Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to complete GMER test: computer freezes mid-way through scan


  • This topic is locked This topic is locked
24 replies to this topic

#16 Ralph Lister

Ralph Lister
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 05 June 2010 - 11:20 AM

Oh boy....

Thanks for your varied input re protection software - very helpful. I have uninstalled Registry Mechanic, now gone. Thanks for that advice too. thumbup2.gif

Opened Defogger to be sure it was dis-enabled. I re-ran it to be sure.
Downloaded ComboFix from the BC site and saved it as default as ComboFix.exe (I had it saved before as RLCF.exe)
Turned off Firewall and AVG.
Disconnected from the internet.
Dragged the newly created CFScript.txt into ComboFix.exe.
ComboFix ran to its conclusion, deleting two files, it seems.

The scan text file as follows (also as attachment).

What next? Here's hoping for the best!!
R.



ComboFix 10-06-03.01 - Ralph Lister 06/05/2010 12:02:13.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2754 [GMT -4:00]
Running from: c:\documents and settings\Ralph Lister\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ralph Lister\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\windows\System32\drivers\jtmtl.sys"
"c:\windows\System32\ezsidmv.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\jtmtl.sys
c:\windows\System32\ezsidmv.dat

.
((((((((((((((((((((((((( Files Created from 2010-05-05 to 2010-06-05 )))))))))))))))))))))))))))))))
.

2010-06-02 13:33 . 2010-06-02 13:33 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-06-02 13:33 . 2010-06-02 13:33 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-05-31 00:55 . 2010-05-31 00:55 0 ----a-w- c:\windows\nsreg.dat
2010-05-31 00:55 . 2010-05-31 00:55 -------- d-----w- c:\documents and settings\Ralph Lister\Local Settings\Application Data\Mozilla
2010-05-30 18:54 . 2010-06-04 17:59 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\skypePM
2010-05-30 18:54 . 2010-06-04 20:19 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\Skype
2010-05-30 18:52 . 2010-05-30 18:52 -------- d-----w- c:\program files\Common Files\Skype
2010-05-30 18:52 . 2010-05-30 18:52 -------- d-----r- c:\program files\Skype
2010-05-30 18:52 . 2010-05-30 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-30 01:01 . 2010-06-01 12:50 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-30 01:01 . 2010-05-30 01:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-29 23:35 . 2010-05-29 23:35 -------- d-----w- c:\program files\Adobe Media Player
2010-05-29 21:47 . 2010-05-29 21:47 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-05-29 16:41 . 2010-05-29 16:41 -------- d-----w- C:\$AVG
2010-05-29 16:16 . 2010-05-29 16:16 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-29 16:12 . 2010-05-29 16:12 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\Windows Search
2010-05-29 15:58 . 2010-05-30 00:01 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-05-29 15:53 . 2010-05-29 15:53 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-05-29 15:52 . 2008-04-07 09:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-29 15:52 . 2008-04-07 09:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-05-29 04:54 . 2010-06-04 20:21 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-28 02:37 . 2010-05-28 02:37 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2010-05-26 21:06 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-05-26 21:06 . 2004-08-04 04:56 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-05-26 18:22 . 2010-06-05 15:57 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\vlc
2010-05-26 18:17 . 2010-05-26 18:17 -------- d-----w- c:\program files\VideoLAN
2010-05-26 16:07 . 2010-05-26 16:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP
2010-05-26 16:07 . 2010-05-26 16:07 68456 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-26 16:06 . 2010-05-26 16:06 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2010-05-26 16:06 . 2010-05-26 16:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-05-26 16:06 . 2010-05-26 16:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink
2010-05-26 16:06 . 2010-05-26 16:06 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-05-26 13:31 . 2010-05-26 13:31 -------- d-----w- c:\windows\system32\KB905474
2010-05-26 13:30 . 2010-05-26 13:30 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-26 13:16 . 2010-05-26 13:16 -------- d-----w- c:\program files\MSXML 4.0
2010-05-26 02:48 . 2010-05-26 02:48 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\Registry Mechanic
2010-05-25 18:16 . 2010-05-25 21:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-05-25 17:19 . 2010-05-25 17:19 -------- d-----w- c:\documents and settings\Ralph Lister\Local Settings\Application Data\Identities
2010-05-25 17:19 . 2010-05-25 17:19 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\Windows Desktop Search
2010-05-25 17:19 . 2010-05-25 17:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-05-25 17:19 . 2010-05-26 16:01 -------- d-----w- c:\program files\Windows Desktop Search
2010-05-25 17:19 . 2010-05-25 17:19 -------- d-----w- c:\windows\system32\GroupPolicy
2010-05-25 16:01 . 2010-05-29 23:37 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-25 16:00 . 2010-05-25 16:00 -------- d-----w- c:\program files\Times Reader
2010-05-25 16:00 . 2010-05-25 16:00 -------- d-----w- c:\program files\Fanbase
2010-05-25 16:00 . 2010-02-01 01:45 38784 ----a-w- c:\documents and settings\Ralph Lister\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-25 16:00 . 2010-05-25 16:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-25 15:58 . 2010-05-29 23:51 -------- d-----w- c:\documents and settings\Ralph Lister\Local Settings\Application Data\Adobe
2010-05-25 15:58 . 2010-05-25 15:58 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-05-25 15:58 . 2010-05-25 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-25 14:05 . 2009-08-06 23:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-25 14:05 . 2009-08-06 23:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-05-25 13:53 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-05-25 13:53 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-05-25 13:52 . 2010-05-26 13:27 -------- d-----w- c:\program files\Microsoft Works
2010-05-25 13:52 . 2010-05-25 13:52 -------- d-----w- c:\program files\MSBuild
2010-05-25 13:48 . 2010-05-25 13:48 -------- d-----w- c:\documents and settings\Ralph Lister\Local Settings\Application Data\Microsoft Help
2010-05-25 13:48 . 2010-05-28 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-25 07:11 . 2010-05-25 07:11 503808 ----a-w- c:\documents and settings\Ralph Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4400d59d-n\msvcp71.dll
2010-05-25 07:11 . 2010-05-25 07:11 499712 ----a-w- c:\documents and settings\Ralph Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4400d59d-n\jmc.dll
2010-05-25 07:11 . 2010-05-25 07:11 348160 ----a-w- c:\documents and settings\Ralph Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-4400d59d-n\msvcr71.dll
2010-05-25 07:11 . 2010-05-25 07:11 61440 ----a-w- c:\documents and settings\Ralph Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-56dcec6f-n\decora-sse.dll
2010-05-25 07:11 . 2010-05-25 07:11 12800 ----a-w- c:\documents and settings\Ralph Lister\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-56dcec6f-n\decora-d3d.dll
2010-05-25 07:11 . 2010-05-25 07:10 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-25 06:17 . 2010-05-25 06:17 -------- d-----w- c:\windows\Sun
2010-05-25 06:16 . 2010-05-25 07:10 -------- d-----w- c:\program files\Java
2010-05-25 06:15 . 2010-05-25 07:11 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 04:08 . 2010-05-25 13:57 -------- d-----w- c:\windows\SHELLNEW
2010-05-25 04:06 . 2010-05-25 04:06 -------- d-----w- c:\program files\Microsoft.NET
2010-05-25 04:06 . 2010-05-25 04:06 -------- d-----r- C:\MSOCache
2010-05-25 02:03 . 2003-06-18 21:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2010-05-25 02:03 . 2003-06-18 21:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2010-05-25 01:45 . 2010-05-25 01:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-25 01:40 . 2010-05-25 01:40 -------- d-----w- c:\program files\Common Files\PC Tools
2010-05-25 01:40 . 2010-05-25 01:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-25 01:40 . 2010-05-26 03:51 -------- d-----w- c:\documents and settings\Ralph Lister\Local Settings\Application Data\Google
2010-05-25 01:40 . 2010-05-25 01:40 -------- d-----w- c:\program files\Google
2010-05-25 01:39 . 2010-06-05 15:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-25 01:36 . 2010-05-25 01:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-05-25 01:36 . 2010-06-02 13:33 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-05-25 01:36 . 2010-05-25 01:36 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-05-25 01:36 . 2010-06-02 13:33 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-25 01:36 . 2010-06-05 15:04 -------- d-----w- c:\windows\system32\drivers\Avg
2010-05-25 01:34 . 2010-05-25 01:34 -------- d-----w- c:\program files\AVG
2010-05-25 01:34 . 2010-05-25 01:34 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-25 01:20 . 2010-05-27 02:59 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\Apple Computer
2010-05-25 01:20 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-05-25 01:20 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-05-25 01:19 . 2010-05-25 01:19 -------- d-----w- c:\program files\iPod
2010-05-25 01:19 . 2010-05-25 01:19 -------- d-----w- c:\program files\iTunes
2010-05-25 01:19 . 2010-05-25 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-25 01:18 . 2010-05-25 01:19 -------- d-----w- c:\program files\QuickTime
2010-05-25 01:18 . 2010-05-25 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-25 01:18 . 2010-05-25 01:18 -------- d-----w- c:\documents and settings\Ralph Lister\Local Settings\Application Data\Apple
2010-05-25 01:18 . 2010-05-25 01:18 -------- d-----w- c:\program files\Apple Software Update
2010-05-25 01:18 . 2010-04-16 12:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-05-25 01:18 . 2010-04-16 12:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-05-25 01:17 . 2010-05-25 01:17 -------- d-----w- c:\program files\Bonjour
2010-05-25 01:17 . 2010-05-26 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-25 01:17 . 2010-05-25 01:19 -------- d-----w- c:\program files\Common Files\Apple
2010-05-25 01:17 . 2010-05-25 01:20 -------- d-----w- c:\documents and settings\Ralph Lister\Local Settings\Application Data\Apple Computer
2010-05-24 22:19 . 2010-05-24 22:19 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\Malwarebytes
2010-05-24 22:19 . 2010-05-24 22:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-24 22:19 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-24 22:19 . 2010-05-24 22:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-24 22:19 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-24 22:14 . 2010-05-24 22:14 -------- d-sh--w- c:\documents and settings\Ralph Lister\IECompatCache
2010-05-24 22:12 . 2010-05-24 22:12 -------- d-sh--w- c:\documents and settings\Ralph Lister\PrivacIE
2010-05-24 22:11 . 2010-05-24 22:11 -------- d-----w- c:\documents and settings\Ralph Lister\Local Settings\Application Data\HP
2010-05-24 22:11 . 2010-06-04 20:22 -------- d-----w- c:\documents and settings\Ralph Lister\Local Settings\Application Data\ApplicationHistory
2010-05-24 22:11 . 2010-05-24 22:11 135 ----a-w- c:\documents and settings\Ralph Lister\Local Settings\Application Data\fusioncache.dat
2010-05-24 22:11 . 2010-05-24 22:11 -------- d-sh--w- c:\documents and settings\Ralph Lister\IETldCache
2010-05-24 22:05 . 2010-05-26 13:31 -------- d-----w- c:\windows\ie8updates
2010-05-24 22:05 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-24 22:04 . 2010-05-24 22:05 -------- dc-h--w- c:\windows\ie8
2010-05-24 22:00 . 2010-05-24 22:00 -------- d-----w- c:\program files\MSXML 6.0
2010-05-24 21:58 . 2010-05-24 21:58 -------- d-----w- c:\windows\ServicePackFiles
2010-05-24 21:52 . 2010-05-24 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-24 21:51 . 2010-05-24 21:51 -------- d-----w- c:\program files\Common Files\HP
2010-05-24 21:49 . 2010-05-24 21:50 -------- d-----w- c:\program files\Hewlett-Packard
2010-05-24 21:49 . 2010-05-24 21:49 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-05-24 21:48 . 2010-05-24 21:48 -------- d-----w- c:\windows\system32\URTTemp
2010-05-24 21:47 . 2004-08-04 03:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-05-24 21:47 . 2004-08-04 03:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-05-24 21:47 . 2004-08-04 02:58 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 16:02 . 2010-05-24 18:31 87263 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-26 16:34 . 2010-05-24 19:05 20377 ----a-w- c:\windows\system32\nvModes.dat
2010-05-26 16:06 . 2010-05-26 16:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Desktop Search
2010-05-26 16:06 . 2010-05-26 16:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Dell
2010-05-24 19:28 . 2010-05-24 18:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-24 19:20 . 2010-05-24 19:15 5 ----a-w- c:\windows\system32\drivers\DELL_LAT_D630.MRK
2010-05-24 19:20 . 2010-05-24 19:15 5 ----a-w- c:\windows\system32\drivers\1028_DELL_LAT_D630.MRK
2010-05-24 19:17 . 2010-05-24 19:17 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-05-24 19:17 . 2010-05-24 19:17 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-05-24 19:15 . 2010-05-24 18:47 -------- d-----w- c:\program files\Dell
2010-05-24 19:05 . 2010-05-24 19:05 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-24 19:04 . 2010-05-24 19:04 -------- d-----w- c:\program files\O2Micro OZ776 SCR Driver
2010-05-24 19:02 . 2010-05-26 16:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intel
2010-05-24 19:01 . 2010-05-24 18:52 -------- d-----w- c:\program files\Intel
2010-05-24 18:58 . 2010-05-24 18:58 -------- d-----w- c:\program files\Toshiba
2010-05-24 18:54 . 2010-05-24 18:54 -------- d-----w- c:\program files\Broadcom
2010-05-24 18:50 . 2010-05-24 18:50 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\Dell
2010-05-24 18:50 . 2010-05-24 18:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Dell
2010-05-24 18:50 . 2010-05-24 18:50 -------- d-----w- c:\documents and settings\Ralph Lister\Application Data\InstallShield
2010-05-24 18:47 . 2010-05-24 18:47 45056 ----a-r- c:\documents and settings\Ralph Lister\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2010-05-24 18:47 . 2010-05-24 18:47 10134 ----a-r- c:\documents and settings\Ralph Lister\Application Data\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe
2010-05-24 18:32 . 2010-05-24 18:32 -------- d-----w- c:\program files\microsoft frontpage
2010-05-24 18:28 . 2010-05-24 18:28 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-28 19:45 . 2010-04-28 19:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-10 06:15 . 2004-08-04 10:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-04_14.02.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-04 20:21 . 2010-06-04 20:21 16384 c:\windows\Temp\Perflib_Perfdata_754.dat
+ 2010-06-04 18:54 . 2010-06-04 18:54 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-06-04 18:53 . 2010-06-04 18:53 20242432 c:\windows\Installer\1126f07.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-25 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-07-20 1228800]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-28 8429568]
"nwiz"="nwiz.exe" [2007-04-28 1626112]
"NVHotkey"="nvHotkey.dll" [2007-04-28 67584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-28 81920]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-1-11 2150400]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-05-25 01:37 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/24/2010 9:36 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/24/2010 9:36 PM 242896]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [5/24/2010 9:36 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [5/24/2010 9:35 PM 308064]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/24/2010 9:40 PM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-05-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 01:40]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-25 01:40]

