemployment
[2010/04/08 10:49:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TTI Finished Product
[2010/04/08 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\SuspiciousFiles
[2010/04/08 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Signatures
[2010/04/08 10:49:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Siedlik Replevin
[2010/04/08 10:48:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Roasterie
[2010/04/08 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ready Debit Disputes
[2010/04/08 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Old Carco
[2010/04/08 10:48:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MUSIC
[2010/04/08 10:48:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\LossTheftfromVehicleQuestionnaire
[2010/04/08 10:48:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\KANSAS CASES
[2010/04/08 10:48:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Jayhawk Marina
[2010/04/08 10:48:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\IRSAugSS4
[2010/04/08 10:48:17 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\Important Company DOCS
[2010/04/08 10:48:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\HRBlock and Aetna
[2010/04/08 10:48:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ExplorerPaperwork
[2010/04/08 10:48:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ellis Case
[2010/04/08 10:46:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\VCheck
[2010/04/08 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Spamassassin
[2010/04/08 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Small Business Accounting
[2010/04/08 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Outlook Files
[2010/04/08 10:46:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2010/04/08 10:46:12 | 000,000,000 | --SD | C] -- C:\Users\Owner\Documents\My Shapes
[2010/04/08 10:46:12 | 000,000,000 | --SD | C] -- C:\Users\Owner\Documents\My Data Sources
[2010/04/08 10:46:12 | 000,000,000 | R--D | C] -- C:\Users\Owner\Documents\Notes
[2010/04/08 10:46:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\NetManage
[2010/04/08 10:46:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Received Files
[2010/04/08 10:46:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\iMesh
[2010/04/08 10:46:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\HotDocs
[2010/04/08 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\HomePhotos001
[2010/04/08 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Graboid
[2010/04/08 10:46:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\eFax Messenger 4.4
[2010/04/08 10:46:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\eFax Messenger 4.3
[2010/04/08 10:44:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Downloads
[2010/04/08 10:44:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Corel User Files
[2010/04/08 10:44:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\CCWin
[2010/04/08 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\204512-DF
[2010/04/08 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Downloads
[2010/04/08 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\CVs and Resumes
[2010/04/08 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\CourtViews
[2010/04/08 10:43:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ConceptualPaper
[2010/04/08 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Chrysler Financial Case
[2010/04/08 10:42:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\CASES
[2010/04/08 10:42:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Business School Items
[2010/04/08 10:42:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BostonMedical
[2010/04/08 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-03-13 EEOCcharges2
[2010/04/08 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-03-13 EEOCcharges
[2010/04/08 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-28 J4
[2010/04/08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-27 HospitalCharity
[2010/04/08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-26 w-2
[2010/04/08 10:42:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-24 Aetna
[2010/04/08 10:42:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/04/08 10:42:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2009 Tax Prep
[2010/04/08 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Adobe
[2010/04/08 10:15:30 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/08 10:05:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/04/08 10:05:18 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/04/08 10:05:18 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/04/08 10:05:17 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/04/08 10:05:17 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/04/08 10:05:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/04/08 10:05:17 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/04/08 10:05:17 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/04/08 10:05:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/04/08 10:05:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/04/08 10:05:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/04/08 10:05:17 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/04/08 10:05:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/04/08 10:05:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/04/08 10:05:17 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/04/08 10:05:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/04/08 10:05:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/04/08 10:05:16 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/04/08 10:05:16 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/04/08 10:05:16 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/04/08 10:05:16 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/04/08 10:05:16 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/04/08 10:05:16 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/04/08 10:05:16 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/04/08 09:42:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/08 09:42:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/08 09:42:06 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/08 09:42:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/08 09:42:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/08 09:42:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/08 09:42:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/08 09:42:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/08 09:42:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/08 09:42:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/08 09:42:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/08 09:42:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/08 09:42:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/08 09:42:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/08 09:42:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/08 09:40:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/04/08 09:40:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/04/08 09:40:41 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/04/08 09:40:41 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/04/08 09:40:41 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/04/08 09:40:41 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/04/08 09:40:41 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/04/08 09:40:41 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/04/08 09:40:40 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/04/08 09:40:40 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/04/08 09:40:40 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/04/08 09:40:40 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/04/08 09:40:39 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/04/08 09:40:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/04/08 09:40:39 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/04/08 09:40:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/04/08 09:40:38 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/04/08 09:40:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/04/08 09:40:37 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/04/08 09:40:36 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/04/08 09:40:36 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/04/08 09:40:36 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/04/08 09:40:36 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/04/08 09:40:36 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/04/08 09:40:36 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/04/08 09:22:40 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/04/08 09:22:40 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/04/08 09:22:39 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/04/08 09:22:39 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/04/08 09:22:39 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/04/08 09:22:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/04/08 09:22:37 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/04/08 09:22:35 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/04/08 09:16:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/04/08 09:16:14 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/04/08 09:16:10 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/04/08 09:14:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/04/08 09:14:47 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/04/08 09:12:57 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/04/08 09:12:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/04/08 09:12:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/04/08 09:12:55 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/04/08 09:12:53 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/04/08 09:12:51 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/04/08 09:12:51 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/04/08 09:12:51 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/04/08 09:12:51 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/04/08 09:12:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/04/08 09:12:51 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/04/08 09:12:51 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/04/08 09:12:51 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/04/08 09:12:51 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/04/08 09:12:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/04/08 09:11:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010/04/08 09:11:43 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/04/08 09:11:43 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/04/08 09:11:43 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/04/08 09:11:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/04/08 09:11:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/04/08 09:11:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/04/08 09:11:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/08 09:11:35 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/04/08 09:11:32 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/04/08 09:11:18 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/04/08 09:11:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/04/08 09:11:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/04/08 09:11:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/04/08 09:11:15 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/04/08 09:11:15 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/04/08 09:04:54 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/04/08 09:04:41 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/04/08 09:01:31 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/04/08 09:01:31 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/04/08 09:01:30 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/04/08 09:01:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/04/08 09:01:16 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/04/08 09:01:14 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/04/08 09:01:14 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/04/08 09:01:13 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/04/08 09:01:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2010/04/08 09:00:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/04/08 08:59:56 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/04/08 08:59:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/04/08 08:59:36 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/04/08 08:59:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/04/08 08:58:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/08 08:58:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/08 08:57:56 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/04/08 08:57:56 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/04/08 08:57:56 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/04/08 08:57:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/04/08 08:57:56 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010/04/08 08:57:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/04/08 08:57:13 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/04/08 08:56:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/04/08 08:56:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/04/08 08:56:16 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/04/08 08:54:20 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/04/08 08:54:19 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/04/08 08:53:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/04/08 08:52:36 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/04/08 08:51:31 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/08 08:50:53 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/04/08 08:50:53 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/04/08 08:50:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/04/08 08:50:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/04/08 08:50:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/04/08 08:50:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/04/08 08:50:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/04/08 08:50:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/04/08 08:50:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/04/08 08:50:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/04/08 08:50:06 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/04/08 08:50:06 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/04/08 08:50:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010/04/08 08:50:05 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/04/08 08:49:59 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/04/08 08:49:46 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/08 08:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/08 08:48:12 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/04/08 08:48:11 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/04/08 08:47:44 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/08 08:47:44 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/08 08:47:43 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/08 08:47:37 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/08 08:47:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/08 08:47:13 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/08 08:47:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/08 08:46:58 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/04/08 08:46:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/04/08 08:46:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/04/08 08:46:13 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/04/08 08:43:43 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/04/08 08:43:37 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/04/08 08:43:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/04/08 08:43:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/04/08 08:43:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/04/08 08:42:37 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/04/08 08:42:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/08 08:42:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/08 08:42:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/08 08:22:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Google Gadgets
[2010/04/08 08:22:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2010/04/08 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ATI
[2010/04/08 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ATI
[2010/04/08 08:21:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Symantec
[2010/04/08 08:21:01 | 000,000,000 | R--D | C] -- C:\Users\Owner\Searches
[2010/04/08 08:20:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Identities
[2010/04/08 08:20:44 | 000,000,000 | R--D | C] -- C:\Users\Owner\Contacts
[2010/04/08 08:20:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VirtualStore
[2010/04/08 08:20:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SampleView
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\Temporary Internet Files
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Templates
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Start Menu
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\SendTo
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Recent
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\PrintHood
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\NetHood
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Videos
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Pictures
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Music
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\My Documents
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Local Settings
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\History
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Cookies
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Application Data
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\Application Data
[2010/04/08 08:20:25 | 000,000,000 | --SD | C] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Videos
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Saved Games
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Pictures
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Music
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Links
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Favorites
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Downloads
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Documents
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop
[2010/04/08 08:20:25 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData
[2010/04/08 08:20:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Temp
[2010/04/08 08:20:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft
[2010/04/08 08:20:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Media Center Programs
[2010/04/08 08:17:21 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/04/08 08:17:21 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/04/08 08:17:00 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/04/08 08:17:00 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/04/08 08:17:00 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/04/08 08:16:50 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/04/08 08:16:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010/04/07 19:50:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/04/07 19:48:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/07 19:45:48 | 000,007,680 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys
[2010/04/07 19:45:48 | 000,000,000 | ---D | C] -- C:\Windows\i386
[2010/04/07 19:40:32 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2010/04/07 17:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/04/07 17:30:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/07 17:30:04 | 000,000,000 | ---D | C] -- C:\Graphics
[2010/04/07 17:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Gateway Games
[2010/04/07 17:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2010/04/07 17:26:09 | 000,000,000 | ---D | C] -- C:\Documents
[2010/04/07 17:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Napster
[2010/04/07 17:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2007
[2010/04/07 17:23:02 | 000,000,000 | ---D | C] -- C:\google
[2010/04/07 17:23:01 | 000,094,208 | ---- | C] (Gateway Inc.) -- C:\Windows\System32\BAE.dll
[2010/04/07 17:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
[2010/04/07 17:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/04/07 17:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/04/07 17:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\NetZero
[2010/04/07 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Acceller
[2010/04/07 17:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/07 17:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/07 17:20:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/04/07 17:20:05 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010/04/07 17:19:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/07 17:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/04/07 17:16:28 | 000,007,168 | ---- | C] (BigFix, Inc.) -- C:\Windows\BigFixClientOverride.dll
[2010/04/07 17:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\BigFix
[2010/04/07 17:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/04/07 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/04/07 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/04/07 17:14:39 | 001,066,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.dll
[2010/04/07 17:14:39 | 001,053,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71u.dll
[2010/04/07 17:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/04/07 17:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/07 17:12:54 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010/04/07 17:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/07 17:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2010/04/07 17:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0
[2010/04/07 17:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/07 17:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/04/07 17:07:07 | 000,011,776 | ---- | C] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS
[2010/04/07 17:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Camera Assistant Software for Gateway
[2010/04/07 17:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/04/07 17:06:12 | 000,205,312 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl8187.sys
[2010/04/07 17:04:53 | 000,281,088 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl8187B.sys
[2010/04/07 17:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK USB Wireless LAN Driver
[2010/04/07 17:04:31 | 000,050,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2010/04/07 17:03:23 | 000,099,840 | ---- | C] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/04/07 17:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/04/07 17:02:28 | 000,056,832 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.sys
[2010/04/07 17:01:47 | 005,459,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtsg.cpl
[2010/04/07 17:01:47 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\Windows\System32\stlang.dll
[2010/04/07 17:01:47 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray.exe
[2010/04/07 17:01:47 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/04/07 17:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2010/04/07 17:00:54 | 000,146,944 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2010/04/07 17:00:52 | 000,562,176 | ---- | C] (SigmaTel, Inc.) -- C:\Windows\System32\stapo.dll
[2010/04/07 17:00:52 | 000,330,240 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010/04/07 17:00:52 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/04/07 17:00:52 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/04/07 17:00:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/07 17:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/04/07 17:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/07 16:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/04/07 16:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/07 16:56:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

========== Files - Modified Within 30 Days ==========

[2010/04/28 17:01:57 | 000,786,432 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
[2010/04/28 16:57:49 | 000,000,960 | ---- | M] () -- C:\Users\Owner\Desktop\OTL - Shortcut.lnk
[2010/04/28 16:55:12 | 000,096,543 | ---- | M] () -- C:\Users\Owner\Desktop\AdvocacyLegalAssistance.pdf
[2010/04/28 16:50:25 | 000,029,696 | ---- | M] () -- C:\Users\Owner\Desktop\JointMotionSealingCaseJAAXvJAYHAWKMARINA.doc
[2010/04/28 16:30:14 | 059,354,843 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/28 16:18:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000UA.job
[2010/04/28 15:40:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/28 15:40:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/28 13:44:47 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB3A6B77-1C62-4A36-BCA2-38F52F9EFCCE}.job
[2010/04/28 05:46:11 | 000,691,826 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/28 05:46:11 | 000,596,128 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/28 05:46:11 | 000,101,536 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/28 05:44:20 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010/04/28 05:40:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/28 05:39:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/28 05:18:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000Core.job
[2010/04/28 02:06:10 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/27 16:37:12 | 000,001,594 | ---- | M] () -- C:\Users\Owner\Desktop\sanjose.jpg
[2010/04/27 16:36:16 | 000,004,667 | ---- | M] () -- C:\Users\Owner\Desktop\squidrow.jpg
[2010/04/27 14:24:35 | 000,018,364 | ---- | M] () -- C:\Users\Owner\Cruise1.jpg
[2010/04/27 11:00:12 | 000,000,942 | ---- | M] () -- C:\Users\Owner\Yahoo! Messenger.lnk
[2010/04/27 05:43:51 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/27 05:42:13 | 031,647,016 | ---- | M] (Apple Inc.) -- C:\Users\Owner\SafariSetup.exe
[2010/04/27 02:57:05 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/27 02:57:05 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/27 02:56:51 | 001,970,462 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/04/27 02:53:24 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/27 02:53:24 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/04/27 02:53:22 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/27 02:53:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/27 02:52:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/27 02:52:52 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/27 02:52:50 | 000,582,365 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/04/27 02:52:49 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/27 02:50:57 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/04/27 02:50:05 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/04/27 02:26:53 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/04/27 02:14:57 | 000,000,996 | ---- | M] () -- C:\Users\Owner\Desktop\Trend Micro Security Software Download Manager.lnk
[2010/04/27 02:12:59 | 000,002,042 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2010/04/26 16:13:44 | 000,003,350 | ---- | M] () -- C:\Users\Owner\froder (1).jpg
[2010/04/26 16:13:44 | 000,003,350 | ---- | M] () -- C:\Users\Owner\froder (1) - Copy (1).jpg
[2010/04/26 15:03:14 | 000,018,504 | ---- | M] () -- C:\Users\Owner\cabo3.jpg
[2010/04/26 15:03:01 | 000,018,504 | ---- | M] () -- C:\Users\Owner\cabo2.jpg
[2010/04/26 15:01:52 | 000,021,851 | ---- | M] () -- C:\Users\Owner\frat.jpg
[2010/04/26 15:01:24 | 000,018,504 | ---- | M] () -- C:\Users\Owner\Desktop\cabo2.jpg
[2010/04/26 15:01:04 | 000,001,594 | ---- | M] () -- C:\Users\Owner\cabo1.jpg
[2010/04/26 15:00:34 | 000,001,594 | ---- | M] () -- C:\Users\Owner\phil2.jpg
[2010/04/26 10:07:51 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/04/22 02:04:20 | 000,000,000 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2010/04/20 11:45:24 | 000,069,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/20 09:36:05 | 000,326,895 | ---- | M] () -- C:\Users\Owner\Desktop\COBRAeligibilityforms.pdf
[2010/04/20 09:20:11 | 000,462,604 | ---- | M] () -- C:\Users\Owner\Desktop\SIEDLIKemailsUPDATED.pdf
[2010/04/20 08:51:53 | 000,000,000 | ---- | M] () -- C:\Users\Owner\Documents\eFax_4_4_Port
[2010/04/20 06:43:27 | 000,296,111 | ---- | M] () -- C:\Users\Owner\Desktop\ConfidFilingSheetSIEDLIKREPLEVIN.pdf
[2010/04/20 06:34:13 | 000,357,678 | ---- | M] () -- C:\Users\Owner\Desktop\InformapaupSIEDLIKREPLEVIN.pdf
[2010/04/19 17:50:34 | 000,234,799 | ---- | M] () -- C:\Users\Owner\Desktop\Phil Jaax COBRA Invoice.pdf
[2010/04/15 09:07:19 | 001,679,481 | ---- | M] () -- C:\Users\Owner\Desktop\f656b.pdf
[2010/04/15 06:53:21 | 000,209,882 | ---- | M] () -- C:\Users\Owner\Desktop\Jaax2009TaxReturnHR.pdf
[2010/04/12 11:56:54 | 000,300,147 | ---- | M] () -- C:\Users\Owner\Desktop\TITLESREGISTRATION.pdf
[2010/04/12 11:56:30 | 003,582,494 | ---- | M] () -- C:\Users\Owner\Desktop\SIEDLIKemails.pdf
[2010/04/12 11:55:56 | 000,517,041 | ---- | M] () -- C:\Users\Owner\Desktop\SiedlikLastDemandLTR.pdf
[2010/04/12 07:48:55 | 000,056,832 | ---- | M] () -- C:\Users\Owner\Desktop\JaaxResume2010.doc
[2010/04/08 12:55:07 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/08 12:50:56 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/08 12:43:55 | 097,525,032 | ---- | M] (Apple Inc.) -- C:\Users\Owner\Desktop\iTunesSetup.exe
[2010/04/08 10:35:39 | 000,294,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/08 10:31:01 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/08 08:42:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/04/08 08:42:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/08 08:42:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/08 08:42:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/08 08:20:26 | 000,000,020 | -HS- | M] () -- C:\Users\Owner\ntuser.ini
[2010/04/08 08:14:53 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/04/07 17:33:46 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/04/07 17:31:45 | 000,000,169 | ---- | M] () -- C:\Windows\win.ini
[2010/04/07 17:20:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Gateway_M-1625_Rev.1_T4C8311023505.MRK
[2010/04/07 17:06:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/04/07 16:56:18 | 000,000,002 | RHS- | M] () -- C:\USER

