Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect when clicking search links


  • This topic is locked This topic is locked
11 replies to this topic

#1 LDCJr

LDCJr

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:05:41 AM

Posted 05 September 2010 - 11:35 PM

This started when I was starting a video in Windows Media Player and got a popup saying I need to download codecs. Thinking this was normal since I had not used media player much since fixing up this computer, I clicked OK. I knew something was wrong pretty quick. Media Player froze and everything started acting screwy. Afterward I was unable to connect to certain sites and Microsoft update no longer worked. When searching in Google or Yahoo, the search works OK, but when I click links in the results I get redirected to an apparently random ad site. Also, I lost the ability to use any windows system information tools. Sound quit working. Tried to check network connections and none are shown. The system tray showed less icons than normal and the autohide quit working. System restore quit working. Booting up became EXTREMELY slow. I ran AVGfree 9 and found and quarrantined 2 trojan horses. (Sorry, I lost the names.) It didn't get any better - guess the damage was done. I installed Chrome to see if it worked and if anything the redirects are worse. I fiddled with IE8 settings, etc - no help.

That was about a week ago. I ended up uninstalling IE8 and reinstalling (reapairing) XP. It's better, but still getting the redirects and microsoft update won't work, so I am now running XP SP2 and IE6. System information tools now work and I can see my network connections. Sound works. System restore now seems to be working again. Still can't connect to certain sites - seems to be ones that are related to a download or running an add-on, like microsoft update. AVG wouldn't work, something about can't access site to confirm license. Tried re-installing AVG and it installed fine, but on initial startup, it stopped because it couldn't connect to the server to download updates. I uninstalled AVG and installed Synacor Safe and Secure from my cable provider. Seems to work OK, but it doesn't find any viruses or adware.

I feel like my computer is not under control and may be vulnerable to attack. With the constant redirects, browsing is pretty much impossible.

HELP!!

DDS.txt follows:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Dee Caskey at 22:19:44.00 on Sun 09/05/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1015.442 [GMT -4:00]

AV: SS Anti-Virus *On-access scanning enabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Synacor 3.0\SS\app\Console.exe
C:\Program Files\LSI SoftModem\agrsmsvc.exe
c:\Program Files\Synacor 3.0\SS\App\syssvcnt.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Dee Caskey\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\acrobat\activex\AcroIEHelper.dll
BHO: AuthPopupBHO01.cBHO: {3c7195f6-d788-4d50-ba72-2ee212edac78} - c:\program files\synacor 3.0\ss\app\popupbho01.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: Safe and Secure Popup Blocker: {2c0a5f28-48d8-408b-9172-9c6121025bce} - c:\program files\synacor 3.0\ss\app\popupbho01.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\dee caskey\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Conime] %windir%\system32\conime.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ESP] "c:\program files\synacor 3.0\ss\app\start.exe"
StartupFolder: c:\docume~1\deecas~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 6.0\distillr\acrotray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/synacor/syus/bin/wizard.exe
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280380786406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 93.188.163.185,93.188.166.185
TCP: {95306776-9F26-487F-9742-2AF93E761FF1} = 93.188.163.185,93.188.166.185
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [2008-5-21 21000]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-30 54760]
R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [2008-5-21 39688]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2010-5-17 308592]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