2010-06-04 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-05-26 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.earthlink.net/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\Ralph Lister\Application Data\Mozilla\Firefox\Profiles\p337ncbr.default\
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 12:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1172)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2010-06-05 12:05:35
ComboFix-quarantined-files.txt 2010-06-05 16:05
ComboFix2.txt 2010-06-04 14:03

Pre-Run: 96,989,003,776 bytes free
Post-Run: 96,960,512,000 bytes free

- - End Of File - - A3961C42B7457760A8A3CA8F3BF70E92






Attached Files



BC AdBot (Login to Remove)

 


#17 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 05 June 2010 - 12:58 PM

Hello, Ralph Lister.

Ok, you're looking clean. How is your computer running? Let's get a second opinion.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#18 Ralph Lister

Ralph Lister
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 06 June 2010 - 04:41 PM

Good stuff.

Downloaded ESET - I was running Firefox, so it downloaded the manager (I think) too, and then the scan software.

In any event, ESET ran a full scan (including archives) - I left the house for the afternoon, and when I came back, it had found 6 threats, which it stated it had quarantined and/or deleted.

There was however NO means for me to save the file (though I looked) - no List of Found Threats button, nor an Export to Text File option, which was also strange. Once it had deleted the files, it then offered me the opportunity to buy their software, or try it for 30 days, but there was no more than that. No other way of analysing the files it had deleted, or saving a report file for you.

In any event, I then re-ran the ESET scan (now for a second time and, again, including the archives and my external E:\ drive as well, for good measure), and upon completion it stated, this time, it had found no threats at all, zero.

I was wondering why it had found so much on its first pass, given all that we had done? Any thoughts? Were there other bugs in my system which were less potent than the ones ComboFix had addressed, or perhaps there were new ones, which had either come down more recently, or had been back-doored in? I have no idea.

Either way, the second ESET scan found nothing. I can run it again, or do anything else you recommend, if you think that would be a smart thing to do?

Again, much appreciation for all your input and help, etavares, particularly for your time. thumbup2.gif

Cheers - Ralph



#19 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 06 June 2010 - 06:58 PM

Hello, Ralph Lister.