========== Files Created - No Company Name ==========

[2010/04/28 16:57:49 | 000,000,960 | ---- | C] () -- C:\Users\Owner\Desktop\OTL - Shortcut.lnk
[2010/04/28 16:55:12 | 000,096,543 | ---- | C] () -- C:\Users\Owner\Desktop\AdvocacyLegalAssistance.pdf
[2010/04/28 16:50:22 | 000,029,696 | ---- | C] () -- C:\Users\Owner\Desktop\JointMotionSealingCaseJAAXvJAYHAWKMARINA.doc
[2010/04/28 02:06:10 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/27 16:37:12 | 000,001,594 | ---- | C] () -- C:\Users\Owner\Desktop\sanjose.jpg
[2010/04/27 16:36:16 | 000,004,667 | ---- | C] () -- C:\Users\Owner\Desktop\squidrow.jpg
[2010/04/27 16:03:12 | 000,003,350 | ---- | C] () -- C:\Users\Owner\froder (1) - Copy (1).jpg
[2010/04/27 14:24:35 | 000,018,364 | ---- | C] () -- C:\Users\Owner\Cruise1.jpg
[2010/04/27 11:00:12 | 000,000,942 | ---- | C] () -- C:\Users\Owner\Yahoo! Messenger.lnk
[2010/04/27 05:43:51 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/27 02:53:24 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/04/27 02:52:49 | 000,582,365 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/04/27 02:52:49 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/27 02:52:33 | 059,354,843 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/27 02:24:58 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/04/27 02:14:56 | 000,000,996 | ---- | C] () -- C:\Users\Owner\Desktop\Trend Micro Security Software Download Manager.lnk
[2010/04/26 16:13:43 | 000,003,350 | ---- | C] () -- C:\Users\Owner\froder (1).jpg
[2010/04/26 15:03:14 | 000,018,504 | ---- | C] () -- C:\Users\Owner\cabo3.jpg
[2010/04/26 15:03:00 | 000,018,504 | ---- | C] () -- C:\Users\Owner\cabo2.jpg
[2010/04/26 15:01:51 | 000,021,851 | ---- | C] () -- C:\Users\Owner\frat.jpg
[2010/04/26 15:01:23 | 000,018,504 | ---- | C] () -- C:\Users\Owner\Desktop\cabo2.jpg
[2010/04/26 15:01:04 | 000,001,594 | ---- | C] () -- C:\Users\Owner\cabo1.jpg
[2010/04/26 15:00:33 | 000,001,594 | ---- | C] () -- C:\Users\Owner\phil2.jpg
[2010/04/26 10:07:51 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/04/22 02:04:20 | 000,000,000 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2010/04/20 09:36:05 | 000,326,895 | ---- | C] () -- C:\Users\Owner\Desktop\COBRAeligibilityforms.pdf
[2010/04/20 09:06:26 | 000,462,604 | ---- | C] () -- C:\Users\Owner\Desktop\SIEDLIKemailsUPDATED.pdf
[2010/04/20 05:49:41 | 000,296,111 | ---- | C] () -- C:\Users\Owner\Desktop\ConfidFilingSheetSIEDLIKREPLEVIN.pdf
[2010/04/20 04:26:28 | 000,357,678 | ---- | C] () -- C:\Users\Owner\Desktop\InformapaupSIEDLIKREPLEVIN.pdf
[2010/04/19 17:50:32 | 000,234,799 | ---- | C] () -- C:\Users\Owner\Desktop\Phil Jaax COBRA Invoice.pdf
[2010/04/15 09:07:19 | 001,679,481 | ---- | C] () -- C:\Users\Owner\Desktop\f656b.pdf
[2010/04/15 06:53:21 | 000,209,882 | ---- | C] () -- C:\Users\Owner\Desktop\Jaax2009TaxReturnHR.pdf
[2010/04/12 11:56:54 | 000,300,147 | ---- | C] () -- C:\Users\Owner\Desktop\TITLESREGISTRATION.pdf
[2010/04/12 11:56:30 | 003,582,494 | ---- | C] () -- C:\Users\Owner\Desktop\SIEDLIKemails.pdf
[2010/04/12 11:55:56 | 000,517,041 | ---- | C] () -- C:\Users\Owner\Desktop\SiedlikLastDemandLTR.pdf
[2010/04/10 05:14:18 | 000,002,042 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2010/04/10 05:13:10 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000UA.job
[2010/04/10 05:13:09 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000Core.job
[2010/04/08 12:55:07 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/08 12:50:56 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/08 12:36:56 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB3A6B77-1C62-4A36-BCA2-38F52F9EFCCE}.job
[2010/04/08 10:49:29 | 000,099,810 | ---- | C] () -- C:\Users\Owner\Desktop\WorkSourceMOunemployment.pdf
[2010/04/08 10:49:29 | 000,013,508 | ---- | C] () -- C:\Users\Owner\Desktop\SS4JCW.pdf
[2010/04/08 10:49:28 | 000,995,281 | ---- | C] () -- C:\Users\Owner\Desktop\MOUnemploymentBenefits.pdf
[2010/04/08 10:49:28 | 000,444,678 | ---- | C] () -- C:\Users\Owner\Desktop\PhilJaaxSIG.bmp
[2010/04/08 10:49:28 | 000,107,974 | ---- | C] () -- C:\Users\Owner\Desktop\ID1.pdf
[2010/04/08 10:49:28 | 000,065,446 | ---- | C] () -- C:\Users\Owner\Desktop\MOReplevinCaseLaw.docx
[2010/04/08 10:49:28 | 000,057,607 | ---- | C] () -- C:\Users\Owner\Desktop\MOBoatRegistration.pdf
[2010/04/08 10:49:28 | 000,056,832 | ---- | C] () -- C:\Users\Owner\Desktop\JaaxResume2010.doc
[2010/04/08 10:49:28 | 000,050,177 | ---- | C] () -- C:\Users\Owner\Desktop\MOBARRemediesReplevin.docx
[2010/04/08 10:49:28 | 000,022,885 | ---- | C] () -- C:\Users\Owner\Desktop\NONADSAPE.pdf
[2010/04/08 10:49:28 | 000,020,481 | ---- | C] () -- C:\Users\Owner\Desktop\ReaganPoster.JPEG
[2010/04/08 10:49:28 | 000,013,593 | ---- | C] () -- C:\Users\Owner\Desktop\Ras Dialer Malware.docx
[2010/04/08 10:49:28 | 000,013,468 | ---- | C] () -- C:\Users\Owner\Desktop\PhilJaaxSIG.jpg
[2010/04/08 10:49:24 | 000,310,496 | ---- | C] () -- C:\Users\Owner\Desktop\Emergency_Replevin_Packet.pdf
[2010/04/08 10:49:24 | 000,178,314 | ---- | C] () -- C:\Users\Owner\bushie.jpg
[2010/04/08 10:49:24 | 000,114,356 | ---- | C] () -- C:\Users\Owner\Desktop\CLEMoBarINJUNCTIONS.pdf
[2010/04/08 10:49:24 | 000,034,081 | ---- | C] () -- C:\Users\Owner\Desktop\CoverLetterJaax2010.docx
[2010/04/08 10:49:24 | 000,029,255 | ---- | C] () -- C:\Users\Owner\Desktop\Chapter 3 DECLARATORY JUDGMENTS.docx
[2010/04/08 10:49:24 | 000,000,393 | ---- | C] () -- C:\Users\Owner\Canni.txt
[2010/04/08 10:44:47 | 001,733,719 | ---- | C] () -- C:\Users\Owner\Documents\WhyIraqIsTakingSoLong.wmv
[2010/04/08 10:44:47 | 000,880,621 | ---- | C] () -- C:\Users\Owner\Documents\Web300Capture.docx
[2010/04/08 10:44:47 | 000,015,330 | ---- | C] () -- C:\Users\Owner\Documents\Untitled.mbw
[2010/04/08 10:44:47 | 000,000,162 | -HS- | C] () -- C:\Users\Owner\Documents\~$&T Matrix Consult.docx
[2010/04/08 10:44:46 | 005,531,382 | ---- | C] () -- C:\Users\Owner\Documents\TitleBack1.bmp
[2010/04/08 10:44:45 | 005,505,462 | ---- | C] () -- C:\Users\Owner\Documents\Title 1.bmp
[2010/04/08 10:44:45 | 000,464,782 | ---- | C] () -- C:\Users\Owner\Documents\SBAPersonalFinances1.doc
[2010/04/08 10:44:45 | 000,232,960 | ---- | C] () -- C:\Users\Owner\Documents\te Member of The Poindexler Group of Companies.doc
[2010/04/08 10:44:45 | 000,223,929 | ---- | C] () -- C:\Users\Owner\Documents\Signature.docx
[2010/04/08 10:44:45 | 000,089,651 | ---- | C] () -- C:\Users\Owner\Documents\Swiss Franc Per US Dollar.pdf
[2010/04/08 10:44:45 | 000,026,996 | ---- | C] () -- C:\Users\Owner\Documents\SSPDFD
[2010/04/08 10:44:45 | 000,018,808 | ---- | C] () -- C:\Users\Owner\Documents\task_two_template[1].docm
[2010/04/08 10:44:44 | 005,515,830 | ---- | C] () -- C:\Users\Owner\Documents\ReleaseBack1.bmp
[2010/04/08 10:44:43 | 005,531,382 | ---- | C] () -- C:\Users\Owner\Documents\Release1.bmp
[2010/04/08 10:44:43 | 000,312,748 | ---- | C] () -- C:\Users\Owner\Documents\PhysicianStatementDOC.docx
[2010/04/08 10:44:43 | 000,212,819 | ---- | C] () -- C:\Users\Owner\Documents\Personal at farmstead.docx
[2010/04/08 10:44:43 | 000,210,225 | ---- | C] () -- C:\Users\Owner\Documents\Old Resume, Jaax.docx
[2010/04/08 10:44:43 | 000,044,032 | ---- | C] () -- C:\Users\Owner\Documents\PREQUALWORKSHEET.doc
[2010/04/08 10:44:42 | 003,284,992 | ---- | C] () -- C:\Users\Owner\Documents\My Money.mny
[2010/04/08 10:44:42 | 000,213,728 | ---- | C] () -- C:\Users\Owner\Documents\OCT 24 DEFAULT1.docx
[2010/04/08 10:44:42 | 000,212,824 | ---- | C] () -- C:\Users\Owner\Documents\MOStateGovernor.docx
[2010/04/08 10:44:42 | 000,075,264 | ---- | C] () -- C:\Users\Owner\Documents\LaborWaivers.wps
[2010/04/08 10:44:42 | 000,065,290 | ---- | C] () -- C:\Users\Owner\Documents\MotionToSealMEDICAL.pdf
[2010/04/08 10:44:42 | 000,060,894 | ---- | C] () -- C:\Users\Owner\Documents\MacResourceFork
[2010/04/08 10:44:42 | 000,017,117 | ---- | C] () -- C:\Users\Owner\Documents\message_zdm.html
[2010/04/08 10:44:41 | 006,487,447 | ---- | C] () -- C:\Users\Owner\Documents\HomePhotos001.zip
[2010/04/08 10:44:41 | 000,267,401 | ---- | C] () -- C:\Users\Owner\Documents\Justin 2.jpg
[2010/04/08 10:44:41 | 000,018,227 | ---- | C] () -- C:\Users\Owner\Documents\JG3494.pdf
[2010/04/08 10:44:41 | 000,014,807 | ---- | C] () -- C:\Users\Owner\Documents\GESTORI PATRIMONIALI SS4.pdf
[2010/04/08 10:44:40 | 000,242,331 | ---- | C] () -- C:\Users\Owner\Documents\FTCTheftAffadavit.pdf
[2010/04/08 10:44:39 | 000,025,600 | ---- | C] () -- C:\Users\Owner\Documents\Employ.doc
[2010/04/08 10:44:39 | 000,004,354 | ---- | C] () -- C:\Users\Owner\Documents\Employ.wpd
[2010/04/08 10:44:38 | 000,042,879 | ---- | C] () -- C:\Users\Owner\Documents\eBillServletAug05.pdf
[2010/04/08 10:44:38 | 000,000,000 | ---- | C] () -- C:\Users\Owner\Documents\eFax_4_4_Port
[2010/04/08 10:44:38 | 000,000,000 | ---- | C] () -- C:\Users\Owner\Documents\eFax_4_3_Port
[2010/04/08 10:44:37 | 001,358,218 | ---- | C] () -- C:\Users\Owner\Documents\DSCN0200.JPG
[2010/04/08 10:44:37 | 000,151,534 | ---- | C] () -- C:\Users\Owner\Documents\CORPSTOCKS.pdf
[2010/04/08 10:44:37 | 000,141,889 | ---- | C] () -- C:\Users\Owner\Documents\CivilCoverSheetPDFKS.pdf
[2010/04/08 10:44:36 | 000,021,582 | ---- | C] () -- C:\Users\Owner\Documents\bind3.pdf
[2010/04/08 10:44:36 | 000,005,460 | ---- | C] () -- C:\Users\Owner\Documents\bind2.pdf
[2010/04/08 10:44:35 | 005,531,382 | ---- | C] () -- C:\Users\Owner\Documents\Bill Of Sale.bmp
[2010/04/08 10:44:35 | 000,221,851 | ---- | C] () -- C:\Users\Owner\Documents\AT&T Matrix Consult.docx
[2010/04/08 10:44:35 | 000,006,997 | ---- | C] () -- C:\Users\Owner\Documents\back.jpg
[2010/04/08 10:44:34 | 000,290,952 | ---- | C] () -- C:\Users\Owner\Documents\5010-2198_r2_Premier%20Promo_080108_092008[1].pdf
[2010/04/08 10:44:34 | 000,236,052 | ---- | C] () -- C:\Users\Owner\Documents\Additional INFO on ID Thief.docx
[2010/04/08 10:44:34 | 000,144,538 | ---- | C] () -- C:\Users\Owner\Documents\204512-DF.zip
[2010/04/08 10:44:34 | 000,075,512 | ---- | C] () -- C:\Users\Owner\Documents\Application-153572.pdf
[2010/04/08 10:44:34 | 000,043,056 | ---- | C] () -- C:\Users\Owner\Documents\59269449.efx
[2010/04/08 10:44:34 | 000,014,492 | ---- | C] () -- C:\Users\Owner\Documents\68d03111.efx
[2010/04/08 10:44:34 | 000,009,460 | ---- | C] () -- C:\Users\Owner\Documents\6a29d710.efx
[2010/04/08 10:44:33 | 005,521,014 | ---- | C] () -- C:\Users\Owner\Documents\18168171713@messages_efax_com_85167_20080617102406.bmp
[2010/04/08 10:44:33 | 000,331,252 | ---- | C] () -- C:\Users\Owner\Documents\$vFBCC.wav
[2010/04/08 10:44:33 | 000,291,124 | ---- | C] () -- C:\Users\Owner\Documents\$vED36.wav
[2010/04/08 10:44:33 | 000,181,876 | ---- | C] () -- C:\Users\Owner\Documents\$vF96A.wav
[2010/04/08 10:44:33 | 000,170,478 | ---- | C] () -- C:\Users\Owner\Documents\$vF6F4.wav
[2010/04/08 10:44:33 | 000,162,292 | ---- | C] () -- C:\Users\Owner\Documents\$vFDDA.wav
[2010/04/08 10:44:33 | 000,136,180 | ---- | C] () -- C:\Users\Owner\Documents\$vEAEB.wav
[2010/04/08 10:44:33 | 000,112,276 | ---- | C] () -- C:\Users\Owner\Documents\$vF703.wav
[2010/04/08 10:44:33 | 000,069,640 | ---- | C] () -- C:\Users\Owner\Documents\$vFAF5.wav
[2010/04/08 10:44:33 | 000,064,468 | ---- | C] () -- C:\Users\Owner\Documents\$vEF2.wav
[2010/04/08 10:44:33 | 000,056,872 | ---- | C] () -- C:\Users\Owner\Documents\$vFB49.wav
[2010/04/08 10:44:32 | 000,577,492 | ---- | C] () -- C:\Users\Owner\Documents\$vD1C1.wav
[2010/04/08 10:44:32 | 000,289,780 | ---- | C] () -- C:\Users\Owner\Documents\$vDA2D.wav
[2010/04/08 10:44:32 | 000,252,820 | ---- | C] () -- C:\Users\Owner\Documents\$vBF79.wav
[2010/04/08 10:44:32 | 000,197,332 | ---- | C] () -- C:\Users\Owner\Documents\$vD783.wav
[2010/04/08 10:44:32 | 000,171,988 | ---- | C] () -- C:\Users\Owner\Documents\$vC260.wav
[2010/04/08 10:44:32 | 000,164,404 | ---- | C] () -- C:\Users\Owner\Documents\$vD338.wav
[2010/04/08 10:44:32 | 000,135,796 | ---- | C] () -- C:\Users\Owner\Documents\$vC69.wav
[2010/04/08 10:44:32 | 000,122,644 | ---- | C] () -- C:\Users\Owner\Documents\$vC950.wav
[2010/04/08 10:44:32 | 000,081,076 | ---- | C] () -- C:\Users\Owner\Documents\$vD0DD.wav
[2010/04/08 10:44:32 | 000,055,540 | ---- | C] () -- C:\Users\Owner\Documents\$vC1EB.wav
[2010/04/08 10:44:31 | 000,249,556 | ---- | C] () -- C:\Users\Owner\Documents\$vB1A2.wav
[2010/04/08 10:44:31 | 000,246,100 | ---- | C] () -- C:\Users\Owner\Documents\$vAAC5.wav
[2010/04/08 10:44:31 | 000,220,468 | ---- | C] () -- C:\Users\Owner\Documents\$vBA08.wav
[2010/04/08 10:44:31 | 000,213,268 | ---- | C] () -- C:\Users\Owner\Documents\$vB363.wav
[2010/04/08 10:44:31 | 000,172,852 | ---- | C] () -- C:\Users\Owner\Documents\$vB35A.wav
[2010/04/08 10:44:31 | 000,136,564 | ---- | C] () -- C:\Users\Owner\Documents\$vADE2.wav
[2010/04/08 10:44:31 | 000,075,028 | ---- | C] () -- C:\Users\Owner\Documents\$vA2C6.wav
[2010/04/08 10:44:31 | 000,069,640 | ---- | C] () -- C:\Users\Owner\Documents\$vA5C6.wav
[2010/04/08 10:44:30 | 001,119,412 | ---- | C] () -- C:\Users\Owner\Documents\$v96D1.wav
[2010/04/08 10:44:30 | 000,862,996 | ---- | C] () -- C:\Users\Owner\Documents\$vA080.wav
[2010/04/08 10:44:30 | 000,375,700 | ---- | C] () -- C:\Users\Owner\Documents\$v9CF8.wav
[2010/04/08 10:44:30 | 000,253,588 | ---- | C] () -- C:\Users\Owner\Documents\$v8E19.wav
[2010/04/08 10:44:30 | 000,188,308 | ---- | C] () -- C:\Users\Owner\Documents\$v821D.wav
[2010/04/08 10:44:30 | 000,155,092 | ---- | C] () -- C:\Users\Owner\Documents\$v80F3.wav
[2010/04/08 10:44:30 | 000,105,844 | ---- | C] () -- C:\Users\Owner\Documents\$v7EE.wav
[2010/04/08 10:44:30 | 000,056,200 | ---- | C] () -- C:\Users\Owner\Documents\$v8725.wav
[2010/04/08 10:44:29 | 000,219,028 | ---- | C] () -- C:\Users\Owner\Documents\$v65B9.wav
[2010/04/08 10:44:29 | 000,216,628 | ---- | C] () -- C:\Users\Owner\Documents\$v70B.wav
[2010/04/08 10:44:29 | 000,210,964 | ---- | C] () -- C:\Users\Owner\Documents\$v70A3.wav
[2010/04/08 10:44:28 | 000,277,780 | ---- | C] () -- C:\Users\Owner\Documents\$v64D1.wav
[2010/04/08 10:44:27 | 000,320,980 | ---- | C] () -- C:\Users\Owner\Documents\$v50F9.wav
[2010/04/08 10:44:27 | 000,241,876 | ---- | C] () -- C:\Users\Owner\Documents\$v5F26.wav
[2010/04/08 10:44:27 | 000,220,372 | ---- | C] () -- C:\Users\Owner\Documents\$v6214.wav
[2010/04/08 10:44:27 | 000,203,188 | ---- | C] () -- C:\Users\Owner\Documents\$v5A6A.wav
[2010/04/08 10:44:27 | 000,152,884 | ---- | C] () -- C:\Users\Owner\Documents\$v5912.wav
[2010/04/08 10:44:27 | 000,116,596 | ---- | C] () -- C:\Users\Owner\Documents\$v4DD6.wav
[2010/04/08 10:44:27 | 000,069,640 | ---- | C] () -- C:\Users\Owner\Documents\$v601A.wav
[2010/04/08 10:44:27 | 000,058,888 | ---- | C] () -- C:\Users\Owner\Documents\$v5768.wav
[2010/04/08 10:44:26 | 000,343,252 | ---- | C] () -- C:\Users\Owner\Documents\$v40AE.wav
[2010/04/08 10:44:26 | 000,231,604 | ---- | C] () -- C:\Users\Owner\Documents\$v343C.wav
[2010/04/08 10:44:26 | 000,097,684 | ---- | C] () -- C:\Users\Owner\Documents\$v3E75.wav
[2010/04/08 10:44:26 | 000,084,148 | ---- | C] () -- C:\Users\Owner\Documents\$v3AFB.wav
[2010/04/08 10:44:26 | 000,069,736 | ---- | C] () -- C:\Users\Owner\Documents\$v3C2A.wav
[2010/04/08 10:44:26 | 000,047,668 | ---- | C] () -- C:\Users\Owner\Documents\$v407C.wav
[2010/04/08 10:44:25 | 000,478,612 | ---- | C] () -- C:\Users\Owner\Documents\$v11D0.wav
[2010/04/08 10:44:25 | 000,298,708 | ---- | C] () -- C:\Users\Owner\Documents\$v1C99.wav
[2010/04/08 10:44:25 | 000,215,476 | ---- | C] () -- C:\Users\Owner\Documents\$v31E4.wav
[2010/04/08 10:44:25 | 000,157,012 | ---- | C] () -- C:\Users\Owner\Documents\$v2D67.wav
[2010/04/08 10:44:25 | 000,134,932 | ---- | C] () -- C:\Users\Owner\Documents\$v2275.wav
[2010/04/08 10:44:25 | 000,115,060 | ---- | C] () -- C:\Users\Owner\Documents\$v1294.wav
[2010/04/08 10:44:25 | 000,111,316 | ---- | C] () -- C:\Users\Owner\Documents\$v2046.wav
[2010/04/08 10:05:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/08 10:05:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/08 10:05:17 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/04/08 09:42:05 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/08 08:56:20 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/04/08 08:20:26 | 000,000,020 | -HS- | C] () -- C:\Users\Owner\ntuser.ini
[2010/04/08 08:20:25 | 000,786,432 | -HS- | C] () -- C:\Users\Owner\ntuser.dat
[2010/04/08 08:20:25 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/08 08:20:25 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/08 08:20:25 | 000,262,144 | -H-- | C] () -- C:\Users\Owner\ntuser.dat.LOG1
[2010/04/08 08:20:25 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/08 08:20:25 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\ntuser.dat.LOG2
[2010/04/07 17:33:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/07 17:30:18 | 000,003,432 | ---- | C] () -- C:\Windows\System32\USBMediaReaderPatch.vbs
[2010/04/07 17:30:05 | 000,024,536 | ---- | C] () -- C:\Windows\System32\gateway.bmp
[2010/04/07 17:20:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Gateway_M-1625_Rev.1_T4C8311023505.MRK
[2010/04/07 17:20:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Gateway_M-1625_Rev.1_T000000000000.MRK
[2010/04/07 17:06:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/04/07 17:02:28 | 005,631,520 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2010/04/07 17:02:28 | 000,005,430 | ---- | C] () -- C:\Windows\System\MyMulti.ico
[2010/04/07 16:56:18 | 000,000,002 | RHS- | C] () -- C:\USER
[2008/02/28 04:21:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/28 04:21:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >


OTL Extras logfile created on: 4/28/2010 4:59:47 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Owner\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 163.39 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
Drive D: | 11.04 Gb Total Space | 5.20 Gb Free Space | 47.15% Space Free | Partition Type: NTFS
Drive E: | 336.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13926DCD-65BC-4F17-983E-10914F6542A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{63901BF4-1D6C-44EE-8184-52750A32823F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2716AFE3-4F5D-48E6-A970-B082F1E9B1AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2DD33374-D175-4050-90B7-3D0E5AACBB0E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{46E61B64-6705-44F9-B4C4-CF527A440089}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5EE0B018-3E3F-4B93-986D-69DE26BF1102}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{72127CBB-E383-4D8D-A9A9-F5FA2F9E4D08}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{76F089EB-599A-41C3-AAB9-6516119032D4}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{7F9A7A6B-B215-4B4B-9A25-786763992552}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8BE09EA6-D659-45C5-A83D-AD15073D6319}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{9A0B9764-2989-43E2-9A7D-6AA645C6A35E}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{B94FA793-A11A-45A1-AE46-7F0F695EB4F5}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{E59E8C5A-653D-4A8A-9A78-9BC5CEFB0D4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED8546B1-890E-4D53-979A-2F7002F3B2A8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F5E49ACF-010C-4112-886A-F124EBCD40AD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F7E66FEF-AAC9-4872-8D35-A444108F1C8A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB6767CD-2E49-46A7-905F-2A6BD1D0F58C}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{063DC142-5A3A-E852-91C4-0545F96B5727}" = CCC Help Korean
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK USB Wireless LAN Driver
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0A93078B-99A3-A423-287D-9A8E333A2D19}" = Catalyst Control Center Localization Danish
"{0CBE0739-F4B5-0E6E-6A8D-B73ECAE899F8}" = CCC Help Spanish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18791C60-974F-3583-FE10-DA060B7FA548}" = CCC Help Italian
"{1A600D5C-BF72-1507-67EE-1489559B9B90}" = CCC Help Greek
"{1D6B31D6-D8B3-72D9-810D-E4AC5283A53C}" = CCC Help English
"{1D6D5D93-7BE8-6A9C-4127-5EB76FC31560}" = CCC Help Chinese Traditional
"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English
"{2117DD76-84E8-DCDA-9812-F21B97DE7205}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{298C0094-D55E-0B88-9BF5-719AC3E38346}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3E0E8F2D-C787-DE88-926C-BC8D9998BAD0}" = Catalyst Control Center Localization Korean
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{43012611-9E99-1CBE-FB5B-26A2609B1600}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50BD5E8E-D7F7-71D6-ADB9-EEEDF245CBDD}" = CCC Help Japanese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58C9270B-81D1-C5F9-4C90-BB64BF5D7C31}" = CCC Help German
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5FC53759-ABEC-F632-0A7E-F04A84EE5C72}" = ccc-utility
"{62EDD7EF-709A-6AC7-E9CD-9B04302CFBA1}" = Skins
"{64C00487-1E09-D372-DEC5-34FDE150D405}" = Catalyst Control Center Graphics Full Existing
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B8BF508-4083-F2AC-7573-4D80A4604E79}" = Catalyst Control Center Localization Dutch
"{6D56B1BC-FACC-F1B1-9CF3-8BD8B82EB995}" = Catalyst Control Center Localization Czech
"{72D885B4-43E7-EAA6-4CC5-27BC7825EBAD}" = CCC Help Finnish
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B0F9399-948E-D49F-8D2D-6801C5FDAA0F}" = Catalyst Control Center Localization Hungarian
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{800852D7-5C84-A6CB-7192-8589A25016C5}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{890B30AF-6D07-32E9-E700-26151A158D52}" = CCC Help Danish
"{8D11867D-A063-64FF-4043-5C820F882286}" = ccc-core-static
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95FBF7C7-8FF3-23D9-5064-0DB50CA282DA}" = ATI Catalyst Install Manager
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9B3E994A-5A3F-A698-B0C1-B83D9480D842}" = CCC Help Turkish
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A9B98EE3-4335-FE0A-89EA-B1C7E439A98E}" = CCC Help Portuguese
"{AA136D9D-0CF9-E1CB-FC10-FFF9784976BD}" = Catalyst Control Center Localization Spanish
"{AC26EFB0-C96C-F103-7835-3DBA8ECED189}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B42DCB6E-94A7-5A99-D220-2C6F14B0468B}" = Catalyst Control Center Core Implementation
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B77BCD75-4C59-E72E-9AA7-CEF9BA9B83BF}" = CCC Help Thai
"{B8C114DA-8E9C-CDB7-1A97-0833383B29B1}" = Catalyst Control Center Localization Chinese Standard
"{BC623487-B96E-1678-309C-17EA85734E2C}" = Catalyst Control Center Localization French
"{BC8A10E2-0CAD-9837-620E-E0B1B669AF3B}" = Catalyst Control Center Localization Finnish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FA57DA-9438-555B-8A20-B562CF8D474C}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF466D58-41A9-421C-680F-2B188E309F7F}" = CCC Help Swedish
"{D2FE1BB0-270B-BB51-2229-1370054C649D}" = Catalyst Control Center Localization Thai
"{D36C49AE-B7E9-6F43-90DA-041CF2F38F10}" = Catalyst Control Center Localization Swedish
"{D4BD7B7C-7669-EE84-7E50-C651CE66438D}" = CCC Help Dutch
"{D4FBEF05-972D-2352-0C42-BEDD73AF7C0C}" = Catalyst Control Center Localization Polish
"{D7A9B7CB-FF70-7A81-8965-0D7687349290}" = Catalyst Control Center Localization Norwegian
"{D7CED4B5-3E37-5662-D7EE-2D1B7497E2FA}" = Catalyst Control Center Localization Turkish
"{D80849F0-86F2-1F57-A624-6EA41E7650D6}" = Catalyst Control Center Localization Italian
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCB2E9FB-B3BB-84C0-9617-4C62D206E79D}" = CCC Help French
"{DDC5E8D9-FEDC-329E-BCDB-D349ADA694C9}" = Catalyst Control Center Localization Japanese
"{DE4763D5-3DB4-A0A1-A093-F41425C06591}" = Catalyst Control Center Localization Greek
"{E07CB327-E2FD-04D3-0E69-B969B46FF01E}" = CCC Help Chinese Standard
"{EC3325FB-3CF8-DBE7-5642-2FC145337FE8}" = Catalyst Control Center Graphics Full New
"{EC864669-0544-DB41-76AE-7DDBA1CC48F1}" = Catalyst Control Center Graphics Previews Vista
"{ED6BD392-F005-F339-78A2-515C2F7EFD47}" = CCC Help Norwegian
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F2B6681E-ADF9-BC42-2D6B-3D17C14714A2}" = Catalyst Control Center Localization Russian
"{F32B8AE1-98EF-AEBD-E18F-9A6EC0407F5D}" = Catalyst Control Center Localization German
"{FDA53C49-0B77-5CB6-B44F-8ACBDDD1CA17}" = Catalyst Control Center Localization Chinese Traditional
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG 9.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money Essentials
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent gateway Master Uninstall" = Gateway Games
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2010 12:53:29 AM | Computer Name = Owner-PC | Source = Application Virtualization Client | ID = 6096
Description = {tid=C7C} An error occurred while opening the virtual registry (section:
false), rc: 07B01F0C-0000004A

Error - 4/27/2010 1:24:22 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 1:32:17 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/27/2010 1:33:13 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 1:42:56 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/27/2010 1:57:23 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 2:04:30 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 2:09:18 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 4/27/2010 2:14:11 AM | Computer Name = Owner-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {20140062-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 4/27/2010 2:23:03 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4/27/2010 3:02:13 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 4/27/2010 3:15:50 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/27/2010 3:33:38 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/27/2010 3:56:59 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 4/27/2010 3:59:26 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 4/27/2010 4:00:11 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/28/2010 2:48:32 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


#5 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 28 April 2010 - 05:12 PM

OTL logfile created on: 4/28/2010 4:59:47 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Owner\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 163.39 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
Drive D: | 11.04 Gb Total Space | 5.20 Gb Free Space | 47.15% Space Free | Partition Type: NTFS
Drive E: | 336.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/28 16:56:55 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\Downloads\OTL.exe
PRC - [2010/04/27 02:51:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/27 02:51:42 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/27 02:51:24 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/27 02:51:21 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/04/27 02:51:00 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/04/27 02:50:57 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/27 02:50:55 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/27 02:50:52 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/04/27 02:50:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/27 02:50:32 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/04/27 02:50:28 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/04/10 05:13:02 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/27 22:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/26 07:35:12 | 003,195,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
PRC - [2009/09/26 07:35:08 | 000,083,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\VirtualSearchProtocolHost.exe
PRC - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/09/26 07:35:02 | 000,045,392 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/20 21:23:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wsqmcons.exe
PRC - [2007/09/27 18:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2007/09/13 16:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2007/09/06 21:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2007/09/06 21:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/04/28 16:56:55 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\Downloads\OTL.exe
MOD - [2010/04/27 02:53:24 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/27 02:51:21 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/04/27 02:51:00 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/04/27 02:50:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/27 02:50:28 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/23 14:04:34 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/06 21:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2007/08/29 16:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/19 14:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 02:53:22 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/04/27 02:53:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/27 02:52:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/27 02:52:52 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/27 02:50:57 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/04/27 02:50:37 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/04/27 02:50:35 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/04/27 02:50:33 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/04/27 02:50:05 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/09/23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/09 09:09:20 | 003,172,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/10/03 03:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/09/27 19:33:26 | 000,056,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/09/06 21:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/07/18 03:40:00 | 000,281,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/05/23 19:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/04/26 04:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/28 02:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/10/29 21:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=M-1625


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/04/22 01:25:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/04/26 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions
[2010/04/22 01:28:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/22 01:42:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/22 01:28:44 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/04/22 01:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\System32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-590825528-3676777514-165104037-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-590825528-3676777514-165104037-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 000,810,056 | R--- | M] () - E:\Autorun.bmp -- [ CDFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 000,694,768 | R--- | M] (Trend Micro Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 001,290,240 | R--- | M] (Trend Micro Inc.) - E:\Autorun.exe.mui -- [ CDFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 000,000,356 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/28 02:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/28 02:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/27 13:49:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2008-2009 Taxes
[2010/04/27 05:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/04/27 05:42:12 | 031,647,016 | ---- | C] (Apple Inc.) -- C:\Users\Owner\SafariSetup.exe
[2010/04/27 02:53:22 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/27 02:53:22 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/27 02:53:19 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/27 02:52:53 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/27 02:52:50 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/27 02:52:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/04/27 02:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/04/27 02:50:57 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/04/27 02:50:05 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/04/27 02:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/27 02:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/04/27 02:36:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Trend Micro
[2010/04/27 02:33:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/27 02:21:49 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/27 02:21:47 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/27 02:21:44 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/27 02:21:34 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/27 02:21:33 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/27 01:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2010/04/27 01:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/04/27 01:11:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads
[2010/04/27 01:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2010/04/27 01:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2010/04/27 01:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2010/04/27 01:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aol
[2010/04/27 01:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0a
[2010/04/26 21:21:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2010/04/26 21:15:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/22 02:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/22 01:24:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
[2010/04/22 01:24:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2010/04/22 01:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/20 15:32:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Yahoo
[2010/04/20 15:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/04/20 15:30:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yahoo!
[2010/04/20 15:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/04/20 15:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/18 15:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Supportsoft
[2010/04/17 20:53:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DivX
[2010/04/17 20:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/17 20:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/17 09:51:32 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/04/16 11:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/04/14 09:06:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\j2 Global
[2010/04/14 09:05:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\eFax Messenger
[2010/04/14 09:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\eFax Messenger 4.4 Output
[2010/04/14 08:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
[2010/04/12 09:49:12 | 000,000,000 | -H-D | C] -- C:\TEMP
[2010/04/11 01:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe(4)
[2010/04/11 01:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe(1)
[2010/04/10 22:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/04/10 20:37:14 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/10 20:27:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVD
[2010/04/10 20:27:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NVD
[2010/04/10 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SoftGrid Client
[2010/04/10 20:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2010/04/10 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SoftGrid Client
[2010/04/10 20:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/10 20:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/04/10 20:18:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TP
[2010/04/10 05:12:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
[2010/04/10 05:12:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment
[2010/04/08 12:55:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2010/04/08 12:55:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple Computer
[2010/04/08 12:55:03 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/04/08 12:55:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/04/08 12:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/08 12:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/08 12:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/08 12:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/08 12:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/08 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple
[2010/04/08 12:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/08 12:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/08 12:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/04/08 12:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/08 12:43:54 | 097,525,032 | ---- | C] (Apple Inc.) -- C:\Users\Owner\Desktop\iTunesSetup.exe
[2010/04/08 12:38:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Macromedia
[2010/04/08 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MORE FILES
[2010/04/08 10:49:29 | 001,830,424 | ---- | C] (Smallfrogs Studio) -- C:\Users\Owner\Desktop\SREngLdr.EXE
[2010/04/08 10:49:26 | 027,142,744 | ---- | C] (Macrovision Corporation) -- C:\Users\Owner\Desktop\GMATPrepSetup.exe
[2010/04/08 10:49:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Wal-Mart Malpractice
[2010/04/08 10:49:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\US Tax Court
[2010/04/08 10:49:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Upload
[2010/04/08 10:49:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Unemployment
[2010/04/08 10:49:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TTI Finished Product
[2010/04/08 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\SuspiciousFiles
[2010/04/08 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Signatures
[2010/04/08 10:49:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Siedlik Replevin
[2010/04/08 10:48:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Roasterie
[2010/04/08 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ready Debit Disputes
[2010/04/08 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Old Carco
[2010/04/08 10:48:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MUSIC
[2010/04/08 10:48:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\LossTheftfromVehicleQuestionnaire
[2010/04/08 10:48:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\KANSAS CASES
[2010/04/08 10:48:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Jayhawk Marina
[2010/04/08 10:48:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\IRSAugSS4
[2010/04/08 10:48:17 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\Important Company DOCS
[2010/04/08 10:48:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\HRBlock and Aetna
[2010/04/08 10:48:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ExplorerPaperwork
[2010/04/08 10:48:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ellis Case
[2010/04/08 10:46:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\VCheck
[2010/04/08 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Spamassassin
[2010/04/08 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Small Business Accounting
[2010/04/08 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Outlook Files
[2010/04/08 10:46:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2010/04/08 10:46:12 | 000,000,000 | --SD | C] -- C:\Users\Owner\Documents\My Shapes
[2010/04/08 10:46:12 | 000,000,000 | --SD | C] -- C:\Users\Owner\Documents\My Data Sources
[2010/04/08 10:46:12 | 000,000,000 | R--D | C] -- C:\Users\Owner\Documents\Notes
[2010/04/08 10:46:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\NetManage
[2010/04/08 10:46:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Received Files
[2010/04/08 10:46:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\iMesh
[2010/04/08 10:46:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\HotDocs
[2010/04/08 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\HomePhotos001
[2010/04/08 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Graboid
[2010/04/08 10:46:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\eFax Messenger 4.4
[2010/04/08 10:46:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\eFax Messenger 4.3
[2010/04/08 10:44:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Downloads
[2010/04/08 10:44:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Corel User Files
[2010/04/08 10:44:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\CCWin
[2010/04/08 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\204512-DF
[2010/04/08 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Downloads
[2010/04/08 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\CVs and Resumes
[2010/04/08 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\CourtViews
[2010/04/08 10:43:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ConceptualPaper
[2010/04/08 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Chrysler Financial Case
[2010/04/08 10:42:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\CASES
[2010/04/08 10:42:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Business School Items
[2010/04/08 10:42:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BostonMedical
[2010/04/08 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-03-13 EEOCcharges2
[2010/04/08 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-03-13 EEOCcharges
[2010/04/08 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-28 J4
[2010/04/08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-27 HospitalCharity
[2010/04/08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-26 w-2
[2010/04/08 10:42:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-24 Aetna
[2010/04/08 10:42:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/04/08 10:42:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2009 Tax Prep
[2010/04/08 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Adobe
[2010/04/08 10:15:30 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/08 10:05:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/04/08 10:05:18 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/04/08 10:05:18 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/04/08 10:05:17 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/04/08 10:05:17 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/04/08 10:05:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/04/08 10:05:17 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/04/08 10:05:17 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/04/08 10:05:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/04/08 10:05:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/04/08 10:05:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/04/08 10:05:17 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/04/08 10:05:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/04/08 10:05:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/04/08 10:05:17 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/04/08 10:05:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/04/08 10:05:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/04/08 10:05:16 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/04/08 10:05:16 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/04/08 10:05:16 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/04/08 10:05:16 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/04/08 10:05:16 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/04/08 10:05:16 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/04/08 10:05:16 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/04/08 09:42:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/08 09:42:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/08 09:42:06 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/08 09:42:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/08 09:42:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/08 09:42:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/08 09:42:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/08 09:42:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/08 09:42:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/08 09:42:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/08 09:42:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/08 09:42:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/08 09:42:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/08 09:42:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/08 09:42:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/08 09:40:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/04/08 09:40:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/04/08 09:40:41 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/04/08 09:40:41 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/04/08 09:40:41 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/04/08 09:40:41 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/04/08 09:40:41 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/04/08 09:40:41 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/04/08 09:40:40 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/04/08 09:40:40 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/04/08 09:40:40 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/04/08 09:40:40 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/04/08 09:40:39 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/04/08 09:40:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/04/08 09:40:39 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/04/08 09:40:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/04/08 09:40:38 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/04/08 09:40:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/04/08 09:40:37 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/04/08 09:40:36 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/04/08 09:40:36 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/04/08 09:40:36 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/04/08 09:40:36 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/04/08 09:40:36 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/04/08 09:40:36 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/04/08 09:22:40 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/04/08 09:22:40 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/04/08 09:22:39 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/04/08 09:22:39 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/04/08 09:22:39 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/04/08 09:22:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/04/08 09:22:37 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/04/08 09:22:35 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/04/08 09:16:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/04/08 09:16:14 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/04/08 09:16:10 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/04/08 09:14:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/04/08 09:14:47 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/04/08 09:12:57 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/04/08 09:12:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/04/08 09:12:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/04/08 09:12:55 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/04/08 09:12:53 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/04/08 09:12:51 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/04/08 09:12:51 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/04/08 09:12:51 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/04/08 09:12:51 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/04/08 09:12:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/04/08 09:12:51 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/04/08 09:12:51 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/04/08 09:12:51 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/04/08 09:12:51 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/04/08 09:12:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/04/08 09:11:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010/04/08 09:11:43 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/04/08 09:11:43 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/04/08 09:11:43 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/04/08 09:11:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/04/08 09:11:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/04/08 09:11:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/04/08 09:11:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/08 09:11:35 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/04/08 09:11:32 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/04/08 09:11:18 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/04/08 09:11:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/04/08 09:11:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/04/08 09:11:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/04/08 09:11:15 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/04/08 09:11:15 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/04/08 09:04:54 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/04/08 09:04:41 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/04/08 09:01:31 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/04/08 09:01:31 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/04/08 09:01:30 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/04/08 09:01:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/04/08 09:01:16 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/04/08 09:01:14 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/04/08 09:01:14 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/04/08 09:01:13 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/04/08 09:01:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2010/04/08 09:00:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/04/08 08:59:56 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/04/08 08:59:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/04/08 08:59:36 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/04/08 08:59:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/04/08 08:58:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/08 08:58:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/08 08:57:56 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/04/08 08:57:56 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/04/08 08:57:56 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/04/08 08:57:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/04/08 08:57:56 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010/04/08 08:57:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/04/08 08:57:13 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/04/08 08:56:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/04/08 08:56:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/04/08 08:56:16 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/04/08 08:54:20 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/04/08 08:54:19 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/04/08 08:53:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/04/08 08:52:36 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/04/08 08:51:31 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/08 08:50:53 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/04/08 08:50:53 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/04/08 08:50:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/04/08 08:50:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/04/08 08:50:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/04/08 08:50:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/04/08 08:50:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/04/08 08:50:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/04/08 08:50:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/04/08 08:50:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/04/08 08:50:06 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/04/08 08:50:06 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/04/08 08:50:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010/04/08 08:50:05 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/04/08 08:49:59 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/04/08 08:49:46 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/08 08:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/08 08:48:12 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/04/08 08:48:11 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/04/08 08:47:44 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/08 08:47:44 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/08 08:47:43 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/08 08:47:37 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/08 08:47:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/08 08:47:13 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/08 08:47:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/08 08:46:58 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/04/08 08:46:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/04/08 08:46:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/04/08 08:46:13 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/04/08 08:43:43 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/04/08 08:43:37 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/04/08 08:43:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/04/08 08:43:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/04/08 08:43:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/04/08 08:42:37 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/04/08 08:42:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/08 08:42:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/08 08:42:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/08 08:22:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Google Gadgets
[2010/04/08 08:22:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2010/04/08 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ATI
[2010/04/08 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ATI
[2010/04/08 08:21:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Symantec
[2010/04/08 08:21:01 | 000,000,000 | R--D | C] -- C:\Users\Owner\Searches
[2010/04/08 08:20:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Identities
[2010/04/08 08:20:44 | 000,000,000 | R--D | C] -- C:\Users\Owner\Contacts
[2010/04/08 08:20:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VirtualStore
[2010/04/08 08:20:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SampleView
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\Temporary Internet Files
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Templates
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Start Menu
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\SendTo
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Recent
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\PrintHood
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\NetHood
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Videos
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Pictures
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Music
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\My Documents
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Local Settings
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\History
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Cookies
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Application Data
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\Application Data
[2010/04/08 08:20:25 | 000,000,000 | --SD | C] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Videos
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Saved Games
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Pictures
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Music
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Links
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Favorites
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Downloads
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Documents
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop
[2010/04/08 08:20:25 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData
[2010/04/08 08:20:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Temp
[2010/04/08 08:20:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft
[2010/04/08 08:20:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Media Center Programs
[2010/04/08 08:17:21 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/04/08 08:17:21 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/04/08 08:17:00 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/04/08 08:17:00 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/04/08 08:17:00 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/04/08 08:16:50 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/04/08 08:16:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010/04/07 19:50:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/04/07 19:48:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/07 19:45:48 | 000,007,680 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys
[2010/04/07 19:45:48 | 000,000,000 | ---D | C] -- C:\Windows\i386
[2010/04/07 19:40:32 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2010/04/07 17:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/04/07 17:30:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/07 17:30:04 | 000,000,000 | ---D | C] -- C:\Graphics
[2010/04/07 17:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Gateway Games
[2010/04/07 17:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2010/04/07 17:26:09 | 000,000,000 | ---D | C] -- C:\Documents
[2010/04/07 17:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Napster
[2010/04/07 17:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2007
[2010/04/07 17:23:02 | 000,000,000 | ---D | C] -- C:\google
[2010/04/07 17:23:01 | 000,094,208 | ---- | C] (Gateway Inc.) -- C:\Windows\System32\BAE.dll
[2010/04/07 17:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
[2010/04/07 17:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/04/07 17:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/04/07 17:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\NetZero
[2010/04/07 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Acceller
[2010/04/07 17:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/07 17:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/07 17:20:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/04/07 17:20:05 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010/04/07 17:19:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/07 17:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/04/07 17:16:28 | 000,007,168 | ---- | C] (BigFix, Inc.) -- C:\Windows\BigFixClientOverride.dll
[2010/04/07 17:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\BigFix
[2010/04/07 17:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/04/07 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/04/07 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/04/07 17:14:39 | 001,066,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.dll
[2010/04/07 17:14:39 | 001,053,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71u.dll
[2010/04/07 17:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/04/07 17:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/07 17:12:54 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010/04/07 17:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/07 17:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2010/04/07 17:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0
[2010/04/07 17:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/07 17:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/04/07 17:07:07 | 000,011,776 | ---- | C] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS
[2010/04/07 17:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Camera Assistant Software for Gateway
[2010/04/07 17:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/04/07 17:06:12 | 000,205,312 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl8187.sys
[2010/04/07 17:04:53 | 000,281,088 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl8187B.sys
[2010/04/07 17:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK USB Wireless LAN Driver
[2010/04/07 17:04:31 | 000,050,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2010/04/07 17:03:23 | 000,099,840 | ---- | C] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/04/07 17:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/04/07 17:02:28 | 000,056,832 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.sys
[2010/04/07 17:01:47 | 005,459,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtsg.cpl
[2010/04/07 17:01:47 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\Windows\System32\stlang.dll
[2010/04/07 17:01:47 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray.exe
[2010/04/07 17:01:47 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/04/07 17:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2010/04/07 17:00:54 | 000,146,944 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2010/04/07 17:00:52 | 000,562,176 | ---- | C] (SigmaTel, Inc.) -- C:\Windows\System32\stapo.dll
[2010/04/07 17:00:52 | 000,330,240 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010/04/07 17:00:52 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/04/07 17:00:52 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/04/07 17:00:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/07 17:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/04/07 17:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/07 16:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/04/07 16:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/07 16:56:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