=============== Created Last 30 ================

2010-09-06 02:11:00 0 ----a-w- c:\documents and settings\dee caskey\defogger_reenable
2010-09-05 02:41:47 0 ----a-w- c:\windows\system32\SBRC.dat
2010-09-05 02:41:47 0 ----a-w- c:\windows\system32\SBFC.dat
2010-09-04 04:50:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Authentium
2010-09-04 04:49:57 0 d-----w- c:\program files\common files\RuleSpace
2010-09-04 04:49:53 0 d-----w- c:\program files\common files\Sunbelt
2010-09-04 04:49:35 0 d-----w- c:\program files\common files\Authentium
2010-09-04 04:49:11 0 d-----w- c:\program files\Synacor 3.0
2010-09-04 04:33:13 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-09-04 04:33:13 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-09-04 04:33:13 106496 ----a-w- c:\windows\system32\atl71.dll
2010-09-04 04:33:13 0 d-----w- c:\program files\common files\Authentium Shared
2010-09-04 03:50:31 155648 ----a-w- c:\windows\system32\igfxres.dll
2010-09-04 03:43:16 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2010-09-04 03:43:03 156672 -c--a-w- c:\windows\system32\dllcache\winzm.ime
2010-09-04 03:43:02 65536 -c--a-w- c:\windows\system32\dllcache\winime.ime
2010-09-04 03:43:02 156672 -c--a-w- c:\windows\system32\dllcache\winsp.ime
2010-09-04 03:43:02 156672 -c--a-w- c:\windows\system32\dllcache\winpy.ime
2010-09-04 03:43:01 79360 -c--a-w- c:\windows\system32\dllcache\winar30.ime
2010-09-04 03:43:01 69120 -c--a-w- c:\windows\system32\dllcache\wingb.ime
2010-09-04 03:41:52 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-09-04 03:40:57 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2010-09-04 03:39:56 32827 -c--a-w- c:\windows\system32\dllcache\tcptest.exe
2010-09-04 03:38:04 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-09-04 03:37:56 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-09-04 03:37:56 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-09-04 03:37:56 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-09-04 03:37:56 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-09-04 03:37:33 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-09-04 03:36:55 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2010-09-04 03:36:54 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2010-09-04 03:36:54 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2010-09-04 03:36:54 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2010-09-04 03:24:51 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2010-09-04 03:23:58 0 d-----w- c:\windows\system32\x64
2010-09-04 03:20:18 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-09-04 03:20:18 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-09-04 03:20:18 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-09-04 03:20:18 13312 ----a-w- c:\windows\system32\irclass.dll
2010-09-04 01:21:07 35810 ----a-w- c:\windows\setupapi.old
2010-09-04 01:21:06 4507 ----a-w- c:\windows\imsins.BAK
2010-08-30 00:32:37 69632 ----a-w- c:\windows\ALCMTR.EXE
2010-08-29 22:48:14 0 d-----w- C:\spoolerlogs
2010-08-29 22:34:14 0 d-----w- c:\program files\DivX
2010-08-28 15:01:21 0 d-----w- c:\program files\ABC Fun
2010-08-21 05:11:55 0 d-----w- c:\program files\Combined Community Codec Pack
2010-08-21 02:38:01 0 d-----w- c:\program files\BitTorrent
2010-08-21 02:37:09 0 d-----w- c:\docume~1\deecas~1\applic~1\BitTorrent

==================== Find3M ====================

2010-09-04 03:36:21 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-29 05:45:02 315392 ----a-w- c:\windows\HideWin.exe
2010-07-17 09:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 22:20:10.98 ===============

Attached Files


Edited by LDCJr, 06 September 2010 - 07:27 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 13 September 2010 - 04:31 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download Rootkit Unhooker and save it to your Desktop
  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop
Copy the entire contents of the report and paste it in a reply here.

Note - you may get this warning it is ok, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 LDCJr

LDCJr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:05:41 AM

Posted 14 September 2010 - 08:43 PM

Thank you for your response and help. I was about ready to reformat and re-install Windows, but I wasn't sure if even that would solve my problems.
My problems have gotten worse. When Windows starts I get several boxes similar to the descriptions below. I also get these when I try to start most applications. Also Windows boots up with the firewall turned off, but I am able to turn it back on - at least it appears that I can.
"OTL has encountered a problem and needs to close. We are sorry for the inconvenience."
"Please tell Microsoft about this problem."
and
"Data Execution Prevention - Microsoft Windows"
"To help protect your computer Windows has closed this program"
"Name Notepad"
"Publisher Microsoft Corporation"

If I don't close the Window and just drag it out of the way, the named program stays open and seems to work OK. That's how I ran OTL and RKUnhooker. I saved the results to a flash drive and I am replying from my laptop.
Here are the results.