It's hard to say without seeing the log. In most, if not all, cases it finds files we already quarantined or in system restore which we'll take care of later. In some cases, it finds infected files that aren't active. That's why we always take a second look with another tool.

At this point, can you please post one final OTL log for me to take a look? I think our work is done and we can clean up once I see the final log. Any issues remaining on your end?



etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#20 Ralph Lister

Ralph Lister
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 06 June 2010 - 11:14 PM

Hi there again.

So.. I ran the OTL scan twice. First, a scan which included the parameters you asked for in your June 2 posting when we first ran an OTL test (your instruction was "Under the Custom Scan box paste this in:

netsvcs
msconfig...
[and ending in]
CREATE RESTORE POINT"

and then a second OTL scan without pasting anything in under the Custom Scans/Fixes box. NOTE: no Extras.txt files were created either time I ran the OTL test.

Here they both are then, beginning with the OTL test WITH the parameters, and then beneath the OTL test WITHOUT the parameters. Hope this is clear.

Otherwise I am experiencing no changes to the functionality of the computer i.e. everything now SEEMS normal at least.


OTL test WITH the parameters

OTL logfile created on: 6/6/2010 11:53:05 PM - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Ralph Lister\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 90.52 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RALPH-F47DF237B
Current User Name: Ralph Lister
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/02 20:10:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph Lister\Desktop\OTL.exe
PRC - [2010/06/02 09:33:51 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 09:33:50 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 09:33:50 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 09:33:25 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 09:33:24 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/24 21:40:20 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/05/24 21:36:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/05/24 21:35:57 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/02/26 10:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/20 16:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/01/11 20:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/12/18 15:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/12/15 11:41:30 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/02/06 23:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/01/23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 20:10:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph Lister\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2009/03/06 04:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 15:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/29 19:29:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/24 21:36:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/05/24 21:35:57 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/06/02 09:33:50 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:33:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/24 21:36:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/02 17:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 17:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 17:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/28 19:05:00 | 006,727,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/04/23 16:39:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/10 20:29:42 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/03/26 10:19:00 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/16 10:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/10/05 16:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
IE - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/30 20:55:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/30 20:55:24 | 000,000,000 | ---D | M]