========== Files - Modified Within 30 Days ==========

[2010/04/28 17:01:57 | 000,786,432 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
[2010/04/28 16:57:49 | 000,000,960 | ---- | M] () -- C:\Users\Owner\Desktop\OTL - Shortcut.lnk
[2010/04/28 16:55:12 | 000,096,543 | ---- | M] () -- C:\Users\Owner\Desktop\AdvocacyLegalAssistance.pdf
[2010/04/28 16:50:25 | 000,029,696 | ---- | M] () -- C:\Users\Owner\Desktop\JointMotionSealingCaseJAAXvJAYHAWKMARINA.doc
[2010/04/28 16:30:14 | 059,354,843 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/28 16:18:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000UA.job
[2010/04/28 15:40:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/28 15:40:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/28 13:44:47 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB3A6B77-1C62-4A36-BCA2-38F52F9EFCCE}.job
[2010/04/28 05:46:11 | 000,691,826 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/28 05:46:11 | 000,596,128 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/28 05:46:11 | 000,101,536 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/28 05:44:20 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010/04/28 05:40:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/28 05:39:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/28 05:18:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000Core.job
[2010/04/28 02:06:10 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/27 16:37:12 | 000,001,594 | ---- | M] () -- C:\Users\Owner\Desktop\sanjose.jpg
[2010/04/27 16:36:16 | 000,004,667 | ---- | M] () -- C:\Users\Owner\Desktop\squidrow.jpg
[2010/04/27 14:24:35 | 000,018,364 | ---- | M] () -- C:\Users\Owner\Cruise1.jpg
[2010/04/27 11:00:12 | 000,000,942 | ---- | M] () -- C:\Users\Owner\Yahoo! Messenger.lnk
[2010/04/27 05:43:51 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/27 05:42:13 | 031,647,016 | ---- | M] (Apple Inc.) -- C:\Users\Owner\SafariSetup.exe
[2010/04/27 02:57:05 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/27 02:57:05 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/27 02:56:51 | 001,970,462 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/04/27 02:53:24 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/27 02:53:24 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/04/27 02:53:22 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/27 02:53:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/27 02:52:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/27 02:52:52 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/27 02:52:50 | 000,582,365 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/04/27 02:52:49 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/27 02:50:57 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/04/27 02:50:05 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/04/27 02:26:53 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/04/27 02:14:57 | 000,000,996 | ---- | M] () -- C:\Users\Owner\Desktop\Trend Micro Security Software Download Manager.lnk
[2010/04/27 02:12:59 | 000,002,042 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2010/04/26 16:13:44 | 000,003,350 | ---- | M] () -- C:\Users\Owner\froder (1).jpg
[2010/04/26 16:13:44 | 000,003,350 | ---- | M] () -- C:\Users\Owner\froder (1) - Copy (1).jpg
[2010/04/26 15:03:14 | 000,018,504 | ---- | M] () -- C:\Users\Owner\cabo3.jpg
[2010/04/26 15:03:01 | 000,018,504 | ---- | M] () -- C:\Users\Owner\cabo2.jpg
[2010/04/26 15:01:52 | 000,021,851 | ---- | M] () -- C:\Users\Owner\frat.jpg
[2010/04/26 15:01:24 | 000,018,504 | ---- | M] () -- C:\Users\Owner\Desktop\cabo2.jpg
[2010/04/26 15:01:04 | 000,001,594 | ---- | M] () -- C:\Users\Owner\cabo1.jpg
[2010/04/26 15:00:34 | 000,001,594 | ---- | M] () -- C:\Users\Owner\phil2.jpg
[2010/04/26 10:07:51 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/04/22 02:04:20 | 000,000,000 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2010/04/20 11:45:24 | 000,069,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/20 09:36:05 | 000,326,895 | ---- | M] () -- C:\Users\Owner\Desktop\COBRAeligibilityforms.pdf
[2010/04/20 09:20:11 | 000,462,604 | ---- | M] () -- C:\Users\Owner\Desktop\SIEDLIKemailsUPDATED.pdf
[2010/04/20 08:51:53 | 000,000,000 | ---- | M] () -- C:\Users\Owner\Documents\eFax_4_4_Port
[2010/04/20 06:43:27 | 000,296,111 | ---- | M] () -- C:\Users\Owner\Desktop\ConfidFilingSheetSIEDLIKREPLEVIN.pdf
[2010/04/20 06:34:13 | 000,357,678 | ---- | M] () -- C:\Users\Owner\Desktop\InformapaupSIEDLIKREPLEVIN.pdf
[2010/04/19 17:50:34 | 000,234,799 | ---- | M] () -- C:\Users\Owner\Desktop\Phil Jaax COBRA Invoice.pdf
[2010/04/15 09:07:19 | 001,679,481 | ---- | M] () -- C:\Users\Owner\Desktop\f656b.pdf
[2010/04/15 06:53:21 | 000,209,882 | ---- | M] () -- C:\Users\Owner\Desktop\Jaax2009TaxReturnHR.pdf
[2010/04/12 11:56:54 | 000,300,147 | ---- | M] () -- C:\Users\Owner\Desktop\TITLESREGISTRATION.pdf
[2010/04/12 11:56:30 | 003,582,494 | ---- | M] () -- C:\Users\Owner\Desktop\SIEDLIKemails.pdf
[2010/04/12 11:55:56 | 000,517,041 | ---- | M] () -- C:\Users\Owner\Desktop\SiedlikLastDemandLTR.pdf
[2010/04/12 07:48:55 | 000,056,832 | ---- | M] () -- C:\Users\Owner\Desktop\JaaxResume2010.doc
[2010/04/08 12:55:07 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/08 12:50:56 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/08 12:43:55 | 097,525,032 | ---- | M] (Apple Inc.) -- C:\Users\Owner\Desktop\iTunesSetup.exe
[2010/04/08 10:35:39 | 000,294,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/08 10:31:01 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/08 08:42:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/04/08 08:42:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/08 08:42:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/08 08:42:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/08 08:20:26 | 000,000,020 | -HS- | M] () -- C:\Users\Owner\ntuser.ini
[2010/04/08 08:14:53 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/04/07 17:33:46 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/04/07 17:31:45 | 000,000,169 | ---- | M] () -- C:\Windows\win.ini
[2010/04/07 17:20:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Gateway_M-1625_Rev.1_T4C8311023505.MRK
[2010/04/07 17:06:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/04/07 16:56:18 | 000,000,002 | RHS- | M] () -- C:\USER

========== Files Created - No Company Name ==========

[2010/04/28 16:57:49 | 000,000,960 | ---- | C] () -- C:\Users\Owner\Desktop\OTL - Shortcut.lnk
[2010/04/28 16:55:12 | 000,096,543 | ---- | C] () -- C:\Users\Owner\Desktop\AdvocacyLegalAssistance.pdf
[2010/04/28 16:50:22 | 000,029,696 | ---- | C] () -- C:\Users\Owner\Desktop\JointMotionSealingCaseJAAXvJAYHAWKMARINA.doc
[2010/04/28 02:06:10 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/27 16:37:12 | 000,001,594 | ---- | C] () -- C:\Users\Owner\Desktop\sanjose.jpg
[2010/04/27 16:36:16 | 000,004,667 | ---- | C] () -- C:\Users\Owner\Desktop\squidrow.jpg
[2010/04/27 16:03:12 | 000,003,350 | ---- | C] () -- C:\Users\Owner\froder (1) - Copy (1).jpg
[2010/04/27 14:24:35 | 000,018,364 | ---- | C] () -- C:\Users\Owner\Cruise1.jpg
[2010/04/27 11:00:12 | 000,000,942 | ---- | C] () -- C:\Users\Owner\Yahoo! Messenger.lnk
[2010/04/27 05:43:51 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/27 02:53:24 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/04/27 02:52:49 | 000,582,365 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/04/27 02:52:49 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/27 02:52:33 | 059,354,843 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/27 02:24:58 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/04/27 02:14:56 | 000,000,996 | ---- | C] () -- C:\Users\Owner\Desktop\Trend Micro Security Software Download Manager.lnk
[2010/04/26 16:13:43 | 000,003,350 | ---- | C] () -- C:\Users\Owner\froder (1).jpg
[2010/04/26 15:03:14 | 000,018,504 | ---- | C] () -- C:\Users\Owner\cabo3.jpg
[2010/04/26 15:03:00 | 000,018,504 | ---- | C] () -- C:\Users\Owner\cabo2.jpg
[2010/04/26 15:01:51 | 000,021,851 | ---- | C] () -- C:\Users\Owner\frat.jpg
[2010/04/26 15:01:23 | 000,018,504 | ---- | C] () -- C:\Users\Owner\Desktop\cabo2.jpg
[2010/04/26 15:01:04 | 000,001,594 | ---- | C] () -- C:\Users\Owner\cabo1.jpg
[2010/04/26 15:00:33 | 000,001,594 | ---- | C] () -- C:\Users\Owner\phil2.jpg
[2010/04/26 10:07:51 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/04/22 02:04:20 | 000,000,000 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2010/04/20 09:36:05 | 000,326,895 | ---- | C] () -- C:\Users\Owner\Desktop\COBRAeligibilityforms.pdf
[2010/04/20 09:06:26 | 000,462,604 | ---- | C] () -- C:\Users\Owner\Desktop\SIEDLIKemailsUPDATED.pdf
[2010/04/20 05:49:41 | 000,296,111 | ---- | C] () -- C:\Users\Owner\Desktop\ConfidFilingSheetSIEDLIKREPLEVIN.pdf
[2010/04/20 04:26:28 | 000,357,678 | ---- | C] () -- C:\Users\Owner\Desktop\InformapaupSIEDLIKREPLEVIN.pdf
[2010/04/19 17:50:32 | 000,234,799 | ---- | C] () -- C:\Users\Owner\Desktop\Phil Jaax COBRA Invoice.pdf
[2010/04/15 09:07:19 | 001,679,481 | ---- | C] () -- C:\Users\Owner\Desktop\f656b.pdf
[2010/04/15 06:53:21 | 000,209,882 | ---- | C] () -- C:\Users\Owner\Desktop\Jaax2009TaxReturnHR.pdf
[2010/04/12 11:56:54 | 000,300,147 | ---- | C] () -- C:\Users\Owner\Desktop\TITLESREGISTRATION.pdf
[2010/04/12 11:56:30 | 003,582,494 | ---- | C] () -- C:\Users\Owner\Desktop\SIEDLIKemails.pdf
[2010/04/12 11:55:56 | 000,517,041 | ---- | C] () -- C:\Users\Owner\Desktop\SiedlikLastDemandLTR.pdf
[2010/04/10 05:14:18 | 000,002,042 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2010/04/10 05:13:10 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000UA.job
[2010/04/10 05:13:09 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000Core.job
[2010/04/08 12:55:07 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/08 12:50:56 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/08 12:36:56 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB3A6B77-1C62-4A36-BCA2-38F52F9EFCCE}.job
[2010/04/08 10:49:29 | 000,099,810 | ---- | C] () -- C:\Users\Owner\Desktop\WorkSourceMOunemployment.pdf
[2010/04/08 10:49:29 | 000,013,508 | ---- | C] () -- C:\Users\Owner\Desktop\SS4JCW.pdf
[2010/04/08 10:49:28 | 000,995,281 | ---- | C] () -- C:\Users\Owner\Desktop\MOUnemploymentBenefits.pdf
[2010/04/08 10:49:28 | 000,444,678 | ---- | C] () -- C:\Users\Owner\Desktop\PhilJaaxSIG.bmp
[2010/04/08 10:49:28 | 000,107,974 | ---- | C] () -- C:\Users\Owner\Desktop\ID1.pdf
[2010/04/08 10:49:28 | 000,065,446 | ---- | C] () -- C:\Users\Owner\Desktop\MOReplevinCaseLaw.docx
[2010/04/08 10:49:28 | 000,057,607 | ---- | C] () -- C:\Users\Owner\Desktop\MOBoatRegistration.pdf
[2010/04/08 10:49:28 | 000,056,832 | ---- | C] () -- C:\Users\Owner\Desktop\JaaxResume2010.doc
[2010/04/08 10:49:28 | 000,050,177 | ---- | C] () -- C:\Users\Owner\Desktop\MOBARRemediesReplevin.docx
[2010/04/08 10:49:28 | 000,022,885 | ---- | C] () -- C:\Users\Owner\Desktop\NONADSAPE.pdf
[2010/04/08 10:49:28 | 000,020,481 | ---- | C] () -- C:\Users\Owner\Desktop\ReaganPoster.JPEG
[2010/04/08 10:49:28 | 000,013,593 | ---- | C] () -- C:\Users\Owner\Desktop\Ras Dialer Malware.docx
[2010/04/08 10:49:28 | 000,013,468 | ---- | C] () -- C:\Users\Owner\Desktop\PhilJaaxSIG.jpg
[2010/04/08 10:49:24 | 000,310,496 | ---- | C] () -- C:\Users\Owner\Desktop\Emergency_Replevin_Packet.pdf
[2010/04/08 10:49:24 | 000,178,314 | ---- | C] () -- C:\Users\Owner\bushie.jpg
[2010/04/08 10:49:24 | 000,114,356 | ---- | C] () -- C:\Users\Owner\Desktop\CLEMoBarINJUNCTIONS.pdf
[2010/04/08 10:49:24 | 000,034,081 | ---- | C] () -- C:\Users\Owner\Desktop\CoverLetterJaax2010.docx
[2010/04/08 10:49:24 | 000,029,255 | ---- | C] () -- C:\Users\Owner\Desktop\Chapter 3 DECLARATORY JUDGMENTS.docx
[2010/04/08 10:49:24 | 000,000,393 | ---- | C] () -- C:\Users\Owner\Canni.txt
[2010/04/08 10:44:47 | 001,733,719 | ---- | C] () -- C:\Users\Owner\Documents\WhyIraqIsTakingSoLong.wmv
[2010/04/08 10:44:47 | 000,880,621 | ---- | C] () -- C:\Users\Owner\Documents\Web300Capture.docx
[2010/04/08 10:44:47 | 000,015,330 | ---- | C] () -- C:\Users\Owner\Documents\Untitled.mbw
[2010/04/08 10:44:47 | 000,000,162 | -HS- | C] () -- C:\Users\Owner\Documents\~$&T Matrix Consult.docx
[2010/04/08 10:44:46 | 005,531,382 | ---- | C] () -- C:\Users\Owner\Documents\TitleBack1.bmp
[2010/04/08 10:44:45 | 005,505,462 | ---- | C] () -- C:\Users\Owner\Documents\Title 1.bmp
[2010/04/08 10:44:45 | 000,464,782 | ---- | C] () -- C:\Users\Owner\Documents\SBAPersonalFinances1.doc
[2010/04/08 10:44:45 | 000,232,960 | ---- | C] () -- C:\Users\Owner\Documents\te Member of The Poindexler Group of Companies.doc
[2010/04/08 10:44:45 | 000,223,929 | ---- | C] () -- C:\Users\Owner\Documents\Signature.docx
[2010/04/08 10:44:45 | 000,089,651 | ---- | C] () -- C:\Users\Owner\Documents\Swiss Franc Per US Dollar.pdf
[2010/04/08 10:44:45 | 000,026,996 | ---- | C] () -- C:\Users\Owner\Documents\SSPDFD
[2010/04/08 10:44:45 | 000,018,808 | ---- | C] () -- C:\Users\Owner\Documents\task_two_template[1].docm
[2010/04/08 10:44:44 | 005,515,830 | ---- | C] () -- C:\Users\Owner\Documents\ReleaseBack1.bmp
[2010/04/08 10:44:43 | 005,531,382 | ---- | C] () -- C:\Users\Owner\Documents\Release1.bmp
[2010/04/08 10:44:43 | 000,312,748 | ---- | C] () -- C:\Users\Owner\Documents\PhysicianStatementDOC.docx
[2010/04/08 10:44:43 | 000,212,819 | ---- | C] () -- C:\Users\Owner\Documents\Personal at farmstead.docx
[2010/04/08 10:44:43 | 000,210,225 | ---- | C] () -- C:\Users\Owner\Documents\Old Resume, Jaax.docx
[2010/04/08 10:44:43 | 000,044,032 | ---- | C] () -- C:\Users\Owner\Documents\PREQUALWORKSHEET.doc
[2010/04/08 10:44:42 | 003,284,992 | ---- | C] () -- C:\Users\Owner\Documents\My Money.mny
[2010/04/08 10:44:42 | 000,213,728 | ---- | C] () -- C:\Users\Owner\Documents\OCT 24 DEFAULT1.docx
[2010/04/08 10:44:42 | 000,212,824 | ---- | C] () -- C:\Users\Owner\Documents\MOStateGovernor.docx
[2010/04/08 10:44:42 | 000,075,264 | ---- | C] () -- C:\Users\Owner\Documents\LaborWaivers.wps
[2010/04/08 10:44:42 | 000,065,290 | ---- | C] () -- C:\Users\Owner\Documents\MotionToSealMEDICAL.pdf
[2010/04/08 10:44:42 | 000,060,894 | ---- | C] () -- C:\Users\Owner\Documents\MacResourceFork
[2010/04/08 10:44:42 | 000,017,117 | ---- | C] () -- C:\Users\Owner\Documents\message_zdm.html
[2010/04/08 10:44:41 | 006,487,447 | ---- | C] () -- C:\Users\Owner\Documents\HomePhotos001.zip
[2010/04/08 10:44:41 | 000,267,401 | ---- | C] () -- C:\Users\Owner\Documents\Justin 2.jpg
[2010/04/08 10:44:41 | 000,018,227 | ---- | C] () -- C:\Users\Owner\Documents\JG3494.pdf
[2010/04/08 10:44:41 | 000,014,807 | ---- | C] () -- C:\Users\Owner\Documents\GESTORI PATRIMONIALI SS4.pdf
[2010/04/08 10:44:40 | 000,242,331 | ---- | C] () -- C:\Users\Owner\Documents\FTCTheftAffadavit.pdf
[2010/04/08 10:44:39 | 000,025,600 | ---- | C] () -- C:\Users\Owner\Documents\Employ.doc
[2010/04/08 10:44:39 | 000,004,354 | ---- | C] () -- C:\Users\Owner\Documents\Employ.wpd
[2010/04/08 10:44:38 | 000,042,879 | ---- | C] () -- C:\Users\Owner\Documents\eBillServletAug05.pdf
[2010/04/08 10:44:38 | 000,000,000 | ---- | C] () -- C:\Users\Owner\Documents\eFax_4_4_Port
[2010/04/08 10:44:38 | 000,000,000 | ---- | C] () -- C:\Users\Owner\Documents\eFax_4_3_Port
[2010/04/08 10:44:37 | 001,358,218 | ---- | C] () -- C:\Users\Owner\Documents\DSCN0200.JPG
[2010/04/08 10:44:37 | 000,151,534 | ---- | C] () -- C:\Users\Owner\Documents\CORPSTOCKS.pdf
[2010/04/08 10:44:37 | 000,141,889 | ---- | C] () -- C:\Users\Owner\Documents\CivilCoverSheetPDFKS.pdf
[2010/04/08 10:44:36 | 000,021,582 | ---- | C] () -- C:\Users\Owner\Documents\bind3.pdf
[2010/04/08 10:44:36 | 000,005,460 | ---- | C] () -- C:\Users\Owner\Documents\bind2.pdf
[2010/04/08 10:44:35 | 005,531,382 | ---- | C] () -- C:\Users\Owner\Documents\Bill Of Sale.bmp
[2010/04/08 10:44:35 | 000,221,851 | ---- | C] () -- C:\Users\Owner\Documents\AT&T Matrix Consult.docx
[2010/04/08 10:44:35 | 000,006,997 | ---- | C] () -- C:\Users\Owner\Documents\back.jpg
[2010/04/08 10:44:34 | 000,290,952 | ---- | C] () -- C:\Users\Owner\Documents\5010-2198_r2_Premier%20Promo_080108_092008[1].pdf
[2010/04/08 10:44:34 | 000,236,052 | ---- | C] () -- C:\Users\Owner\Documents\Additional INFO on ID Thief.docx
[2010/04/08 10:44:34 | 000,144,538 | ---- | C] () -- C:\Users\Owner\Documents\204512-DF.zip
[2010/04/08 10:44:34 | 000,075,512 | ---- | C] () -- C:\Users\Owner\Documents\Application-153572.pdf
[2010/04/08 10:44:34 | 000,043,056 | ---- | C] () -- C:\Users\Owner\Documents\59269449.efx
[2010/04/08 10:44:34 | 000,014,492 | ---- | C] () -- C:\Users\Owner\Documents\68d03111.efx
[2010/04/08 10:44:34 | 000,009,460 | ---- | C] () -- C:\Users\Owner\Documents\6a29d710.efx
[2010/04/08 10:44:33 | 005,521,014 | ---- | C] () -- C:\Users\Owner\Documents\18168171713@messages_efax_com_85167_20080617102406.bmp
[2010/04/08 10:44:33 | 000,331,252 | ---- | C] () -- C:\Users\Owner\Documents\$vFBCC.wav
[2010/04/08 10:44:33 | 000,291,124 | ---- | C] () -- C:\Users\Owner\Documents\$vED36.wav
[2010/04/08 10:44:33 | 000,181,876 | ---- | C] () -- C:\Users\Owner\Documents\$vF96A.wav
[2010/04/08 10:44:33 | 000,170,478 | ---- | C] () -- C:\Users\Owner\Documents\$vF6F4.wav
[2010/04/08 10:44:33 | 000,162,292 | ---- | C] () -- C:\Users\Owner\Documents\$vFDDA.wav
[2010/04/08 10:44:33 | 000,136,180 | ---- | C] () -- C:\Users\Owner\Documents\$vEAEB.wav
[2010/04/08 10:44:33 | 000,112,276 | ---- | C] () -- C:\Users\Owner\Documents\$vF703.wav
[2010/04/08 10:44:33 | 000,069,640 | ---- | C] () -- C:\Users\Owner\Documents\$vFAF5.wav
[2010/04/08 10:44:33 | 000,064,468 | ---- | C] () -- C:\Users\Owner\Documents\$vEF2.wav
[2010/04/08 10:44:33 | 000,056,872 | ---- | C] () -- C:\Users\Owner\Documents\$vFB49.wav
[2010/04/08 10:44:32 | 000,577,492 | ---- | C] () -- C:\Users\Owner\Documents\$vD1C1.wav
[2010/04/08 10:44:32 | 000,289,780 | ---- | C] () -- C:\Users\Owner\Documents\$vDA2D.wav
[2010/04/08 10:44:32 | 000,252,820 | ---- | C] () -- C:\Users\Owner\Documents\$vBF79.wav
[2010/04/08 10:44:32 | 000,197,332 | ---- | C] () -- C:\Users\Owner\Documents\$vD783.wav
[2010/04/08 10:44:32 | 000,171,988 | ---- | C] () -- C:\Users\Owner\Documents\$vC260.wav
[2010/04/08 10:44:32 | 000,164,404 | ---- | C] () -- C:\Users\Owner\Documents\$vD338.wav
[2010/04/08 10:44:32 | 000,135,796 | ---- | C] () -- C:\Users\Owner\Documents\$vC69.wav
[2010/04/08 10:44:32 | 000,122,644 | ---- | C] () -- C:\Users\Owner\Documents\$vC950.wav
[2010/04/08 10:44:32 | 000,081,076 | ---- | C] () -- C:\Users\Owner\Documents\$vD0DD.wav
[2010/04/08 10:44:32 | 000,055,540 | ---- | C] () -- C:\Users\Owner\Documents\$vC1EB.wav
[2010/04/08 10:44:31 | 000,249,556 | ---- | C] () -- C:\Users\Owner\Documents\$vB1A2.wav
[2010/04/08 10:44:31 | 000,246,100 | ---- | C] () -- C:\Users\Owner\Documents\$vAAC5.wav
[2010/04/08 10:44:31 | 000,220,468 | ---- | C] () -- C:\Users\Owner\Documents\$vBA08.wav
[2010/04/08 10:44:31 | 000,213,268 | ---- | C] () -- C:\Users\Owner\Documents\$vB363.wav
[2010/04/08 10:44:31 | 000,172,852 | ---- | C] () -- C:\Users\Owner\Documents\$vB35A.wav
[2010/04/08 10:44:31 | 000,136,564 | ---- | C] () -- C:\Users\Owner\Documents\$vADE2.wav
[2010/04/08 10:44:31 | 000,075,028 | ---- | C] () -- C:\Users\Owner\Documents\$vA2C6.wav
[2010/04/08 10:44:31 | 000,069,640 | ---- | C] () -- C:\Users\Owner\Documents\$vA5C6.wav
[2010/04/08 10:44:30 | 001,119,412 | ---- | C] () -- C:\Users\Owner\Documents\$v96D1.wav
[2010/04/08 10:44:30 | 000,862,996 | ---- | C] () -- C:\Users\Owner\Documents\$vA080.wav
[2010/04/08 10:44:30 | 000,375,700 | ---- | C] () -- C:\Users\Owner\Documents\$v9CF8.wav
[2010/04/08 10:44:30 | 000,253,588 | ---- | C] () -- C:\Users\Owner\Documents\$v8E19.wav
[2010/04/08 10:44:30 | 000,188,308 | ---- | C] () -- C:\Users\Owner\Documents\$v821D.wav
[2010/04/08 10:44:30 | 000,155,092 | ---- | C] () -- C:\Users\Owner\Documents\$v80F3.wav
[2010/04/08 10:44:30 | 000,105,844 | ---- | C] () -- C:\Users\Owner\Documents\$v7EE.wav
[2010/04/08 10:44:30 | 000,056,200 | ---- | C] () -- C:\Users\Owner\Documents\$v8725.wav
[2010/04/08 10:44:29 | 000,219,028 | ---- | C] () -- C:\Users\Owner\Documents\$v65B9.wav
[2010/04/08 10:44:29 | 000,216,628 | ---- | C] () -- C:\Users\Owner\Documents\$v70B.wav
[2010/04/08 10:44:29 | 000,210,964 | ---- | C] () -- C:\Users\Owner\Documents\$v70A3.wav
[2010/04/08 10:44:28 | 000,277,780 | ---- | C] () -- C:\Users\Owner\Documents\$v64D1.wav
[2010/04/08 10:44:27 | 000,320,980 | ---- | C] () -- C:\Users\Owner\Documents\$v50F9.wav
[2010/04/08 10:44:27 | 000,241,876 | ---- | C] () -- C:\Users\Owner\Documents\$v5F26.wav
[2010/04/08 10:44:27 | 000,220,372 | ---- | C] () -- C:\Users\Owner\Documents\$v6214.wav
[2010/04/08 10:44:27 | 000,203,188 | ---- | C] () -- C:\Users\Owner\Documents\$v5A6A.wav
[2010/04/08 10:44:27 | 000,152,884 | ---- | C] () -- C:\Users\Owner\Documents\$v5912.wav
[2010/04/08 10:44:27 | 000,116,596 | ---- | C] () -- C:\Users\Owner\Documents\$v4DD6.wav
[2010/04/08 10:44:27 | 000,069,640 | ---- | C] () -- C:\Users\Owner\Documents\$v601A.wav
[2010/04/08 10:44:27 | 000,058,888 | ---- | C] () -- C:\Users\Owner\Documents\$v5768.wav
[2010/04/08 10:44:26 | 000,343,252 | ---- | C] () -- C:\Users\Owner\Documents\$v40AE.wav
[2010/04/08 10:44:26 | 000,231,604 | ---- | C] () -- C:\Users\Owner\Documents\$v343C.wav
[2010/04/08 10:44:26 | 000,097,684 | ---- | C] () -- C:\Users\Owner\Documents\$v3E75.wav
[2010/04/08 10:44:26 | 000,084,148 | ---- | C] () -- C:\Users\Owner\Documents\$v3AFB.wav
[2010/04/08 10:44:26 | 000,069,736 | ---- | C] () -- C:\Users\Owner\Documents\$v3C2A.wav
[2010/04/08 10:44:26 | 000,047,668 | ---- | C] () -- C:\Users\Owner\Documents\$v407C.wav
[2010/04/08 10:44:25 | 000,478,612 | ---- | C] () -- C:\Users\Owner\Documents\$v11D0.wav
[2010/04/08 10:44:25 | 000,298,708 | ---- | C] () -- C:\Users\Owner\Documents\$v1C99.wav
[2010/04/08 10:44:25 | 000,215,476 | ---- | C] () -- C:\Users\Owner\Documents\$v31E4.wav
[2010/04/08 10:44:25 | 000,157,012 | ---- | C] () -- C:\Users\Owner\Documents\$v2D67.wav
[2010/04/08 10:44:25 | 000,134,932 | ---- | C] () -- C:\Users\Owner\Documents\$v2275.wav
[2010/04/08 10:44:25 | 000,115,060 | ---- | C] () -- C:\Users\Owner\Documents\$v1294.wav
[2010/04/08 10:44:25 | 000,111,316 | ---- | C] () -- C:\Users\Owner\Documents\$v2046.wav
[2010/04/08 10:05:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/08 10:05:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/08 10:05:17 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/04/08 09:42:05 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/08 08:56:20 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/04/08 08:20:26 | 000,000,020 | -HS- | C] () -- C:\Users\Owner\ntuser.ini
[2010/04/08 08:20:25 | 000,786,432 | -HS- | C] () -- C:\Users\Owner\ntuser.dat
[2010/04/08 08:20:25 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/08 08:20:25 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/08 08:20:25 | 000,262,144 | -H-- | C] () -- C:\Users\Owner\ntuser.dat.LOG1
[2010/04/08 08:20:25 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/08 08:20:25 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\ntuser.dat.LOG2
[2010/04/07 17:33:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/07 17:30:18 | 000,003,432 | ---- | C] () -- C:\Windows\System32\USBMediaReaderPatch.vbs
[2010/04/07 17:30:05 | 000,024,536 | ---- | C] () -- C:\Windows\System32\gateway.bmp
[2010/04/07 17:20:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Gateway_M-1625_Rev.1_T4C8311023505.MRK
[2010/04/07 17:20:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Gateway_M-1625_Rev.1_T000000000000.MRK
[2010/04/07 17:06:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/04/07 17:02:28 | 005,631,520 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2010/04/07 17:02:28 | 000,005,430 | ---- | C] () -- C:\Windows\System\MyMulti.ico
[2010/04/07 16:56:18 | 000,000,002 | RHS- | C] () -- C:\USER
[2008/02/28 04:21:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/28 04:21:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >


OTL Extras logfile created on: 4/28/2010 4:59:47 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Owner\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 163.39 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
Drive D: | 11.04 Gb Total Space | 5.20 Gb Free Space | 47.15% Space Free | Partition Type: NTFS
Drive E: | 336.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13926DCD-65BC-4F17-983E-10914F6542A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{63901BF4-1D6C-44EE-8184-52750A32823F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2716AFE3-4F5D-48E6-A970-B082F1E9B1AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2DD33374-D175-4050-90B7-3D0E5AACBB0E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{46E61B64-6705-44F9-B4C4-CF527A440089}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5EE0B018-3E3F-4B93-986D-69DE26BF1102}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{72127CBB-E383-4D8D-A9A9-F5FA2F9E4D08}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{76F089EB-599A-41C3-AAB9-6516119032D4}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{7F9A7A6B-B215-4B4B-9A25-786763992552}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8BE09EA6-D659-45C5-A83D-AD15073D6319}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{9A0B9764-2989-43E2-9A7D-6AA645C6A35E}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{B94FA793-A11A-45A1-AE46-7F0F695EB4F5}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{E59E8C5A-653D-4A8A-9A78-9BC5CEFB0D4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED8546B1-890E-4D53-979A-2F7002F3B2A8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F5E49ACF-010C-4112-886A-F124EBCD40AD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F7E66FEF-AAC9-4872-8D35-A444108F1C8A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB6767CD-2E49-46A7-905F-2A6BD1D0F58C}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{063DC142-5A3A-E852-91C4-0545F96B5727}" = CCC Help Korean
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK USB Wireless LAN Driver
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0A93078B-99A3-A423-287D-9A8E333A2D19}" = Catalyst Control Center Localization Danish
"{0CBE0739-F4B5-0E6E-6A8D-B73ECAE899F8}" = CCC Help Spanish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18791C60-974F-3583-FE10-DA060B7FA548}" = CCC Help Italian
"{1A600D5C-BF72-1507-67EE-1489559B9B90}" = CCC Help Greek
"{1D6B31D6-D8B3-72D9-810D-E4AC5283A53C}" = CCC Help English
"{1D6D5D93-7BE8-6A9C-4127-5EB76FC31560}" = CCC Help Chinese Traditional
"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English
"{2117DD76-84E8-DCDA-9812-F21B97DE7205}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{298C0094-D55E-0B88-9BF5-719AC3E38346}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3E0E8F2D-C787-DE88-926C-BC8D9998BAD0}" = Catalyst Control Center Localization Korean
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{43012611-9E99-1CBE-FB5B-26A2609B1600}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50BD5E8E-D7F7-71D6-ADB9-EEEDF245CBDD}" = CCC Help Japanese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58C9270B-81D1-C5F9-4C90-BB64BF5D7C31}" = CCC Help German
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5FC53759-ABEC-F632-0A7E-F04A84EE5C72}" = ccc-utility
"{62EDD7EF-709A-6AC7-E9CD-9B04302CFBA1}" = Skins
"{64C00487-1E09-D372-DEC5-34FDE150D405}" = Catalyst Control Center Graphics Full Existing
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B8BF508-4083-F2AC-7573-4D80A4604E79}" = Catalyst Control Center Localization Dutch
"{6D56B1BC-FACC-F1B1-9CF3-8BD8B82EB995}" = Catalyst Control Center Localization Czech
"{72D885B4-43E7-EAA6-4CC5-27BC7825EBAD}" = CCC Help Finnish
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B0F9399-948E-D49F-8D2D-6801C5FDAA0F}" = Catalyst Control Center Localization Hungarian
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{800852D7-5C84-A6CB-7192-8589A25016C5}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{890B30AF-6D07-32E9-E700-26151A158D52}" = CCC Help Danish
"{8D11867D-A063-64FF-4043-5C820F882286}" = ccc-core-static
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95FBF7C7-8FF3-23D9-5064-0DB50CA282DA}" = ATI Catalyst Install Manager
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9B3E994A-5A3F-A698-B0C1-B83D9480D842}" = CCC Help Turkish
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A9B98EE3-4335-FE0A-89EA-B1C7E439A98E}" = CCC Help Portuguese
"{AA136D9D-0CF9-E1CB-FC10-FFF9784976BD}" = Catalyst Control Center Localization Spanish
"{AC26EFB0-C96C-F103-7835-3DBA8ECED189}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B42DCB6E-94A7-5A99-D220-2C6F14B0468B}" = Catalyst Control Center Core Implementation
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B77BCD75-4C59-E72E-9AA7-CEF9BA9B83BF}" = CCC Help Thai
"{B8C114DA-8E9C-CDB7-1A97-0833383B29B1}" = Catalyst Control Center Localization Chinese Standard
"{BC623487-B96E-1678-309C-17EA85734E2C}" = Catalyst Control Center Localization French
"{BC8A10E2-0CAD-9837-620E-E0B1B669AF3B}" = Catalyst Control Center Localization Finnish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FA57DA-9438-555B-8A20-B562CF8D474C}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF466D58-41A9-421C-680F-2B188E309F7F}" = CCC Help Swedish
"{D2FE1BB0-270B-BB51-2229-1370054C649D}" = Catalyst Control Center Localization Thai
"{D36C49AE-B7E9-6F43-90DA-041CF2F38F10}" = Catalyst Control Center Localization Swedish
"{D4BD7B7C-7669-EE84-7E50-C651CE66438D}" = CCC Help Dutch
"{D4FBEF05-972D-2352-0C42-BEDD73AF7C0C}" = Catalyst Control Center Localization Polish
"{D7A9B7CB-FF70-7A81-8965-0D7687349290}" = Catalyst Control Center Localization Norwegian
"{D7CED4B5-3E37-5662-D7EE-2D1B7497E2FA}" = Catalyst Control Center Localization Turkish
"{D80849F0-86F2-1F57-A624-6EA41E7650D6}" = Catalyst Control Center Localization Italian
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCB2E9FB-B3BB-84C0-9617-4C62D206E79D}" = CCC Help French
"{DDC5E8D9-FEDC-329E-BCDB-D349ADA694C9}" = Catalyst Control Center Localization Japanese
"{DE4763D5-3DB4-A0A1-A093-F41425C06591}" = Catalyst Control Center Localization Greek
"{E07CB327-E2FD-04D3-0E69-B969B46FF01E}" = CCC Help Chinese Standard
"{EC3325FB-3CF8-DBE7-5642-2FC145337FE8}" = Catalyst Control Center Graphics Full New
"{EC864669-0544-DB41-76AE-7DDBA1CC48F1}" = Catalyst Control Center Graphics Previews Vista
"{ED6BD392-F005-F339-78A2-515C2F7EFD47}" = CCC Help Norwegian
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F2B6681E-ADF9-BC42-2D6B-3D17C14714A2}" = Catalyst Control Center Localization Russian
"{F32B8AE1-98EF-AEBD-E18F-9A6EC0407F5D}" = Catalyst Control Center Localization German
"{FDA53C49-0B77-5CB6-B44F-8ACBDDD1CA17}" = Catalyst Control Center Localization Chinese Traditional
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG 9.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money Essentials
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent gateway Master Uninstall" = Gateway Games
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2010 12:53:29 AM | Computer Name = Owner-PC | Source = Application Virtualization Client | ID = 6096
Description = {tid=C7C} An error occurred while opening the virtual registry (section:
false), rc: 07B01F0C-0000004A

Error - 4/27/2010 1:24:22 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 1:32:17 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/27/2010 1:33:13 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 1:42:56 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/27/2010 1:57:23 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 2:04:30 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 2:09:18 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 4/27/2010 2:14:11 AM | Computer Name = Owner-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {20140062-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 4/27/2010 2:23:03 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4/27/2010 3:02:13 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 4/27/2010 3:15:50 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/27/2010 3:33:38 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/27/2010 3:56:59 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 4/27/2010 3:59:26 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 4/27/2010 4:00:11 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/28/2010 2:48:32 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


#6 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 28 April 2010 - 05:18 PM

HAD TO POST THEM AGAIN B/C THE REDIRECT VIRUS IS MESSING UP MY CONNECTION TO BLEEPINGCOMPUTER.. Its trying to get my password to the login.. again I can not download Gmer because both Mirrors redirect me to the Malicious GMER which is at the www2.gmer.net OTL is below and Extras follow..

OTL logfile created on: 4/28/2010 4:59:47 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Owner\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 163.39 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
Drive D: | 11.04 Gb Total Space | 5.20 Gb Free Space | 47.15% Space Free | Partition Type: NTFS
Drive E: | 336.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/04/28 16:56:55 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\Downloads\OTL.exe
PRC - [2010/04/27 02:51:43 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/04/27 02:51:42 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/04/27 02:51:24 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/27 02:51:21 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2010/04/27 02:51:00 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/04/27 02:50:57 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/27 02:50:55 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/04/27 02:50:52 | 000,836,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/04/27 02:50:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/27 02:50:32 | 000,596,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/04/27 02:50:28 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/04/10 05:13:02 | 000,136,176 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
PRC - [2010/03/27 22:13:16 | 000,530,416 | ---- | M] (Google Inc.) -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/09/26 07:35:12 | 003,195,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
PRC - [2009/09/26 07:35:08 | 000,083,320 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\VirtualSearchProtocolHost.exe
PRC - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2009/09/26 07:35:02 | 000,045,392 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/20 21:23:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wsqmcons.exe
PRC - [2007/09/27 18:27:02 | 004,839,936 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Gateway\CEC_MAIN.exe
PRC - [2007/09/13 16:09:44 | 000,638,976 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Gateway\traybar.exe
PRC - [2007/09/06 21:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\stacsv.exe
PRC - [2007/09/06 21:23:36 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\sttray.exe
PRC - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/04/28 16:56:55 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Documents\Downloads\OTL.exe
MOD - [2010/04/27 02:53:24 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
MOD - [2008/01/20 21:23:44 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/04/27 02:51:21 | 002,325,816 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2010/04/27 02:51:00 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/04/27 02:50:49 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/27 02:50:28 | 005,888,008 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/19 10:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/02/23 14:04:34 | 000,369,920 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/09/26 07:35:02 | 000,819,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2009/09/26 04:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/09/23 15:04:56 | 000,203,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/09/23 15:04:52 | 000,447,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/06 21:25:12 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2007/08/29 16:58:47 | 000,181,800 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2007/01/19 14:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/10/04 23:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 02:53:22 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010/04/27 02:53:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/27 02:52:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/04/27 02:52:52 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/27 02:50:57 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/04/27 02:50:37 | 000,122,376 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/04/27 02:50:35 | 000,030,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/04/27 02:50:33 | 000,027,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/04/27 02:50:05 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2009/09/23 15:04:56 | 000,021,848 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009/09/23 15:04:56 | 000,014,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftVollh.sys -- (sftvol)
DRV - [2009/09/23 15:04:54 | 000,190,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\sftplaylh.sys -- (sftplay)
DRV - [2009/09/23 15:04:50 | 000,543,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\drivers\SftFSlh.sys -- (sftfs)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/09 09:09:20 | 003,172,864 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/10/03 03:18:12 | 000,099,840 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/09/27 19:33:26 | 000,056,832 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2007/09/06 21:26:04 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/07/18 03:40:00 | 000,281,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/05/23 19:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/04/26 04:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/28 02:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2006/11/02 02:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2006/10/29 21:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...TB&M=M-1625