OTL logfile created on: 9/14/2010 8:59:43 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Dee Caskey\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 10.31 Gb Free Space | 55.34% Space Free | Partition Type: NTFS
Drive D: | 564.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 142.27 Gb Total Space | 111.98 Gb Free Space | 78.71% Space Free | Partition Type: NTFS
Drive F: | 6.77 Gb Total Space | 3.37 Gb Free Space | 49.86% Space Free | Partition Type: FAT32
Drive G: | 18.63 Gb Total Space | 14.64 Gb Free Space | 78.59% Space Free | Partition Type: NTFS
Drive H: | 93.16 Gb Total Space | 2.29 Gb Free Space | 2.46% Space Free | Partition Type: NTFS
Drive I: | 3.81 Gb Total Space | 3.75 Gb Free Space | 98.21% Space Free | Partition Type: FAT32

Computer Name: HOME
Current User Name: Dee Caskey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/09/14 20:48:42 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dee Caskey\Desktop\OTL.exe
PRC - [2010/09/12 00:46:34 | 000,046,972 | ---- | M] () -- C:\WINDOWS\system32\DirectX\svchost.exe
PRC - [2010/05/21 00:28:00 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:27:58 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/05/17 14:24:16 | 000,308,592 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
PRC - [2010/05/07 10:42:00 | 001,638,400 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/06/01 16:22:56 | 000,177,448 | R--- | M] (Authentium, Inc.) -- c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
PRC - [2008/05/21 11:10:20 | 002,688,336 | ---- | M] (Authentium, Inc.) -- C:\Program Files\Synacor 3.0\SS\App\console.exe
PRC - [2008/05/21 11:01:02 | 000,112,160 | ---- | M] (Authentium, Inc.) -- c:\Program Files\Synacor 3.0\SS\App\syssvcnt.exe
PRC - [2006/02/28 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/02/28 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2006/02/28 08:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe


========== Modules (SafeList) ==========

MOD - [2010/09/14 20:48:42 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dee Caskey\Desktop\OTL.exe
MOD - [2010/09/12 00:46:30 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\system32\slrusort.dll
MOD - [2006/02/28 08:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/02/28 08:00:00 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\faultrep.dll
MOD - [2006/02/28 08:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2006/02/28 08:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/12 00:46:34 | 000,046,972 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\DirectX\svchost.exe -- (svchost32)
SRV - [2010/05/17 14:24:16 | 000,308,592 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe -- (Kodak AiO Network Discovery Service)
SRV - [2010/04/28 07:44:02 | 000,704,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009/01/14 17:53:02 | 000,226,656 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/06/01 16:22:56 | 000,177,448 | R--- | M] (Authentium, Inc.) [Auto | Running] -- c:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe -- (dvpapi)
SRV - [2008/05/21 11:01:02 | 000,112,160 | ---- | M] (Authentium, Inc.) [Auto | Running] -- c:\Program Files\Synacor 3.0\SS\App\syssvcnt.exe -- (AuthSysSvc)
SRV - [2006/02/28 08:00:00 | 000,032,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2006/02/28 08:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/04/28 07:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/06/01 15:58:30 | 000,750,904 | ---- | M] (Authentium, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Css-Dvp.sys -- (CSS DVP)
DRV - [2008/05/21 11:23:14 | 000,039,688 | ---- | M] (Authentium Inc) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GRTdiMon.sys -- (GRTdiMon)
DRV - [2008/05/21 11:23:14 | 000,021,000 | ---- | M] (Authentium Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GRFilter.sys -- (GRFILTER)
DRV - [2007/04/23 20:12:28 | 004,402,176 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/10/06 01:24:00 | 001,181,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/01/07 17:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/11/19 08:40:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1343024091-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1343024091-179605362-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-1343024091-179605362-725345543-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1343024091-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1343024091-179605362-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AuthPopupBHO01.cBHO) - {3C7195F6-D788-4D50-BA72-2EE212EDAC78} - C:\Program Files\Synacor 3.0\SS\App\PopupBHO01.dll (Authentium, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Safe and Secure Popup Blocker) - {2C0A5F28-48D8-408B-9172-9C6121025BCE} - C:\Program Files\Synacor 3.0\SS\App\PopupBHO01.dll (Authentium, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1343024091-179605362-725345543-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1343024091-179605362-725345543-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [ESP] C:\Program Files\Synacor 3.0\SS\app\start.exe (Authentium, Inc.)
O4 - HKU\S-1-5-21-1343024091-179605362-725345543-1004..\Run: [Bsanesanuzeho] C:\WINDOWS\sjel60.DLL (trbarry@trbarry.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Dee Caskey\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1343024091-179605362-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1343024091-179605362-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1343024091-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} http://files.authentium.com/synacor/syus/bin/wizard.exe (CNavigationManager Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1280380786406 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.154.1.68 24.154.1.38
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.185,93.188.166.185
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/07/29 00:44:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/02/28 08:00:00 | 000,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/06/14 18:16:24 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/03/16 06:38:20 | 000,000,053 | -HS- | M] () - F:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{236566d4-5a07-11de-b36b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{236566d4-5a07-11de-b36b-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{236566d4-5a07-11de-b36b-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- [2006/02/28 08:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: chkntvol - (C:\WINDOWS\system32\slrusort.dll) - C:\WINDOWS\system32\slrusort.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/09/14 20:58:00 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dee Caskey\Desktop\OTL.exe
[2010/09/12 00:02:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dee Caskey\Recent
[2010/09/11 00:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\WinRAR
[2010/09/08 01:01:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/09/06 02:00:46 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/09/06 02:00:43 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/09/06 02:00:25 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010/09/06 02:00:21 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/09/06 01:59:53 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/09/06 01:59:50 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/09/06 01:59:40 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010/09/06 01:59:23 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/09/06 01:59:07 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010/09/06 01:59:03 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010/09/06 01:59:00 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010/09/06 01:58:55 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010/09/06 01:58:51 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/09/06 01:58:43 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010/09/06 01:58:40 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010/09/06 01:58:24 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010/09/06 01:58:09 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/09/06 01:58:05 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010/09/06 01:58:02 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010/09/06 01:57:57 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010/09/06 01:57:36 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/09/06 01:57:22 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010/09/06 01:57:19 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010/09/06 01:57:05 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/09/06 01:57:02 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010/09/06 01:56:59 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/09/06 01:56:55 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010/09/06 01:56:51 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/09/06 01:56:48 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010/09/06 01:56:19 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/09/06 01:56:13 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/09/06 01:56:10 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/09/06 01:56:09 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/09/06 01:56:04 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/09/06 01:56:01 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/09/06 01:55:46 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/09/06 01:55:43 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/09/06 01:54:57 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/09/06 01:54:54 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/09/06 01:54:51 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010/09/06 01:54:47 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010/09/06 01:54:39 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/09/06 01:54:17 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010/09/06 01:53:48 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010/09/06 01:53:45 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010/09/06 01:53:42 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/09/06 01:53:38 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010/09/06 01:53:35 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/09/06 01:53:11 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/09/06 