[2010/05/30 20:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\Mozilla\Extensions
[2010/05/30 20:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\Mozilla\Firefox\Profiles\p337ncbr.default\extensions
[2010/05/30 20:55:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/05 12:04:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1274736079828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/24 14:31:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/05/24 10:12:33 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {262A204F-660F-A43B-E99D-91F39AB63332} - Microsoft Windows Media Player
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5D925B2B-6124-4684-3E3D-FCC86E335120} - Java (Sun)
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54338281256517632)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/06 23:48:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/06 13:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Desktop\Lisa & Ralph, Festival of the Arts, June 5, 2010
[2010/06/05 14:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/04 09:49:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/04 09:44:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/04 09:44:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/04 09:44:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/04 09:44:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/04 09:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/03 23:39:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/02 20:10:30 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ralph Lister\Desktop\OTL.exe
[2010/05/30 22:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\Downloads
[2010/05/30 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Mozilla
[2010/05/30 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Mozilla
[2010/05/30 20:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/30 17:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Desktop\gmer
[2010/05/30 14:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\skypePM
[2010/05/30 14:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Skype
[2010/05/30 14:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/30 14:52:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/05/30 14:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/05/29 21:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/29 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/29 21:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/29 21:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/29 19:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/05/29 17:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/29 13:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\WinRAR
[2010/05/29 13:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/29 12:41:59 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/05/29 12:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/29 12:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/29 12:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Windows Search
[2010/05/29 11:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/05/29 11:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/05/29 00:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/27 22:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/05/26 14:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\vlc
[2010/05/26 14:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/05/26 12:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/05/26 09:31:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/05/26 09:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/05/26 09:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/25 23:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Desktop\Music ripped while away from GRAND RAPIDS
[2010/05/25 22:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\GRAND RAPIDS
[2010/05/25 22:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Registry Mechanic
[2010/05/25 19:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Desktop\Commercial Millions Funding course
[2010/05/25 14:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/05/25 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Identities
[2010/05/25 13:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Windows Desktop Search
[2010/05/25 13:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/05/25 13:19:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/05/25 12:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/25 12:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Times Reader
[2010/05/25 12:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/25 12:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Fanbase
[2010/05/25 12:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/25 12:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/25 11:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Adobe
[2010/05/25 11:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/25 09:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/25 09:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/05/25 09:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/25 09:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Microsoft Help
[2010/05/25 09:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/05/25 03:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/25 02:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/05/25 02:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Sun
[2010/05/25 02:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/25 02:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/25 00:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/25 00:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/25 00:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/25 00:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/25 00:06:08 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/05/24 22:53:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/05/24 21:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Macromedia
[2010/05/24 21:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Adobe
[2010/05/24 21:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/24 21:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Google
[2010/05/24 21:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/24 21:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/24 21:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Google
[2010/05/24 21:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/24 21:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/24 21:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/24 21:36:58 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/24 21:36:56 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/24 21:36:52 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/24 21:36:50 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/24 21:36:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/24 21:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/24 21:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/24 21:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Apple Computer
[2010/05/24 21:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/24 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/24 21:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/24 21:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/24 21:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/24 21:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Apple
[2010/05/24 21:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/24 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/24 21:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/24 21:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/24 21:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Apple Computer
[2010/05/24 18:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Malwarebytes
[2010/05/24 18:19:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/24 18:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/24 18:19:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/24 18:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/24 18:14:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph Lister\IECompatCache
[2010/05/24 18:12:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph Lister\PrivacIE
[2010/05/24 18:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\HP
[2010/05/24 18:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\ApplicationHistory
[2010/05/24 18:11:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph Lister\IETldCache
[2010/05/24 18:05:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/24 18:05:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/05/24 18:04:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/24 18:04:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/05/24 18:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/05/24 17:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/05/24 17:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/05/24 17:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/05/24 17:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/05/24 17:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/05/24 17:48:24 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/05/24 17:48:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/05/24 17:48:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/05/24 17:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/05/24 17:46:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/24 17:28:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/05/24 17:28:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/05/24 17:20:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/05/24 17:20:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph Lister\UserData
[2010/05/24 17:19:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/05/24 15:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\Bluetooth
[2010/05/24 15:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\CyberLink
[2010/05/24 15:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Toshiba
[2010/05/24 15:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\PowerDVD DX
[2010/05/24 15:28:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\My Videos
[2010/05/24 15:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/05/24 15:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2010/05/24 15:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/05/24 15:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool
[2010/05/24 15:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2010/05/24 15:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/05/24 15:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/05/24 15:04:09 | 000,062,208 | ---- | C] (O2Micro) -- C:\WINDOWS\System32\drivers\oz776.sys
[2010/05/24 15:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\O2Micro OZ776 SCR Driver
[2010/05/24 15:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Intel
[2010/05/24 15:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/05/24 15:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/05/24 15:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/05/24 14:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Toshiba
[2010/05/24 14:56:01 | 000,031,744 | ---- | C] (CSR, plc) -- C:\WINDOWS\System32\drivers\csrbcxp.sys
[2010/05/24 14:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/05/24 14:52:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/05/24 14:52:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/05/24 14:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/24 14:51:38 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/24 14:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Dell
[2010/05/24 14:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2010/05/24 14:50:40 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/24 14:50:06 | 000,016,128 | ---- | C] (Dell Inc) -- C:\WINDOWS\System32\drivers\APPDRV.SYS
[2010/05/24 14:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\InstallShield
[2010/05/24 14:47:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2010/05/24 14:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/05/24 14:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Identities
[2010/05/24 14:41:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/05/24 14:41:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\My Pictures
[2010/05/24 14:41:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\My Music
[2010/05/24 14:41:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Microsoft
[2010/05/24 14:41:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ralph Lister\SendTo
[2010/05/24 14:41:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ralph Lister\Recent
[2010/05/24 14:41:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ralph Lister\Application Data
[2010/05/24 14:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\Start Menu
[2010/05/24 14:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\My Documents
[2010/05/24 14:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\Favorites
[2010/05/24 14:41:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph Lister\Cookies
[2010/05/24 14:41:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ralph Lister\Templates
[2010/05/24 14:41:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ralph Lister\PrintHood
[2010/05/24 14:41:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ralph Lister\NetHood
[2010/05/24 14:41:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings
[2010/05/24 14:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Microsoft
[2010/05/24 14:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Desktop
[2010/05/24 14:37:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/05/24 14:37:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/24 14:37:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/05/24 14:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/05/24 14:37:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/05/24 14:37:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/05/24 14:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/05/24 14:35:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/05/24 14:35:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/05/24 14:35:02 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/05/24 14:33:04 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/05/24 14:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/05/24 14:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/05/24 14:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/05/24 14:32:12 | 000,000,000 | ---D | C] -- C:\DELL
[2010/05/24 14:32:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/05/24 14:30:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/05/24 14:30:51 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/05/24 14:30:51 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/05/24 14:30:43 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/05/24 14:30:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/05/24 14:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/05/24 14:29:51 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/05/24 14:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/05/24 14:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/05/24 14:29:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/05/24 14:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/05/24 14:29:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/05/24 14:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/05/24 14:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/05/24 14:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/05/24 14:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/05/24 14:29:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/05/24 14:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/05/24 14:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/05/24 14:28:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/05/24 14:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/05/24 14:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/05/24 14:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/05/24 14:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/05/24 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/05/24 14:27:35 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/05/24 14:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/05/24 14:27:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/05/24 14:27:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/05/24 14:27:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/05/24 10:20:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/05/24 10:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/05/24 10:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/05/24 10:20:15 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/05/24 10:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/05/24 10:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/05/24 10:19:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/05/24 10:19:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/05/24 10:19:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/05/24 10:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/05/24 10:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/05/24 10:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/05/24 10:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/05/24 10:19:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/24 10:19:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/05/24 10:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/05/24 10:18:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/24 10:11:11 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/05/24 10:11:11 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/05/24 10:11:11 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/05/24 10:11:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/06 23:45:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/06 23:37:11 | 000,020,377 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/06/06 19:49:25 | 002,097,152 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\NTUSER.DAT
[2010/06/06 18:16:16 | 060,767,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/05 14:16:57 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\esetsmartinstaller_enu.exe
[2010/06/05 13:42:46 | 000,744,384 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\12th Annual Waterfront Film Festival flyer.pdf
[2010/06/05 12:05:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/05 12:04:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/05 12:04:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/05 01:05:51 | 001,814,528 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\s-1-5-21-1614895754-1229272821-725345543-1003.rrr
[2010/06/04 21:45:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/04 16:21:38 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/06/04 16:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/04 16:20:27 | 005,368,584 | -H-- | M] () -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\IconCache.db
[2010/06/04 09:50:00 | 000,000,409 | RHS- | M] () -- C:\boot.ini
[2010/06/04 09:31:38 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\RLCF.exe
[2010/06/04 00:08:01 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\ComboFix.exe
[2010/06/02 20:10:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph Lister\Desktop\OTL.exe
[2010/06/02 09:33:50 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 09:33:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 08:50:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/30 20:55:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/30 17:38:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\gmer.zip
[2010/05/30 17:33:09 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\dds.scr
[2010/05/30 17:31:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\defogger_reenable
[2010/05/30 17:30:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\Defogger.exe
[2010/05/29 22:00:06 | 002,140,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/29 20:43:36 | 000,010,338 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\Photoshop - instructions for adjusting the System 32 drivers to allow it to run.docx
[2010/05/29 19:50:48 | 000,070,016 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/29 17:47:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/29 12:03:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/28 14:06:23 | 000,018,810 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\AGREEMENT_Jake Baumgartner May 28, 2010.docx
[2010/05/27 22:46:33 | 000,020,098 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\AGREEMENT_Jake Baumgartner May 2010.docx
[2010/05/27 22:20:42 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Ralph Lister\ntuser.dat.rmbak
[2010/05/26 12:34:12 | 000,020,377 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/26 12:06:20 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010/05/26 11:59:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/26 09:35:22 | 000,472,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/26 09:35:22 | 000,404,866 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/26 09:35:22 | 000,061,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/26 09:26:11 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/25 13:19:13 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/25 12:00:45 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Times Reader.lnk
[2010/05/25 12:00:32 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fanbase.lnk
[2010/05/25 00:11:40 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/24 21:37:00 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/24 21:36:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/24 21:36:50 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/24 18:11:50 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\fusioncache.dat
[2010/05/24 17:54:41 | 000,068,938 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
[2010/05/24 17:51:54 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2010/05/24 17:50:13 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/24 16:05:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\tosOBEX.INI
[2010/05/24 15:20:34 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D630.MRK
[2010/05/24 15:20:34 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_LAT_D630.MRK
[2010/05/24 15:17:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/05/24 15:17:29 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/05/24 15:02:35 | 000,356,352 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/05/24 15:02:35 | 000,010,640 | ---- | M] () -- C:\WINDOWS\AegisP.cat
[2010/05/24 14:41:05 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\Ralph Lister\ntuser.ini
[2010/05/24 14:37:37 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/24 14:36:06 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/24 14:31:45 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/24 14:31:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/24 14:31:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/24 14:31:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/05/24 14:31:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/24 14:31:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/24 14:31:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/24 14:31:42 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/24 14:31:42 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/24 14:31:33 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/24 14:30:51 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/24 14:30:51 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/24 14:28:49 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/24 14:28:37 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/24 14:28:37 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/05/24 14:25:37 | 000,000,339 | ---- | M] () -- C:\Boot.bak
[2010/05/21 12:54:05 | 000,882,722 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\GoDaddy small business website tonight guide.pdf
[2010/05/21 12:52:54 | 000,737,605 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\GoDaddy website tonight guide.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/12 18:38:20 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\Shortcut to Internet Options.lnk
[2010/03/29 09:06:12 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\Michigan Radio.pls
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/05 14:16:40 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\esetsmartinstaller_enu.exe
[2010/06/05 13:42:46 | 000,744,384 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\12th Annual Waterfront Film Festival flyer.pdf
[2010/06/05 01:05:50 | 001,814,528 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\s-1-5-21-1614895754-1229272821-725345543-1003.rrr
[2010/06/04 22:10:33 | 000,627,200 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\keyfinder.exe
[2010/06/04 09:50:00 | 000,000,339 | ---- | C] () -- C:\Boot.bak
[2010/06/04 09:49:56 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/04 09:44:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/04 09:44:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/04 09:44:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/04 09:44:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/04 09:44:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/04 09:31:28 | 003,702,826 | R--- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\RLCF.exe
[2010/06/04 00:08:01 | 003,702,826 | R--- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\ComboFix.exe
[2010/05/30 20:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/30 17:38:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\gmer.zip
[2010/05/30 17:33:09 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\dds.scr
[2010/05/30 17:31:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\defogger_reenable
[2010/05/30 17:30:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\Defogger.exe
[2010/05/29 21:01:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/29 20:43:35 | 000,010,338 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\Photoshop - instructions for adjusting the System 32 drivers to allow it to run.docx
[2010/05/28 12:31:54 | 000,018,810 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\AGREEMENT_Jake Baumgartner May 28, 2010.docx
[2010/05/27 22:20:22 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Ralph Lister\S-1-5-21-1614895754-1229272821-725345543-1003.rrr.LOG
[2010/05/26 09:31:08 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/05/26 00:01:54 | 000,882,722 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\GoDaddy small business website tonight guide.pdf
[2010/05/26 00:01:54 | 000,737,605 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\GoDaddy website tonight guide.pdf
[2010/05/25 19:28:48 | 000,020,098 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\AGREEMENT_Jake Baumgartner May 2010.docx
[2010/05/25 19:28:31 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\Michigan Radio.pls
[2010/05/25 19:28:17 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\Shortcut to Internet Options.lnk
[2010/05/25 13:19:13 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/25 12:00:45 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Times Reader.lnk
[2010/05/25 12:00:32 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fanbase.lnk
[2010/05/24 22:04:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/24 21:40:28 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/24 21:40:27 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/24 21:36:50 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/24 21:36:49 | 060,767,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/24 21:18:44 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/24 18:11:50 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\fusioncache.dat
[2010/05/24 17:51:54 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2010/05/24 17:50:13 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/24 17:45:57 | 000,068,938 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/05/24 17:45:57 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/05/24 17:45:57 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/05/24 16:05:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010/05/24 15:17:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/05/24 15:17:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/05/24 15:15:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D630.MRK
[2010/05/24 15:15:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_LAT_D630.MRK
[2010/05/24 15:15:10 | 000,000,666 | ---- | C] () -- C:\WINDOWS\speed.reg
[2010/05/24 15:10:03 | 000,143,891 | ---- | C] () -- C:\WINDOWS\System32\drivers\del1028.cty
[2010/05/24 15:05:49 | 000,020,377 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/24 15:05:49 | 000,020,377 | ---- | C] () -- C:\WINDOWS\System32\nvModes.001
[2010/05/24 15:05:37 | 000,111,544 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/24 15:05:36 | 000,017,177 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/05/24 15:05:13 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/05/24 15:05:11 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/05/24 15:05:11 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/05/24 15:05:08 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2010/05/24 15:05:08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/05/24 15:05:08 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/05/24 15:05:05 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/05/24 15:05:03 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/05/24 15:04:55 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/05/24 15:04:52 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/05/24 15:02:35 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/05/24 15:02:35 | 000,010,640 | ---- | C] () -- C:\WINDOWS\AegisP.cat
[2010/05/24 15:00:00 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010/05/24 14:41:05 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Ralph Lister\ntuser.dat.LOG
[2010/05/24 14:41:05 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Ralph Lister\ntuser.ini
[2010/05/24 14:41:04 | 002,097,152 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\NTUSER.DAT
[2010/05/24 14:41:04 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Ralph Lister\ntuser.dat.rmbak
[2010/05/24 14:37:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/24 14:35:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/24 14:35:44 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/05/24 14:34:58 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/05/24 14:34:58 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/05/24 14:34:56 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/05/24 14:34:38 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/05/24 14:34:36 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/05/24 14:34:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/05/24 14:34:20 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/05/24 14:34:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/05/24 14:33:46 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/05/24 14:33:31 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/05/24 14:33:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/05/24 14:33:07 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/05/24 14:33:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/05/24 14:33:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/05/24 14:33:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/05/24 14:33:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/05/24 14:33:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/05/24 14:33:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/05/24 14:33:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/05/24 14:33:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/05/24 14:33:02 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/05/24 14:33:02 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/05/24 14:33:02 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/05/24 14:33:00 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/05/24 14:33:00 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/05/24 14:33:00 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/05/24 14:33:00 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/05/24 14:33:00 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/05/24 14:33:00 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/05/24 14:33:00 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/05/24 14:33:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/05/24 14:32:59 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/05/24 14:32:58 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/05/24 14:32:58 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/05/24 14:32:58 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/05/24 14:32:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/05/24 14:32:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/05/24 14:32:57 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/05/24 14:32:57 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/05/24 14:31:45 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/24 14:31:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/24 14:31:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/05/24 14:31:45 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/05/24 14:31:45 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/05/24 14:31:42 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/24 14:31:42 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/24 14:31:41 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/24 14:30:51 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/24 14:30:51 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/24 14:30:32 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/05/24 14:30:02 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/05/24 14:30:02 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/05/24 14:29:56 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/05/24 14:29:42 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/05/24 14:29:29 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/05/24 14:28:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/24 14:28:02 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/05/24 14:28:02 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/05/24 14:28:02 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/05/24 14:28:02 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/05/24 14:28:02 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/05/24 14:28:02 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/05/24 14:28:02 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/05/24 14:28:01 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/05/24 14:28:01 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/05/24 14:28:01 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/05/24 14:28:01 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/05/24 14:28:01 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/05/24 14:28:01 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/05/24 14:28:01 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/05/24 14:28:01 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/05/24 14:28:01 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/05/24 14:28:00 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/05/24 14:28:00 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/05/24 14:28:00 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/05/24 14:27:58 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/05/24 14:27:58 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/05/24 14:27:57 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/05/24 14:27:51 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/05/24 10:20:22 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/24 10:20:17 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/05/24 10:20:17 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/05/24 10:20:17 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/05/24 10:20:16 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/05/24 10:20:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/05/24 10:20:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/05/24 10:20:13 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/05/24 10:20:13 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/05/24 10:20:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/05/24 10:20:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/05/24 10:20:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/05/24 10:20:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/05/24 10:20:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/05/24 10:20:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/05/24 10:20:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/05/24 10:20:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/05/24 10:20:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/05/24 10:20:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/05/24 10:20:09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/05/24 10:20:09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/05/24 10:20:09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/05/24 10:20:09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/05/24 10:20:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/05/24 10:20:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/05/24 10:20:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/05/24 10:20:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/05/24 10:20:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/05/24 10:20:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/05/24 10:20:05 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/05/24 10:20:05 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/05/24 10:20:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/05/24 10:20:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/05/24 10:20:01 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/24 10:19:51 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/05/24 10:19:51 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/05/24 10:19:51 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/05/24 10:19:51 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/05/24 10:19:51 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/05/24 10:19:51 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/05/24 10:19:51 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/05/24 10:19:51 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/05/24 10:19:51 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/05/24 10:19:51 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/05/24 10:19:51 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/05/24 10:19:51 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/05/24 10:19:51 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/05/24 10:19:51 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/05/24 10:19:51 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/05/24 10:19:51 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/05/24 10:19:51 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/05/24 10:19:50 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/05/24 10:19:50 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/05/24 10:18:38 | 002,140,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/24 10:17:50 | 000,000,409 | RHS- | C] () -- C:\boot.ini
[2010/05/24 10:17:47 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2010/05/26 12:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/05/24 21:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/05 11:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/24 21:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/27 22:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/05/25 22:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\Registry Mechanic
[2010/05/25 13:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\Windows Desktop Search
[2010/05/29 12:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\Windows Search
[2010/06/04 16:21:38 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 06:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/07/12 17:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\dell\iastor\iastor.sys
[2007/02/12 13:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\DELL\drivers\R154200\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467$\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/10/18 18:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/10/18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