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch...TB&M=M-1625
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-590825528-3676777514-165104037-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/04/22 01:25:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Extensions
[2010/04/26 10:18:23 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions
[2010/04/22 01:28:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/22 01:42:46 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/04/22 01:28:44 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\ff8kmyex.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2010/04/22 01:24:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\System32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-590825528-3676777514-165104037-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Gateway\traybar.exe (Chicony)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe File not found
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-590825528-3676777514-165104037-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 000,810,056 | R--- | M] () - E:\Autorun.bmp -- [ CDFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 000,694,768 | R--- | M] (Trend Micro Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 001,290,240 | R--- | M] (Trend Micro Inc.) - E:\Autorun.exe.mui -- [ CDFS ]
O32 - AutoRun File - [2009/07/29 09:26:32 | 000,000,356 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/28 02:05:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/28 02:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/27 13:49:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2008-2009 Taxes
[2010/04/27 05:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/04/27 05:42:12 | 031,647,016 | ---- | C] (Apple Inc.) -- C:\Users\Owner\SafariSetup.exe
[2010/04/27 02:53:22 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/27 02:53:22 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/27 02:53:19 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/27 02:52:53 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/27 02:52:50 | 000,029,512 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/27 02:52:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010/04/27 02:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/04/27 02:50:57 | 000,025,096 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/04/27 02:50:05 | 000,024,856 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/04/27 02:48:49 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/04/27 02:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/04/27 02:36:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Trend Micro
[2010/04/27 02:33:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/04/27 02:21:49 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/27 02:21:47 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/27 02:21:44 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/27 02:21:34 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010/04/27 02:21:33 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010/04/27 01:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2010/04/27 01:11:29 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/04/27 01:11:04 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\AOL Downloads
[2010/04/27 01:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\AOL
[2010/04/27 01:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2010/04/27 01:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2010/04/27 01:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\aol
[2010/04/27 01:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0a
[2010/04/26 21:21:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2010/04/26 21:15:24 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/04/22 02:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2010/04/22 01:24:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
[2010/04/22 01:24:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Mozilla
[2010/04/22 01:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/04/20 15:32:03 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Yahoo
[2010/04/20 15:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010/04/20 15:30:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Yahoo!
[2010/04/20 15:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2010/04/20 15:27:56 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/18 15:59:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Supportsoft
[2010/04/17 20:53:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DivX
[2010/04/17 20:48:05 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/04/17 20:47:10 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010/04/17 09:51:32 | 000,000,000 | ---D | C] -- C:\PFiles
[2010/04/16 11:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2010/04/14 09:06:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\j2 Global
[2010/04/14 09:05:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\eFax Messenger
[2010/04/14 09:05:27 | 000,000,000 | ---D | C] -- C:\ProgramData\eFax Messenger 4.4 Output
[2010/04/14 08:59:36 | 000,000,000 | ---D | C] -- C:\Program Files\eFax Messenger 4.4
[2010/04/12 09:49:12 | 000,000,000 | -H-D | C] -- C:\TEMP
[2010/04/11 01:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe(4)
[2010/04/11 01:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe(1)
[2010/04/10 22:37:36 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010/04/10 20:37:14 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/10 20:27:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\NVD
[2010/04/10 20:27:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\NVD
[2010/04/10 20:22:24 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\SoftGrid Client
[2010/04/10 20:21:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SoftGrid Client
[2010/04/10 20:20:55 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SoftGrid Client
[2010/04/10 20:19:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/10 20:19:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2010/04/10 20:18:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\TP
[2010/04/10 05:12:41 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apps
[2010/04/10 05:12:39 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Deployment
[2010/04/08 12:55:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Apple Computer
[2010/04/08 12:55:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple Computer
[2010/04/08 12:55:03 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2010/04/08 12:55:02 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010/04/08 12:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/08 12:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/08 12:53:59 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/08 12:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/08 12:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/08 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Apple
[2010/04/08 12:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/04/08 12:46:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/08 12:46:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010/04/08 12:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/04/08 12:43:54 | 097,525,032 | ---- | C] (Apple Inc.) -- C:\Users\Owner\Desktop\iTunesSetup.exe
[2010/04/08 12:38:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Macromedia
[2010/04/08 10:53:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MORE FILES
[2010/04/08 10:49:29 | 001,830,424 | ---- | C] (Smallfrogs Studio) -- C:\Users\Owner\Desktop\SREngLdr.EXE
[2010/04/08 10:49:26 | 027,142,744 | ---- | C] (Macrovision Corporation) -- C:\Users\Owner\Desktop\GMATPrepSetup.exe
[2010/04/08 10:49:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Wal-Mart Malpractice
[2010/04/08 10:49:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\US Tax Court
[2010/04/08 10:49:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Upload
[2010/04/08 10:49:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Unemployment
[2010/04/08 10:49:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\TTI Finished Product
[2010/04/08 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\SuspiciousFiles
[2010/04/08 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Signatures
[2010/04/08 10:49:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Siedlik Replevin
[2010/04/08 10:48:59 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Roasterie
[2010/04/08 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ready Debit Disputes
[2010/04/08 10:48:58 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Old Carco
[2010/04/08 10:48:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\MUSIC
[2010/04/08 10:48:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\LossTheftfromVehicleQuestionnaire
[2010/04/08 10:48:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\KANSAS CASES
[2010/04/08 10:48:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Jayhawk Marina
[2010/04/08 10:48:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\IRSAugSS4
[2010/04/08 10:48:17 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop\Important Company DOCS
[2010/04/08 10:48:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\HRBlock and Aetna
[2010/04/08 10:48:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ExplorerPaperwork
[2010/04/08 10:48:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Ellis Case
[2010/04/08 10:46:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\VCheck
[2010/04/08 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Spamassassin
[2010/04/08 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Small Business Accounting
[2010/04/08 10:46:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Outlook Files
[2010/04/08 10:46:13 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\OneNote Notebooks
[2010/04/08 10:46:12 | 000,000,000 | --SD | C] -- C:\Users\Owner\Documents\My Shapes
[2010/04/08 10:46:12 | 000,000,000 | --SD | C] -- C:\Users\Owner\Documents\My Data Sources
[2010/04/08 10:46:12 | 000,000,000 | R--D | C] -- C:\Users\Owner\Documents\Notes
[2010/04/08 10:46:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\NetManage
[2010/04/08 10:46:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Received Files
[2010/04/08 10:46:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\iMesh
[2010/04/08 10:46:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\HotDocs
[2010/04/08 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\HomePhotos001
[2010/04/08 10:46:07 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Graboid
[2010/04/08 10:46:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\eFax Messenger 4.4
[2010/04/08 10:46:06 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\eFax Messenger 4.3
[2010/04/08 10:44:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Downloads
[2010/04/08 10:44:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\Corel User Files
[2010/04/08 10:44:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\CCWin
[2010/04/08 10:44:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\204512-DF
[2010/04/08 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Downloads
[2010/04/08 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\CVs and Resumes
[2010/04/08 10:43:15 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\CourtViews
[2010/04/08 10:43:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\ConceptualPaper
[2010/04/08 10:42:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Chrysler Financial Case
[2010/04/08 10:42:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\CASES
[2010/04/08 10:42:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Business School Items
[2010/04/08 10:42:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\BostonMedical
[2010/04/08 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-03-13 EEOCcharges2
[2010/04/08 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-03-13 EEOCcharges
[2010/04/08 10:42:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-28 J4
[2010/04/08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-27 HospitalCharity
[2010/04/08 10:42:20 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-26 w-2
[2010/04/08 10:42:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2010-02-24 Aetna
[2010/04/08 10:42:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Adobe
[2010/04/08 10:42:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\Desktop\2009 Tax Prep
[2010/04/08 10:42:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Adobe
[2010/04/08 10:15:30 | 000,181,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/04/08 10:05:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshooks.dll
[2010/04/08 10:05:18 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssitlb.dll
[2010/04/08 10:05:18 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscb.dll
[2010/04/08 10:05:17 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\thawbrkr.dll
[2010/04/08 10:05:17 | 000,301,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
[2010/04/08 10:05:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/04/08 10:05:17 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\offfilt.dll
[2010/04/08 10:05:17 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\korwbrkr.dll
[2010/04/08 10:05:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nlhtml.dll
[2010/04/08 10:05:17 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\propdefs.dll
[2010/04/08 10:05:17 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2010/04/08 10:05:17 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xmlfilter.dll
[2010/04/08 10:05:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msstrc.dll
[2010/04/08 10:05:17 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mimefilt.dll
[2010/04/08 10:05:17 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtffilt.dll
[2010/04/08 10:05:17 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
[2010/04/08 10:05:17 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsepno.dll
[2010/04/08 10:05:16 | 006,103,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chtbrkr.dll
[2010/04/08 10:05:16 | 001,671,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\chsbrkr.dll
[2010/04/08 10:05:16 | 001,582,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2010/04/08 10:05:16 | 001,418,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2010/04/08 10:05:16 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2010/04/08 10:05:16 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2010/04/08 10:05:16 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2010/04/08 09:42:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/04/08 09:42:07 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/04/08 09:42:06 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/04/08 09:42:06 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/04/08 09:42:06 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010/04/08 09:42:06 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010/04/08 09:42:06 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/04/08 09:42:05 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010/04/08 09:42:05 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010/04/08 09:42:05 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010/04/08 09:42:05 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010/04/08 09:42:04 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010/04/08 09:42:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/04/08 09:42:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010/04/08 09:42:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010/04/08 09:40:42 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010/04/08 09:40:42 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010/04/08 09:40:41 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010/04/08 09:40:41 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010/04/08 09:40:41 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010/04/08 09:40:41 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/04/08 09:40:41 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010/04/08 09:40:41 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010/04/08 09:40:40 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/04/08 09:40:40 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010/04/08 09:40:40 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010/04/08 09:40:40 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010/04/08 09:40:39 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010/04/08 09:40:39 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010/04/08 09:40:39 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010/04/08 09:40:39 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010/04/08 09:40:38 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/04/08 09:40:38 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010/04/08 09:40:37 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/04/08 09:40:36 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010/04/08 09:40:36 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010/04/08 09:40:36 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010/04/08 09:40:36 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010/04/08 09:40:36 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010/04/08 09:40:36 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010/04/08 09:22:40 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010/04/08 09:22:40 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010/04/08 09:22:39 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010/04/08 09:22:39 | 000,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/04/08 09:22:39 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010/04/08 09:22:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010/04/08 09:22:37 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010/04/08 09:22:35 | 000,326,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/04/08 09:16:20 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/04/08 09:16:14 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010/04/08 09:16:10 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010/04/08 09:14:47 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010/04/08 09:14:47 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010/04/08 09:12:57 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scrobj.dll
[2010/04/08 09:12:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshom.ocx
[2010/04/08 09:12:57 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2010/04/08 09:12:55 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/04/08 09:12:53 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010/04/08 09:12:51 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/04/08 09:12:51 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/04/08 09:12:51 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/04/08 09:12:51 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/04/08 09:12:51 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/04/08 09:12:51 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/04/08 09:12:51 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010/04/08 09:12:51 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/04/08 09:12:51 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/04/08 09:12:45 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010/04/08 09:11:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pacerprf.dll
[2010/04/08 09:11:43 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/04/08 09:11:43 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010/04/08 09:11:43 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/04/08 09:11:43 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/04/08 09:11:43 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010/04/08 09:11:37 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dataclen.dll
[2010/04/08 09:11:37 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2010/04/08 09:11:35 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010/04/08 09:11:32 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Faultrep.dll
[2010/04/08 09:11:18 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/04/08 09:11:18 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/04/08 09:11:18 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/04/08 09:11:18 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010/04/08 09:11:15 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010/04/08 09:11:15 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010/04/08 09:04:54 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpeffects.dll
[2010/04/08 09:04:41 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\rmcast.sys
[2010/04/08 09:01:31 | 000,378,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2010/04/08 09:01:31 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srdelayed.exe
[2010/04/08 09:01:30 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rstrui.exe
[2010/04/08 09:01:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kbd106n.dll
[2010/04/08 09:01:16 | 000,615,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2010/04/08 09:01:14 | 000,988,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010/04/08 09:01:14 | 000,927,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010/04/08 09:01:13 | 000,019,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kd1394.dll
[2010/04/08 09:01:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2010/04/08 09:00:38 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010/04/08 08:59:56 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010/04/08 08:59:56 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010/04/08 08:59:36 | 000,996,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMNetMgr.dll
[2010/04/08 08:59:35 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\logagent.exe
[2010/04/08 08:58:01 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010/04/08 08:58:01 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010/04/08 08:57:56 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010/04/08 08:57:56 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010/04/08 08:57:56 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010/04/08 08:57:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010/04/08 08:57:56 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010/04/08 08:57:13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010/04/08 08:57:13 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010/04/08 08:56:20 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010/04/08 08:56:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010/04/08 08:56:16 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010/04/08 08:54:20 | 002,644,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0009.dll
[2010/04/08 08:54:19 | 012,240,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NlsLexicons0007.dll
[2010/04/08 08:53:55 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
[2010/04/08 08:52:36 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010/04/08 08:51:31 | 002,927,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/04/08 08:50:53 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010/04/08 08:50:53 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010/04/08 08:50:53 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010/04/08 08:50:53 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010/04/08 08:50:53 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010/04/08 08:50:53 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010/04/08 08:50:53 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010/04/08 08:50:53 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010/04/08 08:50:50 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/04/08 08:50:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010/04/08 08:50:06 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010/04/08 08:50:06 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010/04/08 08:50:06 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2010/04/08 08:50:05 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010/04/08 08:49:59 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010/04/08 08:49:46 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/08 08:48:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/04/08 08:48:12 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010/04/08 08:48:11 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010/04/08 08:47:44 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[2010/04/08 08:47:44 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010/04/08 08:47:43 | 000,425,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2010/04/08 08:47:37 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2010/04/08 08:47:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/04/08 08:47:13 | 001,695,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/04/08 08:47:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/04/08 08:46:58 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32spl.dll
[2010/04/08 08:46:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010/04/08 08:46:35 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010/04/08 08:46:13 | 001,645,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\connect.dll
[2010/04/08 08:43:43 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010/04/08 08:43:37 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/04/08 08:43:36 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010/04/08 08:43:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010/04/08 08:43:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010/04/08 08:42:37 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/04/08 08:42:37 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/08 08:42:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/08 08:42:37 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/08 08:22:32 | 000,000,000 | ---D | C] -- C:\Users\Owner\Documents\My Google Gadgets
[2010/04/08 08:22:28 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2010/04/08 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\ATI
[2010/04/08 08:22:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ATI
[2010/04/08 08:21:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Symantec
[2010/04/08 08:21:01 | 000,000,000 | R--D | C] -- C:\Users\Owner\Searches
[2010/04/08 08:20:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Identities
[2010/04/08 08:20:44 | 000,000,000 | R--D | C] -- C:\Users\Owner\Contacts
[2010/04/08 08:20:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\VirtualStore
[2010/04/08 08:20:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\SampleView
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\Temporary Internet Files
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Templates
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Start Menu
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\SendTo
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Recent
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\PrintHood
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\NetHood
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Videos
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Pictures
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Documents\My Music
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\My Documents
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Local Settings
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\History
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Cookies
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\Application Data
[2010/04/08 08:20:26 | 000,000,000 | -HSD | C] -- C:\Users\Owner\AppData\Local\Application Data
[2010/04/08 08:20:25 | 000,000,000 | --SD | C] -- C:\Users\Owner\AppData\Roaming\Microsoft
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Videos
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Saved Games
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Pictures
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Music
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Links
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Favorites
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Downloads
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Documents
[2010/04/08 08:20:25 | 000,000,000 | R--D | C] -- C:\Users\Owner\Desktop
[2010/04/08 08:20:25 | 000,000,000 | -H-D | C] -- C:\Users\Owner\AppData
[2010/04/08 08:20:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Temp
[2010/04/08 08:20:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Microsoft
[2010/04/08 08:20:25 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Media Center Programs
[2010/04/08 08:17:21 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010/04/08 08:17:21 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010/04/08 08:17:00 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010/04/08 08:17:00 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010/04/08 08:17:00 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010/04/08 08:16:50 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010/04/08 08:16:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2010/04/08 08:15:51 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data
[2010/04/07 19:50:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/04/07 19:48:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/07 19:45:48 | 000,007,680 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\System32\drivers\AtiPcie.sys
[2010/04/07 19:45:48 | 000,000,000 | ---D | C] -- C:\Windows\i386
[2010/04/07 19:40:32 | 000,000,000 | ---D | C] -- C:\Windows\SMINST
[2010/04/07 17:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010/04/07 17:30:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/04/07 17:30:04 | 000,000,000 | ---D | C] -- C:\Graphics
[2010/04/07 17:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Gateway Games
[2010/04/07 17:26:22 | 000,000,000 | ---D | C] -- C:\ProgramData\WildTangent
[2010/04/07 17:26:09 | 000,000,000 | ---D | C] -- C:\Documents
[2010/04/07 17:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Napster
[2010/04/07 17:23:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2007
[2010/04/07 17:23:02 | 000,000,000 | ---D | C] -- C:\google
[2010/04/07 17:23:01 | 000,094,208 | ---- | C] (Gateway Inc.) -- C:\Windows\System32\BAE.dll
[2010/04/07 17:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
[2010/04/07 17:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}
[2010/04/07 17:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
[2010/04/07 17:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\NetZero
[2010/04/07 17:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Acceller
[2010/04/07 17:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/07 17:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/07 17:20:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010/04/07 17:20:05 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2010/04/07 17:19:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/04/07 17:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/04/07 17:16:28 | 000,007,168 | ---- | C] (BigFix, Inc.) -- C:\Windows\BigFixClientOverride.dll
[2010/04/07 17:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\BigFix
[2010/04/07 17:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010/04/07 17:16:09 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/04/07 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/04/07 17:14:39 | 001,066,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71.dll
[2010/04/07 17:14:39 | 001,053,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFC71u.dll
[2010/04/07 17:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/04/07 17:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/07 17:12:54 | 000,044,544 | ---- | C] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010/04/07 17:12:40 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/07 17:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2010/04/07 17:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\AOL 9.0
[2010/04/07 17:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/07 17:08:22 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2010/04/07 17:07:07 | 000,011,776 | ---- | C] (Chicony Electronics Co., Ltd.) -- C:\Windows\System32\drivers\UVCFTR_S.SYS
[2010/04/07 17:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Camera Assistant Software for Gateway
[2010/04/07 17:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2010/04/07 17:06:12 | 000,205,312 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl8187.sys
[2010/04/07 17:04:53 | 000,281,088 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\rtl8187B.sys
[2010/04/07 17:04:44 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK USB Wireless LAN Driver
[2010/04/07 17:04:31 | 000,050,752 | ---- | C] (Agere Systems) -- C:\Windows\System32\agrsmdel.exe
[2010/04/07 17:03:23 | 000,099,840 | ---- | C] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/04/07 17:03:21 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/04/07 17:02:28 | 000,056,832 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTSTOR.sys
[2010/04/07 17:01:47 | 005,459,968 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtsg.cpl
[2010/04/07 17:01:47 | 001,601,536 | ---- | C] (SigmaTel, Inc.) -- C:\Windows\System32\stlang.dll
[2010/04/07 17:01:47 | 000,405,504 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray.exe
[2010/04/07 17:01:47 | 000,102,400 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
[2010/04/07 17:01:47 | 000,000,000 | ---D | C] -- C:\Program Files\Sigmatel
[2010/04/07 17:00:54 | 000,146,944 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2010/04/07 17:00:52 | 000,562,176 | ---- | C] (SigmaTel, Inc.) -- C:\Windows\System32\stapo.dll
[2010/04/07 17:00:52 | 000,330,240 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\drivers\stwrt.sys
[2010/04/07 17:00:52 | 000,328,704 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stcplx.dll
[2010/04/07 17:00:52 | 000,299,520 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stapi32.dll
[2010/04/07 17:00:51 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/07 17:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2010/04/07 17:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/07 16:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010/04/07 16:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/07 16:56:26 | 000,000,000 | -HSD | C] -- C:\Windows\Installer

========== Files - Modified Within 30 Days ==========

[2010/04/28 17:01:57 | 000,786,432 | -HS- | M] () -- C:\Users\Owner\ntuser.dat
[2010/04/28 16:57:49 | 000,000,960 | ---- | M] () -- C:\Users\Owner\Desktop\OTL - Shortcut.lnk
[2010/04/28 16:55:12 | 000,096,543 | ---- | M] () -- C:\Users\Owner\Desktop\AdvocacyLegalAssistance.pdf
[2010/04/28 16:50:25 | 000,029,696 | ---- | M] () -- C:\Users\Owner\Desktop\JointMotionSealingCaseJAAXvJAYHAWKMARINA.doc
[2010/04/28 16:30:14 | 059,354,843 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/28 16:18:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000UA.job
[2010/04/28 15:40:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/04/28 15:40:02 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/04/28 13:44:47 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB3A6B77-1C62-4A36-BCA2-38F52F9EFCCE}.job
[2010/04/28 05:46:11 | 000,691,826 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/04/28 05:46:11 | 000,596,128 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/04/28 05:46:11 | 000,101,536 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/28 05:44:20 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\agremove.exe
[2010/04/28 05:40:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/04/28 05:39:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/04/28 05:18:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000Core.job
[2010/04/28 02:06:10 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/27 16:37:12 | 000,001,594 | ---- | M] () -- C:\Users\Owner\Desktop\sanjose.jpg
[2010/04/27 16:36:16 | 000,004,667 | ---- | M] () -- C:\Users\Owner\Desktop\squidrow.jpg
[2010/04/27 14:24:35 | 000,018,364 | ---- | M] () -- C:\Users\Owner\Cruise1.jpg
[2010/04/27 11:00:12 | 000,000,942 | ---- | M] () -- C:\Users\Owner\Yahoo! Messenger.lnk
[2010/04/27 05:43:51 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/27 05:42:13 | 031,647,016 | ---- | M] (Apple Inc.) -- C:\Users\Owner\SafariSetup.exe
[2010/04/27 02:57:05 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/27 02:57:05 | 000,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/27 02:56:51 | 001,970,462 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2010/04/27 02:53:24 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/04/27 02:53:24 | 000,001,647 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/04/27 02:53:22 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2010/04/27 02:53:21 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/27 02:52:54 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/04/27 02:52:52 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/27 02:52:50 | 000,582,365 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/04/27 02:52:49 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/27 02:50:57 | 000,025,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/04/27 02:50:05 | 000,024,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgfwd6x.sys
[2010/04/27 02:26:53 | 000,000,036 | ---- | M] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/04/27 02:14:57 | 000,000,996 | ---- | M] () -- C:\Users\Owner\Desktop\Trend Micro Security Software Download Manager.lnk
[2010/04/27 02:12:59 | 000,002,042 | ---- | M] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2010/04/26 16:13:44 | 000,003,350 | ---- | M] () -- C:\Users\Owner\froder (1).jpg
[2010/04/26 16:13:44 | 000,003,350 | ---- | M] () -- C:\Users\Owner\froder (1) - Copy (1).jpg
[2010/04/26 15:03:14 | 000,018,504 | ---- | M] () -- C:\Users\Owner\cabo3.jpg
[2010/04/26 15:03:01 | 000,018,504 | ---- | M] () -- C:\Users\Owner\cabo2.jpg
[2010/04/26 15:01:52 | 000,021,851 | ---- | M] () -- C:\Users\Owner\frat.jpg
[2010/04/26 15:01:24 | 000,018,504 | ---- | M] () -- C:\Users\Owner\Desktop\cabo2.jpg
[2010/04/26 15:01:04 | 000,001,594 | ---- | M] () -- C:\Users\Owner\cabo1.jpg
[2010/04/26 15:00:34 | 000,001,594 | ---- | M] () -- C:\Users\Owner\phil2.jpg
[2010/04/26 10:07:51 | 000,000,680 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/04/22 02:04:20 | 000,000,000 | ---- | M] () -- C:\Users\Owner\defogger_reenable
[2010/04/20 11:45:24 | 000,069,912 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/04/20 09:36:05 | 000,326,895 | ---- | M] () -- C:\Users\Owner\Desktop\COBRAeligibilityforms.pdf
[2010/04/20 09:20:11 | 000,462,604 | ---- | M] () -- C:\Users\Owner\Desktop\SIEDLIKemailsUPDATED.pdf
[2010/04/20 08:51:53 | 000,000,000 | ---- | M] () -- C:\Users\Owner\Documents\eFax_4_4_Port
[2010/04/20 06:43:27 | 000,296,111 | ---- | M] () -- C:\Users\Owner\Desktop\ConfidFilingSheetSIEDLIKREPLEVIN.pdf
[2010/04/20 06:34:13 | 000,357,678 | ---- | M] () -- C:\Users\Owner\Desktop\InformapaupSIEDLIKREPLEVIN.pdf
[2010/04/19 17:50:34 | 000,234,799 | ---- | M] () -- C:\Users\Owner\Desktop\Phil Jaax COBRA Invoice.pdf
[2010/04/15 09:07:19 | 001,679,481 | ---- | M] () -- C:\Users\Owner\Desktop\f656b.pdf
[2010/04/15 06:53:21 | 000,209,882 | ---- | M] () -- C:\Users\Owner\Desktop\Jaax2009TaxReturnHR.pdf
[2010/04/12 11:56:54 | 000,300,147 | ---- | M] () -- C:\Users\Owner\Desktop\TITLESREGISTRATION.pdf
[2010/04/12 11:56:30 | 003,582,494 | ---- | M] () -- C:\Users\Owner\Desktop\SIEDLIKemails.pdf
[2010/04/12 11:55:56 | 000,517,041 | ---- | M] () -- C:\Users\Owner\Desktop\SiedlikLastDemandLTR.pdf
[2010/04/12 07:48:55 | 000,056,832 | ---- | M] () -- C:\Users\Owner\Desktop\JaaxResume2010.doc
[2010/04/08 12:55:07 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/08 12:50:56 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/08 12:43:55 | 097,525,032 | ---- | M] (Apple Inc.) -- C:\Users\Owner\Desktop\iTunesSetup.exe
[2010/04/08 10:35:39 | 000,294,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/08 10:31:01 | 000,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/08 08:42:21 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010/04/08 08:42:21 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/04/08 08:42:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/04/08 08:42:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/04/08 08:20:26 | 000,000,020 | -HS- | M] () -- C:\Users\Owner\ntuser.ini
[2010/04/08 08:14:53 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2010/04/07 17:33:46 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010/04/07 17:31:45 | 000,000,169 | ---- | M] () -- C:\Windows\win.ini
[2010/04/07 17:20:30 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Gateway_M-1625_Rev.1_T4C8311023505.MRK
[2010/04/07 17:06:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/04/07 16:56:18 | 000,000,002 | RHS- | M] () -- C:\USER

========== Files Created - No Company Name ==========

[2010/04/28 16:57:49 | 000,000,960 | ---- | C] () -- C:\Users\Owner\Desktop\OTL - Shortcut.lnk
[2010/04/28 16:55:12 | 000,096,543 | ---- | C] () -- C:\Users\Owner\Desktop\AdvocacyLegalAssistance.pdf
[2010/04/28 16:50:22 | 000,029,696 | ---- | C] () -- C:\Users\Owner\Desktop\JointMotionSealingCaseJAAXvJAYHAWKMARINA.doc
[2010/04/28 02:06:10 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/27 16:37:12 | 000,001,594 | ---- | C] () -- C:\Users\Owner\Desktop\sanjose.jpg
[2010/04/27 16:36:16 | 000,004,667 | ---- | C] () -- C:\Users\Owner\Desktop\squidrow.jpg
[2010/04/27 16:03:12 | 000,003,350 | ---- | C] () -- C:\Users\Owner\froder (1) - Copy (1).jpg
[2010/04/27 14:24:35 | 000,018,364 | ---- | C] () -- C:\Users\Owner\Cruise1.jpg
[2010/04/27 11:00:12 | 000,000,942 | ---- | C] () -- C:\Users\Owner\Yahoo! Messenger.lnk
[2010/04/27 05:43:51 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010/04/27 02:53:24 | 000,001,647 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010/04/27 02:52:49 | 000,582,365 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavifw.avm
[2010/04/27 02:52:49 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010/04/27 02:52:33 | 059,354,843 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/27 02:24:58 | 000,000,036 | ---- | C] () -- C:\Users\Owner\AppData\Local\housecall.guid.cache
[2010/04/27 02:14:56 | 000,000,996 | ---- | C] () -- C:\Users\Owner\Desktop\Trend Micro Security Software Download Manager.lnk
[2010/04/26 16:13:43 | 000,003,350 | ---- | C] () -- C:\Users\Owner\froder (1).jpg
[2010/04/26 15:03:14 | 000,018,504 | ---- | C] () -- C:\Users\Owner\cabo3.jpg
[2010/04/26 15:03:00 | 000,018,504 | ---- | C] () -- C:\Users\Owner\cabo2.jpg
[2010/04/26 15:01:51 | 000,021,851 | ---- | C] () -- C:\Users\Owner\frat.jpg
[2010/04/26 15:01:23 | 000,018,504 | ---- | C] () -- C:\Users\Owner\Desktop\cabo2.jpg
[2010/04/26 15:01:04 | 000,001,594 | ---- | C] () -- C:\Users\Owner\cabo1.jpg
[2010/04/26 15:00:33 | 000,001,594 | ---- | C] () -- C:\Users\Owner\phil2.jpg
[2010/04/26 10:07:51 | 000,000,680 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2010/04/22 02:04:20 | 000,000,000 | ---- | C] () -- C:\Users\Owner\defogger_reenable
[2010/04/20 09:36:05 | 000,326,895 | ---- | C] () -- C:\Users\Owner\Desktop\COBRAeligibilityforms.pdf
[2010/04/20 09:06:26 | 000,462,604 | ---- | C] () -- C:\Users\Owner\Desktop\SIEDLIKemailsUPDATED.pdf
[2010/04/20 05:49:41 | 000,296,111 | ---- | C] () -- C:\Users\Owner\Desktop\ConfidFilingSheetSIEDLIKREPLEVIN.pdf
[2010/04/20 04:26:28 | 000,357,678 | ---- | C] () -- C:\Users\Owner\Desktop\InformapaupSIEDLIKREPLEVIN.pdf
[2010/04/19 17:50:32 | 000,234,799 | ---- | C] () -- C:\Users\Owner\Desktop\Phil Jaax COBRA Invoice.pdf
[2010/04/15 09:07:19 | 001,679,481 | ---- | C] () -- C:\Users\Owner\Desktop\f656b.pdf
[2010/04/15 06:53:21 | 000,209,882 | ---- | C] () -- C:\Users\Owner\Desktop\Jaax2009TaxReturnHR.pdf
[2010/04/12 11:56:54 | 000,300,147 | ---- | C] () -- C:\Users\Owner\Desktop\TITLESREGISTRATION.pdf
[2010/04/12 11:56:30 | 003,582,494 | ---- | C] () -- C:\Users\Owner\Desktop\SIEDLIKemails.pdf
[2010/04/12 11:55:56 | 000,517,041 | ---- | C] () -- C:\Users\Owner\Desktop\SiedlikLastDemandLTR.pdf
[2010/04/10 05:14:18 | 000,002,042 | ---- | C] () -- C:\Users\Owner\Desktop\Google Chrome.lnk
[2010/04/10 05:13:10 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000UA.job
[2010/04/10 05:13:09 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-590825528-3676777514-165104037-1000Core.job
[2010/04/08 12:55:07 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/08 12:50:56 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/08 12:36:56 | 000,000,422 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{AB3A6B77-1C62-4A36-BCA2-38F52F9EFCCE}.job
[2010/04/08 10:49:29 | 000,099,810 | ---- | C] () -- C:\Users\Owner\Desktop\WorkSourceMOunemployment.pdf
[2010/04/08 10:49:29 | 000,013,508 | ---- | C] () -- C:\Users\Owner\Desktop\SS4JCW.pdf
[2010/04/08 10:49:28 | 000,995,281 | ---- | C] () -- C:\Users\Owner\Desktop\MOUnemploymentBenefits.pdf
[2010/04/08 10:49:28 | 000,444,678 | ---- | C] () -- C:\Users\Owner\Desktop\PhilJaaxSIG.bmp
[2010/04/08 10:49:28 | 000,107,974 | ---- | C] () -- C:\Users\Owner\Desktop\ID1.pdf
[2010/04/08 10:49:28 | 000,065,446 | ---- | C] () -- C:\Users\Owner\Desktop\MOReplevinCaseLaw.docx
[2010/04/08 10:49:28 | 000,057,607 | ---- | C] () -- C:\Users\Owner\Desktop\MOBoatRegistration.pdf
[2010/04/08 10:49:28 | 000,056,832 | ---- | C] () -- C:\Users\Owner\Desktop\JaaxResume2010.doc
[2010/04/08 10:49:28 | 000,050,177 | ---- | C] () -- C:\Users\Owner\Desktop\MOBARRemediesReplevin.docx
[2010/04/08 10:49:28 | 000,022,885 | ---- | C] () -- C:\Users\Owner\Desktop\NONADSAPE.pdf
[2010/04/08 10:49:28 | 000,020,481 | ---- | C] () -- C:\Users\Owner\Desktop\ReaganPoster.JPEG
[2010/04/08 10:49:28 | 000,013,593 | ---- | C] () -- C:\Users\Owner\Desktop\Ras Dialer Malware.docx
[2010/04/08 10:49:28 | 000,013,468 | ---- | C] () -- C:\Users\Owner\Desktop\PhilJaaxSIG.jpg
[2010/04/08 10:49:24 | 000,310,496 | ---- | C] () -- C:\Users\Owner\Desktop\Emergency_Replevin_Packet.pdf
[2010/04/08 10:49:24 | 000,178,314 | ---- | C] () -- C:\Users\Owner\bushie.jpg
[2010/04/08 10:49:24 | 000,114,356 | ---- | C] () -- C:\Users\Owner\Desktop\CLEMoBarINJUNCTIONS.pdf
[2010/04/08 10:49:24 | 000,034,081 | ---- | C] () -- C:\Users\Owner\Desktop\CoverLetterJaax2010.docx
[2010/04/08 10:49:24 | 000,029,255 | ---- | C] () -- C:\Users\Owner\Desktop\Chapter 3 DECLARATORY JUDGMENTS.docx
[2010/04/08 10:49:24 | 000,000,393 | ---- | C] () -- C:\Users\Owner\Canni.txt
[2010/04/08 10:44:47 | 001,733,719 | ---- | C] () -- C:\Users\Owner\Documents\WhyIraqIsTakingSoLong.wmv
[2010/04/08 10:44:47 | 000,880,621 | ---- | C] () -- C:\Users\Owner\Documents\Web300Capture.docx
[2010/04/08 10:44:47 | 000,015,330 | ---- | C] () -- C:\Users\Owner\Documents\Untitled.mbw
[2010/04/08 10:44:47 | 000,000,162 | -HS- | C] () -- C:\Users\Owner\Documents\~$&T Matrix Consult.docx
[2010/04/08 10:44:46 | 005,531,382 | ---- | C] () -- C:\Users\Owner\Documents\TitleBack1.bmp
[2010/04/08 10:44:45 | 005,505,462 | ---- | C] () -- C:\Users\Owner\Documents\Title 1.bmp
[2010/04/08 10:44:45 | 000,464,782 | ---- | C] () -- C:\Users\Owner\Documents\SBAPersonalFinances1.doc
[2010/04/08 10:44:45 | 000,232,960 | ---- | C] () -- C:\Users\Owner\Documents\te Member of The Poindexler Group of Companies.doc
[2010/04/08 10:44:45 | 000,223,929 | ---- | C] () -- C:\Users\Owner\Documents\Signature.docx
[2010/04/08 10:44:45 | 000,089,651 | ---- | C] () -- C:\Users\Owner\Documents\Swiss Franc Per US Dollar.pdf
[2010/04/08 10:44:45 | 000,026,996 | ---- | C] () -- C:\Users\Owner\Documents\SSPDFD
[2010/04/08 10:44:45 | 000,018,808 | ---- | C] () -- C:\Users\Owner\Documents\task_two_template[1].docm
[2010/04/08 10:44:44 | 005,515,830 | ---- | C] () -- C:\Users\Owner\Documents\ReleaseBack1.bmp
[2010/04/08 10:44:43 | 005,531,382 | ---- | C] () -- C:\Users\Owner\Documents\Release1.bmp
[2010/04/08 10:44:43 | 000,312,748 | ---- | C] () -- C:\Users\Owner\Documents\PhysicianStatementDOC.docx
[2010/04/08 10:44:43 | 000,212,819 | ---- | C] () -- C:\Users\Owner\Documents\Personal at farmstead.docx
[2010/04/08 10:44:43 | 000,210,225 | ---- | C] () -- C:\Users\Owner\Documents\Old Resume, Jaax.docx
[2010/04/08 10:44:43 | 000,044,032 | ---- | C] () -- C:\Users\Owner\Documents\PREQUALWORKSHEET.doc
[2010/04/08 10:44:42 | 003,284,992 | ---- | C] () -- C:\Users\Owner\Documents\My Money.mny
[2010/04/08 10:44:42 | 000,213,728 | ---- | C] () -- C:\Users\Owner\Documents\OCT 24 DEFAULT1.docx
[2010/04/08 10:44:42 | 000,212,824 | ---- | C] () -- C:\Users\Owner\Documents\MOStateGovernor.docx
[2010/04/08 10:44:42 | 000,075,264 | ---- | C] () -- C:\Users\Owner\Documents\LaborWaivers.wps
[2010/04/08 10:44:42 | 000,065,290 | ---- | C] () -- C:\Users\Owner\Documents\MotionToSealMEDICAL.pdf
[2010/04/08 10:44:42 | 000,060,894 | ---- | C] () -- C:\Users\Owner\Documents\MacResourceFork
[2010/04/08 10:44:42 | 000,017,117 | ---- | C] () -- C:\Users\Owner\Documents\message_zdm.html
[2010/04/08 10:44:41 | 006,487,447 | ---- | C] () -- C:\Users\Owner\Documents\HomePhotos001.zip
[2010/04/08 10:44:41 | 000,267,401 | ---- | C] () -- C:\Users\Owner\Documents\Justin 2.jpg
[2010/04/08 10:44:41 | 000,018,227 | ---- | C] () -- C:\Users\Owner\Documents\JG3494.pdf
[2010/04/08 10:44:41 | 000,014,807 | ---- | C] () -- C:\Users\Owner\Documents\GESTORI PATRIMONIALI SS4.pdf
[2010/04/08 10:44:40 | 000,242,331 | ---- | C] () -- C:\Users\Owner\Documents\FTCTheftAffadavit.pdf
[2010/04/08 10:44:39 | 000,025,600 | ---- | C] () -- C:\Users\Owner\Documents\Employ.doc
[2010/04/08 10:44:39 | 000,004,354 | ---- | C] () -- C:\Users\Owner\Documents\Employ.wpd
[2010/04/08 10:44:38 | 000,042,879 | ---- | C] () -- C:\Users\Owner\Documents\eBillServletAug05.pdf
[2010/04/08 10:44:38 | 000,000,000 | ---- | C] () -- C:\Users\Owner\Documents\eFax_4_4_Port
[2010/04/08 10:44:38 | 000,000,000 | ---- | C] () -- C:\Users\Owner\Documents\eFax_4_3_Port
[2010/04/08 10:44:37 | 001,358,218 | ---- | C] () -- C:\Users\Owner\Documents\DSCN0200.JPG
[2010/04/08 10:44:37 | 000,151,534 | ---- | C] () -- C:\Users\Owner\Documents\CORPSTOCKS.pdf
[2010/04/08 10:44:37 | 000,141,889 | ---- | C] () -- C:\Users\Owner\Documents\CivilCoverSheetPDFKS.pdf
[2010/04/08 10:44:36 | 000,021,582 | ---- | C] () -- C:\Users\Owner\Documents\bind3.pdf
[2010/04/08 10:44:36 | 000,005,460 | ---- | C] () -- C:\Users\Owner\Documents\bind2.pdf
[2010/04/08 10:44:35 | 005,531,382 | ---- | C] () -- C:\Users\Owner\Documents\Bill Of Sale.bmp
[2010/04/08 10:44:35 | 000,221,851 | ---- | C] () -- C:\Users\Owner\Documents\AT&T Matrix Consult.docx
[2010/04/08 10:44:35 | 000,006,997 | ---- | C] () -- C:\Users\Owner\Documents\back.jpg
[2010/04/08 10:44:34 | 000,290,952 | ---- | C] () -- C:\Users\Owner\Documents\5010-2198_r2_Premier%20Promo_080108_092008[1].pdf
[2010/04/08 10:44:34 | 000,236,052 | ---- | C] () -- C:\Users\Owner\Documents\Additional INFO on ID Thief.docx
[2010/04/08 10:44:34 | 000,144,538 | ---- | C] () -- C:\Users\Owner\Documents\204512-DF.zip
[2010/04/08 10:44:34 | 000,075,512 | ---- | C] () -- C:\Users\Owner\Documents\Application-153572.pdf
[2010/04/08 10:44:34 | 000,043,056 | ---- | C] () -- C:\Users\Owner\Documents\59269449.efx
[2010/04/08 10:44:34 | 000,014,492 | ---- | C] () -- C:\Users\Owner\Documents\68d03111.efx
[2010/04/08 10:44:34 | 000,009,460 | ---- | C] () -- C:\Users\Owner\Documents\6a29d710.efx
[2010/04/08 10:44:33 | 005,521,014 | ---- | C] () -- C:\Users\Owner\Documents\18168171713@messages_efax_com_85167_20080617102406.bmp
[2010/04/08 10:44:33 | 000,331,252 | ---- | C] () -- C:\Users\Owner\Documents\$vFBCC.wav
[2010/04/08 10:44:33 | 000,291,124 | ---- | C] () -- C:\Users\Owner\Documents\$vED36.wav
[2010/04/08 10:44:33 | 000,181,876 | ---- | C] () -- C:\Users\Owner\Documents\$vF96A.wav
[2010/04/08 10:44:33 | 000,170,478 | ---- | C] () -- C:\Users\Owner\Documents\$vF6F4.wav
[2010/04/08 10:44:33 | 000,162,292 | ---- | C] () -- C:\Users\Owner\Documents\$vFDDA.wav
[2010/04/08 10:44:33 | 000,136,180 | ---- | C] () -- C:\Users\Owner\Documents\$vEAEB.wav
[2010/04/08 10:44:33 | 000,112,276 | ---- | C] () -- C:\Users\Owner\Documents\$vF703.wav
[2010/04/08 10:44:33 | 000,069,640 | ---- | C] () -- C:\Users\Owner\Documents\$vFAF5.wav
[2010/04/08 10:44:33 | 000,064,468 | ---- | C] () -- C:\Users\Owner\Documents\$vEF2.wav
[2010/04/08 10:44:33 | 000,056,872 | ---- | C] () -- C:\Users\Owner\Documents\$vFB49.wav
[2010/04/08 10:44:32 | 000,577,492 | ---- | C] () -- C:\Users\Owner\Documents\$vD1C1.wav
[2010/04/08 10:44:32 | 000,289,780 | ---- | C] () -- C:\Users\Owner\Documents\$vDA2D.wav
[2010/04/08 10:44:32 | 000,252,820 | ---- | C] () -- C:\Users\Owner\Documents\$vBF79.wav
[2010/04/08 10:44:32 | 000,197,332 | ---- | C] () -- C:\Users\Owner\Documents\$vD783.wav
[2010/04/08 10:44:32 | 000,171,988 | ---- | C] () -- C:\Users\Owner\Documents\$vC260.wav
[2010/04/08 10:44:32 | 000,164,404 | ---- | C] () -- C:\Users\Owner\Documents\$vD338.wav
[2010/04/08 10:44:32 | 000,135,796 | ---- | C] () -- C:\Users\Owner\Documents\$vC69.wav
[2010/04/08 10:44:32 | 000,122,644 | ---- | C] () -- C:\Users\Owner\Documents\$vC950.wav
[2010/04/08 10:44:32 | 000,081,076 | ---- | C] () -- C:\Users\Owner\Documents\$vD0DD.wav
[2010/04/08 10:44:32 | 000,055,540 | ---- | C] () -- C:\Users\Owner\Documents\$vC1EB.wav
[2010/04/08 10:44:31 | 000,249,556 | ---- | C] () -- C:\Users\Owner\Documents\$vB1A2.wav
[2010/04/08 10:44:31 | 000,246,100 | ---- | C] () -- C:\Users\Owner\Documents\$vAAC5.wav
[2010/04/08 10:44:31 | 000,220,468 | ---- | C] () -- C:\Users\Owner\Documents\$vBA08.wav
[2010/04/08 10:44:31 | 000,213,268 | ---- | C] () -- C:\Users\Owner\Documents\$vB363.wav
[2010/04/08 10:44:31 | 000,172,852 | ---- | C] () -- C:\Users\Owner\Documents\$vB35A.wav
[2010/04/08 10:44:31 | 000,136,564 | ---- | C] () -- C:\Users\Owner\Documents\$vADE2.wav
[2010/04/08 10:44:31 | 000,075,028 | ---- | C] () -- C:\Users\Owner\Documents\$vA2C6.wav
[2010/04/08 10:44:31 | 000,069,640 | ---- | C] () -- C:\Users\Owner\Documents\$vA5C6.wav
[2010/04/08 10:44:30 | 001,119,412 | ---- | C] () -- C:\Users\Owner\Documents\$v96D1.wav
[2010/04/08 10:44:30 | 000,862,996 | ---- | C] () -- C:\Users\Owner\Documents\$vA080.wav
[2010/04/08 10:44:30 | 000,375,700 | ---- | C] () -- C:\Users\Owner\Documents\$v9CF8.wav
[2010/04/08 10:44:30 | 000,253,588 | ---- | C] () -- C:\Users\Owner\Documents\$v8E19.wav
[2010/04/08 10:44:30 | 000,188,308 | ---- | C] () -- C:\Users\Owner\Documents\$v821D.wav
[2010/04/08 10:44:30 | 000,155,092 | ---- | C] () -- C:\Users\Owner\Documents\$v80F3.wav
[2010/04/08 10:44:30 | 000,105,844 | ---- | C] () -- C:\Users\Owner\Documents\$v7EE.wav
[2010/04/08 10:44:30 | 000,056,200 | ---- | C] () -- C:\Users\Owner\Documents\$v8725.wav
[2010/04/08 10:44:29 | 000,219,028 | ---- | C] () -- C:\Users\Owner\Documents\$v65B9.wav
[2010/04/08 10:44:29 | 000,216,628 | ---- | C] () -- C:\Users\Owner\Documents\$v70B.wav
[2010/04/08 10:44:29 | 000,210,964 | ---- | C] () -- C:\Users\Owner\Documents\$v70A3.wav
[2010/04/08 10:44:28 | 000,277,780 | ---- | C] () -- C:\Users\Owner\Documents\$v64D1.wav
[2010/04/08 10:44:27 | 000,320,980 | ---- | C] () -- C:\Users\Owner\Documents\$v50F9.wav
[2010/04/08 10:44:27 | 000,241,876 | ---- | C] () -- C:\Users\Owner\Documents\$v5F26.wav
[2010/04/08 10:44:27 | 000,220,372 | ---- | C] () -- C:\Users\Owner\Documents\$v6214.wav
[2010/04/08 10:44:27 | 000,203,188 | ---- | C] () -- C:\Users\Owner\Documents\$v5A6A.wav
[2010/04/08 10:44:27 | 000,152,884 | ---- | C] () -- C:\Users\Owner\Documents\$v5912.wav
[2010/04/08 10:44:27 | 000,116,596 | ---- | C] () -- C:\Users\Owner\Documents\$v4DD6.wav
[2010/04/08 10:44:27 | 000,069,640 | ---- | C] () -- C:\Users\Owner\Documents\$v601A.wav
[2010/04/08 10:44:27 | 000,058,888 | ---- | C] () -- C:\Users\Owner\Documents\$v5768.wav
[2010/04/08 10:44:26 | 000,343,252 | ---- | C] () -- C:\Users\Owner\Documents\$v40AE.wav
[2010/04/08 10:44:26 | 000,231,604 | ---- | C] () -- C:\Users\Owner\Documents\$v343C.wav
[2010/04/08 10:44:26 | 000,097,684 | ---- | C] () -- C:\Users\Owner\Documents\$v3E75.wav
[2010/04/08 10:44:26 | 000,084,148 | ---- | C] () -- C:\Users\Owner\Documents\$v3AFB.wav
[2010/04/08 10:44:26 | 000,069,736 | ---- | C] () -- C:\Users\Owner\Documents\$v3C2A.wav
[2010/04/08 10:44:26 | 000,047,668 | ---- | C] () -- C:\Users\Owner\Documents\$v407C.wav
[2010/04/08 10:44:25 | 000,478,612 | ---- | C] () -- C:\Users\Owner\Documents\$v11D0.wav
[2010/04/08 10:44:25 | 000,298,708 | ---- | C] () -- C:\Users\Owner\Documents\$v1C99.wav
[2010/04/08 10:44:25 | 000,215,476 | ---- | C] () -- C:\Users\Owner\Documents\$v31E4.wav
[2010/04/08 10:44:25 | 000,157,012 | ---- | C] () -- C:\Users\Owner\Documents\$v2D67.wav
[2010/04/08 10:44:25 | 000,134,932 | ---- | C] () -- C:\Users\Owner\Documents\$v2275.wav
[2010/04/08 10:44:25 | 000,115,060 | ---- | C] () -- C:\Users\Owner\Documents\$v1294.wav
[2010/04/08 10:44:25 | 000,111,316 | ---- | C] () -- C:\Users\Owner\Documents\$v2046.wav
[2010/04/08 10:05:19 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/04/08 10:05:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/04/08 10:05:17 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2010/04/08 09:42:05 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010/04/08 08:56:20 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010/04/08 08:20:26 | 000,000,020 | -HS- | C] () -- C:\Users\Owner\ntuser.ini
[2010/04/08 08:20:25 | 000,786,432 | -HS- | C] () -- C:\Users\Owner\ntuser.dat
[2010/04/08 08:20:25 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/04/08 08:20:25 | 000,524,288 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/04/08 08:20:25 | 000,262,144 | -H-- | C] () -- C:\Users\Owner\ntuser.dat.LOG1
[2010/04/08 08:20:25 | 000,065,536 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/04/08 08:20:25 | 000,000,000 | -H-- | C] () -- C:\Users\Owner\ntuser.dat.LOG2
[2010/04/07 17:33:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/04/07 17:30:18 | 000,003,432 | ---- | C] () -- C:\Windows\System32\USBMediaReaderPatch.vbs
[2010/04/07 17:30:05 | 000,024,536 | ---- | C] () -- C:\Windows\System32\gateway.bmp
[2010/04/07 17:20:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Gateway_M-1625_Rev.1_T4C8311023505.MRK
[2010/04/07 17:20:30 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Gateway_M-1625_Rev.1_T000000000000.MRK
[2010/04/07 17:06:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2010/04/07 17:02:28 | 005,631,520 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2010/04/07 17:02:28 | 000,005,430 | ---- | C] () -- C:\Windows\System\MyMulti.ico
[2010/04/07 16:56:18 | 000,000,002 | RHS- | C] () -- C:\USER
[2008/02/28 04:21:40 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/02/28 04:21:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
< End of report >