OTL test WITHOUT the parameters

OTL logfile created on: 6/6/2010 11:50:58 PM - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Ralph Lister\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 90.52 Gb Free Space | 60.73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RALPH-F47DF237B
Current User Name: Ralph Lister
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/02 20:10:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph Lister\Desktop\OTL.exe
PRC - [2010/06/02 09:33:51 | 002,065,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/02 09:33:50 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/02 09:33:50 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/02 09:33:25 | 000,722,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/02 09:33:24 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/05/24 21:40:20 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/05/24 21:36:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/05/24 21:35:57 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008/06/11 22:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/05/26 22:19:14 | 000,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2008/02/26 10:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 16:32:50 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/07/25 16:30:36 | 000,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/07/25 16:26:14 | 000,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/20 16:55:46 | 001,228,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2007/07/02 13:29:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/06 16:44:44 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/05/22 14:18:56 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 10:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2007/01/11 20:43:46 | 002,150,400 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2006/12/18 15:22:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2006/12/15 11:41:30 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2006/09/08 15:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2006/02/06 23:00:20 | 000,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
PRC - [2006/01/23 23:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (SafeList) ==========

MOD - [2010/06/02 20:10:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph Lister\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/11 19:41:02 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
MOD - [2009/05/24 22:41:34 | 000,304,128 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll
MOD - [2009/03/06 04:33:26 | 000,961,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll
MOD - [2009/02/12 15:19:38 | 000,178,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
MOD - [2009/02/12 15:19:32 | 002,217,848 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
MOD - [2008/10/25 11:44:34 | 000,022,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveNew.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 06:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2004/08/04 06:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/29 19:29:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/05/24 21:36:01 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/05/24 21:35:57 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/25 16:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2007/07/25 16:32:34 | 000,294,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel®
SRV - [2007/07/25 16:29:38 | 000,987,136 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2007/07/25 16:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2007/07/20 16:53:52 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
SRV - [2007/05/10 10:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2010/06/02 09:33:50 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/02 09:33:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/24 21:36:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2008/08/14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\adfs.sys -- (adfs)
DRV - [2007/08/08 08:17:54 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/08/02 17:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007/08/02 17:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007/08/02 17:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007/06/25 18:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/05/29 15:29:30 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/28 19:05:00 | 006,727,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2007/04/23 16:39:00 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/10 20:29:42 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007/03/26 10:19:00 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/02/16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/01/16 10:22:00 | 000,031,744 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\csrbcxp.sys -- (CSRBC)
DRV - [2006/11/20 17:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 19:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/10/05 16:07:46 | 000,073,600 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/08/01 16:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/01/06 13:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/08/12 17:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.earthlink.net/
IE - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/30 20:55:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/30 20:55:24 | 000,000,000 | ---D | M]

[2010/05/30 20:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\Mozilla\Extensions
[2010/05/30 20:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\Mozilla\Firefox\Profiles\p337ncbr.default\extensions
[2010/05/30 20:55:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/05 12:04:12 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-1229272821-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1274736079828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_19)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/24 14:31:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/06 23:48:45 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/06/06 13:27:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Desktop\Lisa & Ralph, Festival of the Arts, June 5, 2010
[2010/06/05 14:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/06/04 09:49:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/06/04 09:44:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/06/04 09:44:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/06/04 09:44:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/06/04 09:44:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/06/04 09:44:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/03 23:39:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/02 20:10:30 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ralph Lister\Desktop\OTL.exe
[2010/05/30 22:16:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\Downloads
[2010/05/30 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Mozilla
[2010/05/30 20:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Mozilla
[2010/05/30 20:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/30 17:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Desktop\gmer
[2010/05/30 14:54:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\skypePM
[2010/05/30 14:54:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Skype
[2010/05/30 14:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/05/30 14:52:29 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/05/30 14:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/05/29 21:56:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/05/29 21:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/05/29 21:01:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/29 21:01:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/29 19:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/05/29 17:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2010/05/29 13:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\WinRAR
[2010/05/29 13:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/05/29 12:41:59 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/05/29 12:16:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/29 12:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/29 12:12:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Windows Search
[2010/05/29 11:58:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2010/05/29 11:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/05/29 00:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/05/27 22:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/05/26 14:22:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\vlc
[2010/05/26 14:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/05/26 12:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/05/26 09:31:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2010/05/26 09:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/05/26 09:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/05/25 23:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Desktop\Music ripped while away from GRAND RAPIDS
[2010/05/25 22:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\GRAND RAPIDS
[2010/05/25 22:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Registry Mechanic
[2010/05/25 19:27:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Desktop\Commercial Millions Funding course
[2010/05/25 14:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/05/25 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Identities
[2010/05/25 13:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Windows Desktop Search
[2010/05/25 13:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2010/05/25 13:19:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/05/25 12:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/25 12:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Times Reader
[2010/05/25 12:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/05/25 12:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Fanbase
[2010/05/25 12:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/05/25 12:00:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/25 11:58:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Adobe
[2010/05/25 11:58:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/05/25 09:52:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/05/25 09:52:27 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/05/25 09:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/05/25 09:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Microsoft Help
[2010/05/25 09:48:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/05/25 03:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/25 02:17:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/05/25 02:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Sun
[2010/05/25 02:16:12 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/25 02:15:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/25 00:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/05/25 00:08:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/05/25 00:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/05/25 00:06:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/05/25 00:06:08 | 000,000,000 | R--D | C] -- C:\MSOCache
[2010/05/24 22:53:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/05/24 21:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Macromedia
[2010/05/24 21:45:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Adobe
[2010/05/24 21:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/05/24 21:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Google
[2010/05/24 21:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/24 21:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/05/24 21:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Google
[2010/05/24 21:40:01 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/05/24 21:40:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/05/24 21:39:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/24 21:36:58 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/24 21:36:56 | 000,242,896 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/05/24 21:36:52 | 000,216,200 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/24 21:36:50 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/05/24 21:36:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/05/24 21:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/05/24 21:34:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/05/24 21:20:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Apple Computer
[2010/05/24 21:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/24 21:19:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/05/24 21:19:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/24 21:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/24 21:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/05/24 21:18:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Apple
[2010/05/24 21:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/05/24 21:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/05/24 21:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/05/24 21:17:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/05/24 21:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Apple Computer
[2010/05/24 18:19:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Malwarebytes
[2010/05/24 18:19:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/24 18:19:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/05/24 18:19:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/24 18:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/05/24 18:14:13 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph Lister\IECompatCache
[2010/05/24 18:12:33 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph Lister\PrivacIE
[2010/05/24 18:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\HP
[2010/05/24 18:11:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\ApplicationHistory
[2010/05/24 18:11:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph Lister\IETldCache
[2010/05/24 18:05:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/05/24 18:05:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/05/24 18:04:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/05/24 18:04:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/05/24 18:00:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/05/24 17:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/05/24 17:52:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/05/24 17:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/05/24 17:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/05/24 17:49:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/05/24 17:48:24 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/05/24 17:48:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/05/24 17:48:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/05/24 17:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/05/24 17:46:24 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/05/24 17:28:28 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/05/24 17:28:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/05/24 17:20:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/05/24 17:20:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph Lister\UserData
[2010/05/24 17:19:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/05/24 15:34:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\Bluetooth
[2010/05/24 15:34:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\CyberLink
[2010/05/24 15:34:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Toshiba
[2010/05/24 15:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\PowerDVD DX
[2010/05/24 15:28:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\My Videos
[2010/05/24 15:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/05/24 15:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\DellTPad
[2010/05/24 15:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/05/24 15:09:46 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool
[2010/05/24 15:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2010/05/24 15:05:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/05/24 15:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/05/24 15:04:09 | 000,062,208 | ---- | C] (O2Micro) -- C:\WINDOWS\System32\drivers\oz776.sys
[2010/05/24 15:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\O2Micro OZ776 SCR Driver
[2010/05/24 15:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Intel
[2010/05/24 15:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Intel
[2010/05/24 15:02:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Intel
[2010/05/24 15:02:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intel
[2010/05/24 14:58:37 | 000,000,000 | ---D | C] -- C:\Program Files\Toshiba
[2010/05/24 14:56:01 | 000,031,744 | ---- | C] (CSR, plc) -- C:\WINDOWS\System32\drivers\csrbcxp.sys
[2010/05/24 14:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/05/24 14:52:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/05/24 14:52:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/05/24 14:52:17 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/05/24 14:51:38 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/24 14:50:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Dell
[2010/05/24 14:50:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Dell
[2010/05/24 14:50:40 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/05/24 14:50:06 | 000,016,128 | ---- | C] (Dell Inc) -- C:\WINDOWS\System32\drivers\APPDRV.SYS
[2010/05/24 14:50:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\InstallShield
[2010/05/24 14:47:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2010/05/24 14:47:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2010/05/24 14:41:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Identities
[2010/05/24 14:41:11 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/05/24 14:41:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\My Pictures
[2010/05/24 14:41:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\My Documents\My Music
[2010/05/24 14:41:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Ralph Lister\Application Data\Microsoft
[2010/05/24 14:41:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ralph Lister\SendTo
[2010/05/24 14:41:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ralph Lister\Recent
[2010/05/24 14:41:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ralph Lister\Application Data
[2010/05/24 14:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\Start Menu
[2010/05/24 14:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\My Documents
[2010/05/24 14:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ralph Lister\Favorites
[2010/05/24 14:41:04 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Ralph Lister\Cookies
[2010/05/24 14:41:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ralph Lister\Templates
[2010/05/24 14:41:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ralph Lister\PrintHood
[2010/05/24 14:41:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ralph Lister\NetHood
[2010/05/24 14:41:04 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings
[2010/05/24 14:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\Microsoft
[2010/05/24 14:41:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ralph Lister\Desktop
[2010/05/24 14:37:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/05/24 14:37:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/24 14:37:57 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/05/24 14:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/05/24 14:37:56 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/05/24 14:37:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/05/24 14:37:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/05/24 14:35:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/05/24 14:35:02 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/05/24 14:35:02 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/05/24 14:33:04 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/05/24 14:32:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/05/24 14:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/05/24 14:32:25 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/05/24 14:32:12 | 000,000,000 | ---D | C] -- C:\DELL
[2010/05/24 14:32:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/05/24 14:30:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/05/24 14:30:51 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/05/24 14:30:51 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/05/24 14:30:43 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/05/24 14:30:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/05/24 14:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/05/24 14:29:51 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/05/24 14:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/05/24 14:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/05/24 14:29:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/05/24 14:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/05/24 14:29:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/05/24 14:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/05/24 14:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/05/24 14:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/05/24 14:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/05/24 14:29:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/05/24 14:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/05/24 14:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/05/24 14:28:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/05/24 14:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/05/24 14:28:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/05/24 14:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/05/24 14:28:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/05/24 14:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/05/24 14:27:35 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/05/24 14:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/05/24 14:27:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/05/24 14:27:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/05/24 14:27:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/05/24 10:20:20 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/05/24 10:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/05/24 10:20:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/05/24 10:20:15 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/05/24 10:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/05/24 10:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/05/24 10:19:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/05/24 10:19:52 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/05/24 10:19:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/05/24 10:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/05/24 10:19:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/05/24 10:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/05/24 10:19:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/05/24 10:19:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/05/24 10:19:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/05/24 10:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/05/24 10:18:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/05/24 10:11:11 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/05/24 10:11:11 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/05/24 10:11:11 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/05/24 10:11:11 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/05/24 10:11:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/06 23:45:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/06 23:37:11 | 000,020,377 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/06/06 19:49:25 | 002,097,152 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\NTUSER.DAT
[2010/06/06 18:16:16 | 060,767,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/06/05 14:16:57 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\esetsmartinstaller_enu.exe
[2010/06/05 13:42:46 | 000,744,384 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\12th Annual Waterfront Film Festival flyer.pdf
[2010/06/05 12:05:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/05 12:04:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/05 12:04:12 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/05 01:05:51 | 001,814,528 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\s-1-5-21-1614895754-1229272821-725345543-1003.rrr
[2010/06/04 21:45:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/04 16:21:38 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/06/04 16:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/04 16:20:27 | 005,368,584 | -H-- | M] () -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\IconCache.db
[2010/06/04 09:50:00 | 000,000,409 | RHS- | M] () -- C:\boot.ini
[2010/06/04 09:31:38 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\RLCF.exe
[2010/06/04 00:08:01 | 003,702,826 | R--- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\ComboFix.exe
[2010/06/02 20:10:30 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ralph Lister\Desktop\OTL.exe
[2010/06/02 09:33:50 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/06/02 09:33:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/06/01 08:50:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/30 20:55:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/05/30 17:38:27 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\gmer.zip
[2010/05/30 17:33:09 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\dds.scr
[2010/05/30 17:31:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\defogger_reenable
[2010/05/30 17:30:22 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\Defogger.exe
[2010/05/29 22:00:06 | 002,140,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/29 20:43:36 | 000,010,338 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\Photoshop - instructions for adjusting the System 32 drivers to allow it to run.docx
[2010/05/29 19:50:48 | 000,070,016 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/29 17:47:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/29 12:03:56 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/28 14:06:23 | 000,018,810 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\AGREEMENT_Jake Baumgartner May 28, 2010.docx