OTL Extras logfile created on: 4/28/2010 4:59:47 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Owner\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 163.39 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
Drive D: | 11.04 Gb Total Space | 5.20 Gb Free Space | 47.15% Space Free | Partition Type: NTFS
Drive E: | 336.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13926DCD-65BC-4F17-983E-10914F6542A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{63901BF4-1D6C-44EE-8184-52750A32823F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2716AFE3-4F5D-48E6-A970-B082F1E9B1AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2DD33374-D175-4050-90B7-3D0E5AACBB0E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{46E61B64-6705-44F9-B4C4-CF527A440089}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5EE0B018-3E3F-4B93-986D-69DE26BF1102}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{72127CBB-E383-4D8D-A9A9-F5FA2F9E4D08}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{76F089EB-599A-41C3-AAB9-6516119032D4}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{7F9A7A6B-B215-4B4B-9A25-786763992552}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8BE09EA6-D659-45C5-A83D-AD15073D6319}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{9A0B9764-2989-43E2-9A7D-6AA645C6A35E}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{B94FA793-A11A-45A1-AE46-7F0F695EB4F5}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{E59E8C5A-653D-4A8A-9A78-9BC5CEFB0D4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED8546B1-890E-4D53-979A-2F7002F3B2A8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F5E49ACF-010C-4112-886A-F124EBCD40AD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F7E66FEF-AAC9-4872-8D35-A444108F1C8A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB6767CD-2E49-46A7-905F-2A6BD1D0F58C}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{063DC142-5A3A-E852-91C4-0545F96B5727}" = CCC Help Korean
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK USB Wireless LAN Driver
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0A93078B-99A3-A423-287D-9A8E333A2D19}" = Catalyst Control Center Localization Danish
"{0CBE0739-F4B5-0E6E-6A8D-B73ECAE899F8}" = CCC Help Spanish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18791C60-974F-3583-FE10-DA060B7FA548}" = CCC Help Italian
"{1A600D5C-BF72-1507-67EE-1489559B9B90}" = CCC Help Greek
"{1D6B31D6-D8B3-72D9-810D-E4AC5283A53C}" = CCC Help English
"{1D6D5D93-7BE8-6A9C-4127-5EB76FC31560}" = CCC Help Chinese Traditional
"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English
"{2117DD76-84E8-DCDA-9812-F21B97DE7205}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{298C0094-D55E-0B88-9BF5-719AC3E38346}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3E0E8F2D-C787-DE88-926C-BC8D9998BAD0}" = Catalyst Control Center Localization Korean
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{43012611-9E99-1CBE-FB5B-26A2609B1600}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50BD5E8E-D7F7-71D6-ADB9-EEEDF245CBDD}" = CCC Help Japanese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58C9270B-81D1-C5F9-4C90-BB64BF5D7C31}" = CCC Help German
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5FC53759-ABEC-F632-0A7E-F04A84EE5C72}" = ccc-utility
"{62EDD7EF-709A-6AC7-E9CD-9B04302CFBA1}" = Skins
"{64C00487-1E09-D372-DEC5-34FDE150D405}" = Catalyst Control Center Graphics Full Existing
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B8BF508-4083-F2AC-7573-4D80A4604E79}" = Catalyst Control Center Localization Dutch
"{6D56B1BC-FACC-F1B1-9CF3-8BD8B82EB995}" = Catalyst Control Center Localization Czech
"{72D885B4-43E7-EAA6-4CC5-27BC7825EBAD}" = CCC Help Finnish
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B0F9399-948E-D49F-8D2D-6801C5FDAA0F}" = Catalyst Control Center Localization Hungarian
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{800852D7-5C84-A6CB-7192-8589A25016C5}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{890B30AF-6D07-32E9-E700-26151A158D52}" = CCC Help Danish
"{8D11867D-A063-64FF-4043-5C820F882286}" = ccc-core-static
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95FBF7C7-8FF3-23D9-5064-0DB50CA282DA}" = ATI Catalyst Install Manager
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9B3E994A-5A3F-A698-B0C1-B83D9480D842}" = CCC Help Turkish
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A9B98EE3-4335-FE0A-89EA-B1C7E439A98E}" = CCC Help Portuguese
"{AA136D9D-0CF9-E1CB-FC10-FFF9784976BD}" = Catalyst Control Center Localization Spanish
"{AC26EFB0-C96C-F103-7835-3DBA8ECED189}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B42DCB6E-94A7-5A99-D220-2C6F14B0468B}" = Catalyst Control Center Core Implementation
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B77BCD75-4C59-E72E-9AA7-CEF9BA9B83BF}" = CCC Help Thai
"{B8C114DA-8E9C-CDB7-1A97-0833383B29B1}" = Catalyst Control Center Localization Chinese Standard
"{BC623487-B96E-1678-309C-17EA85734E2C}" = Catalyst Control Center Localization French
"{BC8A10E2-0CAD-9837-620E-E0B1B669AF3B}" = Catalyst Control Center Localization Finnish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FA57DA-9438-555B-8A20-B562CF8D474C}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF466D58-41A9-421C-680F-2B188E309F7F}" = CCC Help Swedish
"{D2FE1BB0-270B-BB51-2229-1370054C649D}" = Catalyst Control Center Localization Thai
"{D36C49AE-B7E9-6F43-90DA-041CF2F38F10}" = Catalyst Control Center Localization Swedish
"{D4BD7B7C-7669-EE84-7E50-C651CE66438D}" = CCC Help Dutch
"{D4FBEF05-972D-2352-0C42-BEDD73AF7C0C}" = Catalyst Control Center Localization Polish
"{D7A9B7CB-FF70-7A81-8965-0D7687349290}" = Catalyst Control Center Localization Norwegian
"{D7CED4B5-3E37-5662-D7EE-2D1B7497E2FA}" = Catalyst Control Center Localization Turkish
"{D80849F0-86F2-1F57-A624-6EA41E7650D6}" = Catalyst Control Center Localization Italian
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCB2E9FB-B3BB-84C0-9617-4C62D206E79D}" = CCC Help French
"{DDC5E8D9-FEDC-329E-BCDB-D349ADA694C9}" = Catalyst Control Center Localization Japanese
"{DE4763D5-3DB4-A0A1-A093-F41425C06591}" = Catalyst Control Center Localization Greek
"{E07CB327-E2FD-04D3-0E69-B969B46FF01E}" = CCC Help Chinese Standard
"{EC3325FB-3CF8-DBE7-5642-2FC145337FE8}" = Catalyst Control Center Graphics Full New
"{EC864669-0544-DB41-76AE-7DDBA1CC48F1}" = Catalyst Control Center Graphics Previews Vista
"{ED6BD392-F005-F339-78A2-515C2F7EFD47}" = CCC Help Norwegian
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F2B6681E-ADF9-BC42-2D6B-3D17C14714A2}" = Catalyst Control Center Localization Russian
"{F32B8AE1-98EF-AEBD-E18F-9A6EC0407F5D}" = Catalyst Control Center Localization German
"{FDA53C49-0B77-5CB6-B44F-8ACBDDD1CA17}" = Catalyst Control Center Localization Chinese Traditional
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG 9.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money Essentials
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent gateway Master Uninstall" = Gateway Games
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2010 12:53:29 AM | Computer Name = Owner-PC | Source = Application Virtualization Client | ID = 6096
Description = {tid=C7C} An error occurred while opening the virtual registry (section:
false), rc: 07B01F0C-0000004A

Error - 4/27/2010 1:24:22 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 1:32:17 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/27/2010 1:33:13 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 1:42:56 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/27/2010 1:57:23 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 2:04:30 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 2:09:18 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 4/27/2010 2:14:11 AM | Computer Name = Owner-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {20140062-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 4/27/2010 2:23:03 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4/27/2010 3:02:13 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 4/27/2010 3:15:50 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/27/2010 3:33:38 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/27/2010 3:56:59 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 4/27/2010 3:59:26 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 4/27/2010 4:00:11 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/28/2010 2:48:32 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#7 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 28 April 2010 - 05:21 PM

HERE IS EXTRAS.. This thing is really trying to mess things up.. AGAIN CANNOT DOWNLOAD GMER FROM THE MIRRORS

OTL Extras logfile created on: 4/28/2010 4:59:47 PM - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Users\Owner\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.84 Gb Total Space | 163.39 Gb Free Space | 73.65% Space Free | Partition Type: NTFS
Drive D: | 11.04 Gb Total Space | 5.20 Gb Free Space | 47.15% Space Free | Partition Type: NTFS
Drive E: | 336.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{13926DCD-65BC-4F17-983E-10914F6542A6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{63901BF4-1D6C-44EE-8184-52750A32823F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2716AFE3-4F5D-48E6-A970-B082F1E9B1AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2DD33374-D175-4050-90B7-3D0E5AACBB0E}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{46E61B64-6705-44F9-B4C4-CF527A440089}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5EE0B018-3E3F-4B93-986D-69DE26BF1102}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{72127CBB-E383-4D8D-A9A9-F5FA2F9E4D08}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{76F089EB-599A-41C3-AAB9-6516119032D4}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{7F9A7A6B-B215-4B4B-9A25-786763992552}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8BE09EA6-D659-45C5-A83D-AD15073D6319}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{9A0B9764-2989-43E2-9A7D-6AA645C6A35E}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{B94FA793-A11A-45A1-AE46-7F0F695EB4F5}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{E59E8C5A-653D-4A8A-9A78-9BC5CEFB0D4C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED8546B1-890E-4D53-979A-2F7002F3B2A8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F5E49ACF-010C-4112-886A-F124EBCD40AD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F7E66FEF-AAC9-4872-8D35-A444108F1C8A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FB6767CD-2E49-46A7-905F-2A6BD1D0F58C}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{063DC142-5A3A-E852-91C4-0545F96B5727}" = CCC Help Korean
"{06FE1146-4FF8-45DF-B0D9-CBA8E38C708C}" = REALTEK USB Wireless LAN Driver
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0A93078B-99A3-A423-287D-9A8E333A2D19}" = Catalyst Control Center Localization Danish
"{0CBE0739-F4B5-0E6E-6A8D-B73ECAE899F8}" = CCC Help Spanish
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{18791C60-974F-3583-FE10-DA060B7FA548}" = CCC Help Italian
"{1A600D5C-BF72-1507-67EE-1489559B9B90}" = CCC Help Greek
"{1D6B31D6-D8B3-72D9-810D-E4AC5283A53C}" = CCC Help English
"{1D6D5D93-7BE8-6A9C-4127-5EB76FC31560}" = CCC Help Chinese Traditional
"{20140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 (Beta)
"{20140062-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 (Beta) - English
"{2117DD76-84E8-DCDA-9812-F21B97DE7205}" = CCC Help Polish
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{298C0094-D55E-0B88-9BF5-719AC3E38346}" = Catalyst Control Center Graphics Light
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{39098402-3F7A-4257-A4AE-FC1181D1B40B}" = Camera Assistant Software for Gateway
"{3E0E8F2D-C787-DE88-926C-BC8D9998BAD0}" = Catalyst Control Center Localization Korean
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{43012611-9E99-1CBE-FB5B-26A2609B1600}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50BD5E8E-D7F7-71D6-ADB9-EEEDF245CBDD}" = CCC Help Japanese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{58C9270B-81D1-C5F9-4C90-BB64BF5D7C31}" = CCC Help German
"{5F00DF7E-418B-4CD9-8EC5-781156BCC49E}" = Microsoft Money Shared Libraries
"{5FC53759-ABEC-F632-0A7E-F04A84EE5C72}" = ccc-utility
"{62EDD7EF-709A-6AC7-E9CD-9B04302CFBA1}" = Skins
"{64C00487-1E09-D372-DEC5-34FDE150D405}" = Catalyst Control Center Graphics Full Existing
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6B8BF508-4083-F2AC-7573-4D80A4604E79}" = Catalyst Control Center Localization Dutch
"{6D56B1BC-FACC-F1B1-9CF3-8BD8B82EB995}" = Catalyst Control Center Localization Czech
"{72D885B4-43E7-EAA6-4CC5-27BC7825EBAD}" = CCC Help Finnish
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7B0F9399-948E-D49F-8D2D-6801C5FDAA0F}" = Catalyst Control Center Localization Hungarian
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{800852D7-5C84-A6CB-7192-8589A25016C5}" = CCC Help Russian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{890B30AF-6D07-32E9-E700-26151A158D52}" = CCC Help Danish
"{8D11867D-A063-64FF-4043-5C820F882286}" = ccc-core-static
"{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}" = Adobe Flash Player 9 ActiveX
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95FBF7C7-8FF3-23D9-5064-0DB50CA282DA}" = ATI Catalyst Install Manager
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9B3E994A-5A3F-A698-B0C1-B83D9480D842}" = CCC Help Turkish
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A9B98EE3-4335-FE0A-89EA-B1C7E439A98E}" = CCC Help Portuguese
"{AA136D9D-0CF9-E1CB-FC10-FFF9784976BD}" = Catalyst Control Center Localization Spanish
"{AC26EFB0-C96C-F103-7835-3DBA8ECED189}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B42DCB6E-94A7-5A99-D220-2C6F14B0468B}" = Catalyst Control Center Core Implementation
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B77BCD75-4C59-E72E-9AA7-CEF9BA9B83BF}" = CCC Help Thai
"{B8C114DA-8E9C-CDB7-1A97-0833383B29B1}" = Catalyst Control Center Localization Chinese Standard
"{BC623487-B96E-1678-309C-17EA85734E2C}" = Catalyst Control Center Localization French
"{BC8A10E2-0CAD-9837-620E-E0B1B669AF3B}" = Catalyst Control Center Localization Finnish
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FA57DA-9438-555B-8A20-B562CF8D474C}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF466D58-41A9-421C-680F-2B188E309F7F}" = CCC Help Swedish
"{D2FE1BB0-270B-BB51-2229-1370054C649D}" = Catalyst Control Center Localization Thai
"{D36C49AE-B7E9-6F43-90DA-041CF2F38F10}" = Catalyst Control Center Localization Swedish
"{D4BD7B7C-7669-EE84-7E50-C651CE66438D}" = CCC Help Dutch
"{D4FBEF05-972D-2352-0C42-BEDD73AF7C0C}" = Catalyst Control Center Localization Polish
"{D7A9B7CB-FF70-7A81-8965-0D7687349290}" = Catalyst Control Center Localization Norwegian
"{D7CED4B5-3E37-5662-D7EE-2D1B7497E2FA}" = Catalyst Control Center Localization Turkish
"{D80849F0-86F2-1F57-A624-6EA41E7650D6}" = Catalyst Control Center Localization Italian
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCB2E9FB-B3BB-84C0-9617-4C62D206E79D}" = CCC Help French
"{DDC5E8D9-FEDC-329E-BCDB-D349ADA694C9}" = Catalyst Control Center Localization Japanese
"{DE4763D5-3DB4-A0A1-A093-F41425C06591}" = Catalyst Control Center Localization Greek
"{E07CB327-E2FD-04D3-0E69-B969B46FF01E}" = CCC Help Chinese Standard
"{EC3325FB-3CF8-DBE7-5642-2FC145337FE8}" = Catalyst Control Center Graphics Full New
"{EC864669-0544-DB41-76AE-7DDBA1CC48F1}" = Catalyst Control Center Graphics Previews Vista
"{ED6BD392-F005-F339-78A2-515C2F7EFD47}" = CCC Help Norwegian
"{EE5EEDAF-F932-462B-A2CB-EEBDF819D5F5}" = Gateway Connect
"{F2B6681E-ADF9-BC42-2D6B-3D17C14714A2}" = Catalyst Control Center Localization Russian
"{F32B8AE1-98EF-AEBD-E18F-9A6EC0407F5D}" = Catalyst Control Center Localization German
"{FDA53C49-0B77-5CB6-B44F-8ACBDDD1CA17}" = Catalyst Control Center Localization Chinese Traditional
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG9Uninstall" = AVG 9.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2007b" = Microsoft Money Essentials
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010 (Beta)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent gateway Master Uninstall" = Gateway Games
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-590825528-3676777514-165104037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/27/2010 12:53:29 AM | Computer Name = Owner-PC | Source = Application Virtualization Client | ID = 6096
Description = {tid=C7C} An error occurred while opening the virtual registry (section:
false), rc: 07B01F0C-0000004A

Error - 4/27/2010 1:24:22 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 1:32:17 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/27/2010 1:33:13 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 1:42:56 AM | Computer Name = Owner-PC | Source = EventSystem | ID = 4609
Description =

Error - 4/27/2010 1:57:23 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 2:04:30 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/27/2010 2:09:18 AM | Computer Name = Owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =

Error - 4/27/2010 2:14:11 AM | Computer Name = Owner-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {20140062-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 4/27/2010 2:23:03 AM | Computer Name = Owner-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4/27/2010 3:02:13 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 4/27/2010 3:15:50 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/27/2010 3:33:38 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 4/27/2010 3:56:59 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10010
Description =

Error - 4/27/2010 3:59:26 AM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 4/27/2010 4:00:11 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/28/2010 2:48:32 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = DCOM | ID = 10005
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/28/2010 3:04:55 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >


#8 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 28 April 2010 - 05:51 PM

This is Google Redirect Virus is getting nuts, with MicroTrend before switching to AVG for now I had at least 3 or 4 computers every 15 MIN attached to my computer I had to block.. always downloading they were.. this thing refuses to let me go anywhere to get the real GMER. Screen flashes and all browsers get sent to alternate sites.. the www2.gmer.net/gmer.zip or gmer is MALWARE its horrible it shut down my computer already..

Someone called our home which is through the same internet we use for our computers and the phone is all messed up now.. Someone called with one ring only and I answered even with the defaulted ring and a woman said, do not alter or change your computer, we are tracking you through your Social Security Number 500-96-5837 Mr. Jaax. Do not be alarmed, it is only diagnostics from your new Anti Virus Program. I asked who are you and how did you get my social ! She didn't even hang up it just went blank like off the hook. I mean our internet phone is all messed up now its always the dial tone when you dial you have to dial now even locally using the area code and you can still hear the dial tone then it just connects somehow. It rings one time and people calling in most of the time say they can never get through its always messed up. Time Warner and Google need to get on this.. Because if its sleeping around America its about to have catestrophic consequences for a lot of people even globally..

#9 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 28 April 2010 - 07:58 PM

When I attempt to inspect the mirrors that hold the data for the right link which the browsers define as a redirected link I get this with the inspection of the element:

This webpage is not found.

No webpage was found for the web address: chrome://devtools/devtools.html

More information on this error
Below is the original error message

Error 6 (net::ERR_FILE_NOT_FOUND): The file or directory could not be found.

It's in the browsers.. Is there a full proof download of GMER with no ability to link to something else or a browser that will be unaffected by this virus?

#10 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 28 April 2010 - 08:33 PM

All this stuff I was to download appears to be malicious based on the redirect.. This thing is becoming more intelligent and replicating..

Today
Apr 28, 2010

ld1inkro.exe
http://www2.gmer.net/download.php
Show in folderRemove from list
Today
Apr 28, 2010

OTL (1).exe
http://oldtimer.geekstogo.com/OTL.exe
Show in folderRemove from list

OTL.exe
http://oldtimer.geekstogo.com/OTL.exe
Show in folderRemove from list

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:18 PM

Posted 29 April 2010 - 03:49 AM

Okay, a few things here.

First of all, if you are connected through a router, reset it (it should have a button for that).

Disconnect all computers you have from the internet as much as possible.

Without seeing concrete signs in any of your logs, I think its a good idea to change any sensitive data on a clean computer and contact any banks/financial institutions to change credit card/online banking data.

Please try to download Combofix on a clean computer and transfer it using a CD (preferably) or flashdrive.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 03 May 2010 - 07:17 PM

I am sorry I don't understand this thing has already taken over the Recovery Center including any Windows Recovery. I just got it back from being reinstalled to the original factory levels but the browser certainly does still have the redirect virus in it. Please help me. Again I can not do the Recovery Mode because then the virus really messes things up and I will have to take it to an expert again. They can't get it out they can only restore to factory settings. PLEASE HELP ME. Also how do I turn off the CD Emulsion stuff off agian. ??

Edited by elise025, 04 May 2010 - 03:23 AM.
Email address removed for safety reasons ~ Elise


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,112 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:01:18 PM

Posted 04 May 2010 - 03:27 AM

No need to panic here smile.gif

Combofix does not do anything with system recovery. It installs the Recovery Console if not already there. As you can see in the instructions it will not do so when you have Vista, so it doesn't apply to your situation smile.gif

Please let me know what happens if you try to download Combofix on your infected computer.

It would be handy if you could access our topic from a clean computer, download Combofix there, save it to a flash drive or CD, insert the CD/flashdrive in your infected computer, open it and doubleclick on Combofix.exe to run.

Pleas let me know if you are able to do this and if not, what the problem is.

Remember, I'm here to help you, so don't be afraid to ask when you don't understand something smile.gif

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 04 May 2010 - 05:51 PM

Thank you for the help but it does download but has security warnings all over it and the Firewall says it has a HIGH danger level when I tried to run it. I believe it is a MALWARE version. I dont have a clean computer to download it from.

Phil

Edited by elise025, 05 May 2010 - 03:32 AM.
email address removed for safety reasons ~ Elise


#15 magicjax

magicjax
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Local time:05:18 AM

Posted 04 May 2010 - 05:55 PM

See both sites are dangerous:

Opening this website may put your security at risk
Trend Micro has not yet evaluated this website

--------------------------------------------------------------------------------

The website you wanted to see might transmit malicious software to your computer, or has done that before to someone else. It may also show signs of involvement in online scams or fraud.

Because you have set your Protection Against Web Threats to "High," all websites not yet checked by Trend Micro have been blocked for your protection.


Address: http://www.forospyware.com/sUBs/ComboFix.exe
Rating: Dangerous


What you can do:
Try visiting another site to find the information you want.


Notify Trend Micro to review this page if you consider it safe.

If you still want to see this blocked page:
1.Open the Trend Micro Internet Security console.
2.Click Internet & Email Controls.
3.Click the Settings... button under Protection Against Web Threats.
4.Click the Approved websites link in the next window that opens.

5.Copy and paste the address of the blocked website into the list.







Note: If you still want to visit this site despite the risk, clickhere to open it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users