[2010/05/27 22:46:33 | 000,020,098 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\AGREEMENT_Jake Baumgartner May 2010.docx
[2010/05/27 22:20:42 | 001,835,008 | -H-- | M] () -- C:\Documents and Settings\Ralph Lister\ntuser.dat.rmbak
[2010/05/26 12:34:12 | 000,020,377 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/26 12:06:20 | 000,000,715 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010/05/26 11:59:55 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/26 09:35:22 | 000,472,778 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/26 09:35:22 | 000,404,866 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/26 09:35:22 | 000,061,064 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/26 09:26:11 | 000,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/25 13:19:13 | 000,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/25 12:00:45 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Times Reader.lnk
[2010/05/25 12:00:32 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Fanbase.lnk
[2010/05/25 00:11:40 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/24 21:37:00 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/05/24 21:36:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/05/24 21:36:50 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/24 18:11:50 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\fusioncache.dat
[2010/05/24 17:54:41 | 000,068,938 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
[2010/05/24 17:51:54 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2010/05/24 17:50:13 | 000,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/24 16:05:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\tosOBEX.INI
[2010/05/24 15:20:34 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D630.MRK
[2010/05/24 15:20:34 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_LAT_D630.MRK
[2010/05/24 15:17:30 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/05/24 15:17:29 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/05/24 15:02:35 | 000,356,352 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/05/24 15:02:35 | 000,010,640 | ---- | M] () -- C:\WINDOWS\AegisP.cat
[2010/05/24 14:41:05 | 000,000,020 | -HS- | M] () -- C:\Documents and Settings\Ralph Lister\ntuser.ini
[2010/05/24 14:37:37 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/24 14:36:06 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/24 14:31:45 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/24 14:31:45 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/24 14:31:45 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/24 14:31:45 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/05/24 14:31:45 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/24 14:31:45 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/24 14:31:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/24 14:31:42 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/24 14:31:42 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/24 14:31:33 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/24 14:30:51 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/24 14:30:51 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/24 14:28:49 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/24 14:28:37 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/05/24 14:28:37 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2010/05/24 14:25:37 | 000,000,339 | ---- | M] () -- C:\Boot.bak
[2010/05/21 12:54:05 | 000,882,722 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\GoDaddy small business website tonight guide.pdf
[2010/05/21 12:52:54 | 000,737,605 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\GoDaddy website tonight guide.pdf
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/12 18:38:20 | 000,000,242 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\Shortcut to Internet Options.lnk
[2010/03/29 09:06:12 | 000,000,075 | ---- | M] () -- C:\Documents and Settings\Ralph Lister\Desktop\Michigan Radio.pls
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/05 14:16:40 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\esetsmartinstaller_enu.exe
[2010/06/05 13:42:46 | 000,744,384 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\12th Annual Waterfront Film Festival flyer.pdf
[2010/06/05 01:05:50 | 001,814,528 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\s-1-5-21-1614895754-1229272821-725345543-1003.rrr
[2010/06/04 22:10:33 | 000,627,200 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\keyfinder.exe
[2010/06/04 09:50:00 | 000,000,339 | ---- | C] () -- C:\Boot.bak
[2010/06/04 09:49:56 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/06/04 09:44:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/06/04 09:44:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/06/04 09:44:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/06/04 09:44:36 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/06/04 09:44:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/06/04 09:31:28 | 003,702,826 | R--- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\RLCF.exe
[2010/06/04 00:08:01 | 003,702,826 | R--- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\ComboFix.exe
[2010/05/30 20:55:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/30 17:38:26 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\gmer.zip
[2010/05/30 17:33:09 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\dds.scr
[2010/05/30 17:31:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\defogger_reenable
[2010/05/30 17:30:22 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\Defogger.exe
[2010/05/29 21:01:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/29 20:43:35 | 000,010,338 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\Photoshop - instructions for adjusting the System 32 drivers to allow it to run.docx
[2010/05/28 12:31:54 | 000,018,810 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\AGREEMENT_Jake Baumgartner May 28, 2010.docx
[2010/05/27 22:20:22 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Ralph Lister\S-1-5-21-1614895754-1229272821-725345543-1003.rrr.LOG
[2010/05/26 09:31:08 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/05/26 00:01:54 | 000,882,722 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\GoDaddy small business website tonight guide.pdf
[2010/05/26 00:01:54 | 000,737,605 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\GoDaddy website tonight guide.pdf
[2010/05/25 19:28:48 | 000,020,098 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\AGREEMENT_Jake Baumgartner May 2010.docx
[2010/05/25 19:28:31 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\Michigan Radio.pls
[2010/05/25 19:28:17 | 000,000,242 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Desktop\Shortcut to Internet Options.lnk
[2010/05/25 13:19:13 | 000,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2010/05/25 12:00:45 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Times Reader.lnk
[2010/05/25 12:00:32 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Fanbase.lnk
[2010/05/24 22:04:04 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/05/24 21:40:28 | 000,000,898 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/24 21:40:27 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/24 21:36:50 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/05/24 21:36:49 | 060,767,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/05/24 21:18:44 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/24 18:11:50 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\Local Settings\Application Data\fusioncache.dat
[2010/05/24 17:51:54 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
[2010/05/24 17:50:13 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/05/24 17:45:57 | 000,068,938 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/05/24 17:45:57 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2010/05/24 17:45:57 | 000,000,828 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/05/24 16:05:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2010/05/24 15:17:30 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
[2010/05/24 15:17:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2010/05/24 15:15:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D630.MRK
[2010/05/24 15:15:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_LAT_D630.MRK
[2010/05/24 15:15:10 | 000,000,666 | ---- | C] () -- C:\WINDOWS\speed.reg
[2010/05/24 15:10:03 | 000,143,891 | ---- | C] () -- C:\WINDOWS\System32\drivers\del1028.cty
[2010/05/24 15:05:49 | 000,020,377 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/24 15:05:49 | 000,020,377 | ---- | C] () -- C:\WINDOWS\System32\nvModes.001
[2010/05/24 15:05:37 | 000,111,544 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/24 15:05:36 | 000,017,177 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/05/24 15:05:13 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/05/24 15:05:11 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/05/24 15:05:11 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/05/24 15:05:08 | 001,018,748 | ---- | C] () -- C:\WINDOWS\System32\nvucode.bin
[2010/05/24 15:05:08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/05/24 15:05:08 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\nvtuicpl.cpl
[2010/05/24 15:05:05 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/05/24 15:05:03 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/05/24 15:04:55 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2010/05/24 15:04:52 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/05/24 15:02:35 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/05/24 15:02:35 | 000,010,640 | ---- | C] () -- C:\WINDOWS\AegisP.cat
[2010/05/24 15:00:00 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2010/05/24 14:41:05 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Ralph Lister\ntuser.dat.LOG
[2010/05/24 14:41:05 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\Ralph Lister\ntuser.ini
[2010/05/24 14:41:04 | 002,097,152 | ---- | C] () -- C:\Documents and Settings\Ralph Lister\NTUSER.DAT
[2010/05/24 14:41:04 | 001,835,008 | -H-- | C] () -- C:\Documents and Settings\Ralph Lister\ntuser.dat.rmbak
[2010/05/24 14:37:37 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/05/24 14:35:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/24 14:35:44 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/05/24 14:34:58 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/05/24 14:34:58 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/05/24 14:34:56 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/05/24 14:34:38 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/05/24 14:34:36 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/05/24 14:34:23 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/05/24 14:34:20 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/05/24 14:34:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/05/24 14:33:46 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/05/24 14:33:31 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/05/24 14:33:20 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/05/24 14:33:07 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/05/24 14:33:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/05/24 14:33:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/05/24 14:33:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/05/24 14:33:03 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/05/24 14:33:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/05/24 14:33:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/05/24 14:33:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/05/24 14:33:03 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/05/24 14:33:02 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/05/24 14:33:02 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/05/24 14:33:02 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/05/24 14:33:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/05/24 14:33:01 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/05/24 14:33:00 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/05/24 14:33:00 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/05/24 14:33:00 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/05/24 14:33:00 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/05/24 14:33:00 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/05/24 14:33:00 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/05/24 14:33:00 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/05/24 14:33:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/05/24 14:32:59 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/05/24 14:32:59 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/05/24 14:32:58 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/05/24 14:32:58 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/05/24 14:32:58 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/05/24 14:32:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/05/24 14:32:58 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/05/24 14:32:57 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/05/24 14:32:57 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/05/24 14:31:45 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/24 14:31:45 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/05/24 14:31:45 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/05/24 14:31:45 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/05/24 14:31:45 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/05/24 14:31:42 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/24 14:31:42 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/24 14:31:41 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/24 14:30:51 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/24 14:30:51 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/24 14:30:47 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/24 14:30:32 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/05/24 14:30:02 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/05/24 14:30:02 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/05/24 14:29:56 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/05/24 14:29:42 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/05/24 14:29:29 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/05/24 14:28:49 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/24 14:28:02 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/05/24 14:28:02 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/05/24 14:28:02 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/05/24 14:28:02 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/05/24 14:28:02 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/05/24 14:28:02 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/05/24 14:28:02 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/05/24 14:28:01 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/05/24 14:28:01 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/05/24 14:28:01 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/05/24 14:28:01 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/05/24 14:28:01 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/05/24 14:28:01 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/05/24 14:28:01 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/05/24 14:28:01 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/05/24 14:28:01 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/05/24 14:28:00 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/05/24 14:28:00 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/05/24 14:28:00 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/05/24 14:27:58 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/05/24 14:27:58 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/05/24 14:27:57 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/05/24 14:27:51 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/05/24 10:20:22 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/24 10:20:17 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/05/24 10:20:17 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/05/24 10:20:17 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/05/24 10:20:16 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/05/24 10:20:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2010/05/24 10:20:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/05/24 10:20:13 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2010/05/24 10:20:13 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/05/24 10:20:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2010/05/24 10:20:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/05/24 10:20:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2010/05/24 10:20:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/05/24 10:20:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2010/05/24 10:20:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/05/24 10:20:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2010/05/24 10:20:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/05/24 10:20:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2010/05/24 10:20:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/05/24 10:20:09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2010/05/24 10:20:09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/05/24 10:20:09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2010/05/24 10:20:09 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2010/05/24 10:20:09 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/05/24 10:20:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2010/05/24 10:20:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/05/24 10:20:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2010/05/24 10:20:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/05/24 10:20:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2010/05/24 10:20:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/05/24 10:20:05 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2010/05/24 10:20:05 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2010/05/24 10:20:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/05/24 10:20:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2010/05/24 10:20:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/05/24 10:20:01 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/05/24 10:19:51 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/05/24 10:19:51 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/05/24 10:19:51 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/05/24 10:19:51 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/05/24 10:19:51 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/05/24 10:19:51 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/05/24 10:19:51 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/05/24 10:19:51 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/05/24 10:19:51 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/05/24 10:19:51 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/05/24 10:19:51 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/05/24 10:19:51 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/05/24 10:19:51 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/05/24 10:19:51 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/05/24 10:19:51 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/05/24 10:19:51 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/05/24 10:19:51 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/05/24 10:19:50 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/05/24 10:19:50 | 000,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/05/24 10:18:38 | 002,140,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/24 10:17:50 | 000,000,409 | RHS- | C] () -- C:\boot.ini
[2010/05/24 10:17:47 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/09/02 14:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/07/22 21:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/07/20 17:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2010/05/26 12:06:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/05/24 21:34:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/06/05 11:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/24 21:19:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/05/27 22:37:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2010/05/25 22:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\Registry Mechanic
[2010/05/25 13:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\Windows Desktop Search
[2010/05/29 12:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ralph Lister\Application Data\Windows Search
[2010/06/04 16:21:38 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >


#21 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 07 June 2010 - 06:33 PM

Hello, Ralph Lister.

OK, it's looking clean on my end now. Please do steps 1 and 2 below. Also, I see that you have not installed Windows XP Service Pack 3 yet. You should upgrade at some point, although I strongly suggest to back up immediately before you do it. It is a major upgrade and things can go wrong. I've also listed a few optional items at the end. It's up to you if you want to do any of that, but it's ways to further secure your computer.



Step 1

I see an older version of Java installed. You do have the most recent (1.6 update 20), but I also see Java 1.4 might be installed. Please go into Control Panel --> Add/Remove Programs and remove any version of Java older than 1.6 Update 20. (They may also be listed at JRE or J2SE or Java Runtime.) These eliminate security holes other software can take advantage of.





Step 2

Uninstall ComboFix and Clean Up
Click Start > Run and type combofix /Uninstall click OK (Note the space between combofix and /Uninstall) See below:

Please advise if this step is missed for any reason as it performs some important actions.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites
Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#22 Ralph Lister

Ralph Lister
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 07 June 2010 - 08:24 PM

Hey there, etavares!

Uninstalled the old Java Runtime - nice catch thumbup2.gif
Ran Combofix /Uninstall, and then OTC's Cleanup (and then deleted any files or exe files or txt files left behind on the desktop)
Also downloaded and ran StartupLite and HostMan - those are handy little programs, aren't they?
Also ran Secunia Software Inspector, which found an Adobe Flash Player insecure version (I have downloaded the patch/updated version, and will run it after posting this). That Secunia is pretty helpful too - will have to remember to visit the site and run their scan from time to time.
I have MalwareBytes, as you know - very good program.
But for SP3, my Windows XP is up to date.

I will read the Firewall log. Do you think running Windows' standard XP firewall - along with AVG Free and MalwareBytes - is enough, or does one need a specialized firewall? (I think you said Windows 7 firewall was pretty good, but while I'm still on XP...)


And finally.... A VERY BIG AND GRACIOUS THANK YOU FOR ALL YOUR TIME, INPUT, AND CAREFUL ANALYSIS. The computer was up bleep creek without a paddle, and thanks to you and, I suspect, all the guys and gals at BC, I am well back on track! Now to keep the damn thing clear of them bugs...

THANK YOU THANK YOU THANK YOU thumbup.gif thumbup.gif thumbup.gif
Ralph


#23 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 07 June 2010 - 08:48 PM

Hi Ralph-

Those are nice programs. I use HostsMan myself. I don't have it running, but I manually update their hosts file every so often. You'll notice holes in some websites where ads used to be. To be honest, that can help protect you from some web attacks...legit webpage, but bad ad since they can't control the ads.

Windows XP firewall is one-directional. It keeps programs that scan IPs from finding your computer. If they find it, they can hack it. However, if you get malware on your computer, it can't prevent malware from calling out from your computer. A two-directional firewall is preferred. I used to use ZoneAlarm when I had XP. Now with a two-way firewall, the first time a program tries to access the internet, you'll need to allow or deny it. Then, any new programs or updates to your old programs will trigger an alert for you to allow or deny. You'll need to determine what is legit or not. Our forums here can help you decide. If you are going to blindly allow programs (as a fair number of users do), then Windows XP firewall is fine and better than nothing since the two-way will give you no benefit. The Windows 7 firewall is good, but you have to manually enable the outgoing protection. XP doesn't even give you the option.

And yes, you can thank everyone at BC, since this is where I learned how to deal with malware. smile.gif



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#24 Ralph Lister

Ralph Lister
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:06:30 PM

Posted 07 June 2010 - 09:18 PM

Thanks for this input too - I'll look into ZoneAlarm. busy.gif
Cheers - Ralph

#25 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:30 PM

Posted 14 June 2010 - 04:29 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you are the topic starter, and need this topic reopened, please contact me via PM with the address of this thread.

Everyone else please begin a new topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users