01:53:08 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/09/06 01:53:05 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/09/06 01:52:59 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010/09/06 01:52:30 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/09/06 01:52:27 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/09/06 01:52:23 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/09/06 01:52:20 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/09/06 01:51:52 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010/09/06 01:51:45 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/09/06 01:51:43 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/09/06 01:51:28 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/09/06 01:51:24 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/09/06 01:51:22 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/09/06 01:51:19 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/09/06 01:51:16 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/09/06 01:51:13 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/09/06 01:51:10 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/09/06 01:51:07 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/09/06 01:51:05 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010/09/06 01:50:58 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010/09/06 01:50:55 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010/09/06 01:50:51 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/09/06 01:50:48 | 000,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/09/06 01:50:44 | 000,019,017 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8029.sys
[2010/09/06 01:50:36 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/09/06 01:50:30 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/09/06 01:50:27 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/09/06 01:50:23 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010/09/06 01:50:07 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/09/06 01:50:04 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/09/06 01:49:33 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/09/06 01:49:30 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/09/06 01:49:27 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010/09/06 01:49:16 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010/09/06 01:48:26 | 000,169,984 | ---- | C] (Cisco Systems) -- C:\WINDOWS\System32\dllcache\pcx500.sys
[2010/09/06 01:48:24 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010/09/06 01:48:12 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/09/06 01:48:11 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010/09/06 01:48:08 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/09/06 01:47:30 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/09/06 01:47:28 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010/09/06 01:47:24 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/09/06 01:47:21 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/09/06 01:46:59 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/09/06 01:46:46 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/09/06 01:46:43 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/09/06 01:46:39 | 000,032,840 | ---- | C] (NETGEAR Corporation.) -- C:\WINDOWS\System32\dllcache\ngrpci.sys
[2010/09/06 01:46:38 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/09/06 01:46:25 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/09/06 01:46:23 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/09/06 01:46:13 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/09/06 01:46:09 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/09/06 01:46:07 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/09/06 01:46:04 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/09/06 01:46:01 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010/09/06 01:45:59 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010/09/06 01:45:51 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010/09/06 01:45:48 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010/09/06 01:45:46 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010/09/06 01:45:43 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/09/06 01:45:40 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010/09/06 01:45:37 | 000,103,296 | ---- | C] (Matrox Graphics Inc) -- C:\WINDOWS\System32\dllcache\mtxvideo.sys
[2010/09/06 01:44:43 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/09/06 01:44:05 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/09/06 01:43:40 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/09/06 01:43:38 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010/09/06 01:43:37 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/09/06 01:43:34 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/09/06 01:43:34 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/09/06 01:43:32 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/09/06 01:43:24 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/09/06 01:43:22 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/09/06 01:43:19 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/09/06 01:43:17 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010/09/06 01:43:13 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/09/06 01:43:10 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010/09/06 01:42:19 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010/09/06 01:42:11 | 000,045,632 | ---- | C] (Interphase ® Corporation a Windows ® 2000 DDK Driver Provider) -- C:\WINDOWS\System32\dllcache\ip5515.sys
[2010/09/06 01:41:36 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/09/06 01:39:36 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/09/06 01:39:28 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/09/06 01:39:01 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/09/06 01:38:59 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/09/06 01:38:57 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/09/06 01:38:44 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/09/06 01:38:33 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/09/06 01:38:31 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/09/06 01:38:28 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/09/06 01:38:25 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/09/06 01:38:23 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/09/06 01:38:22 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/09/06 01:38:08 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/09/06 01:38:04 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/09/06 01:38:02 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/09/06 01:37:36 | 000,072,192 | ---- | C] (ESS Technology Inc.) -- C:\WINDOWS\System32\dllcache\es1969.sys
[2010/09/06 01:36:44 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/09/06 01:36:38 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/09/06 01:36:28 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/09/06 01:36:26 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/09/06 01:36:25 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/09/06 01:36:21 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/09/06 01:36:20 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/09/06 01:36:19 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/09/06 01:36:18 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/09/06 01:36:15 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/09/06 01:35:55 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/09/06 01:35:54 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/09/06 01:35:49 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/09/06 01:35:25 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/09/06 01:35:24 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/09/06 01:35:23 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/09/06 01:35:22 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/09/06 01:35:21 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/09/06 01:35:20 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/09/06 01:35:19 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/09/06 01:35:18 | 000,249,856 | ---- | C] (ComtrolŪ Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/09/06 01:35:09 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/09/06 01:35:08 | 000,060,970 | ---- | C] (Compaq Computer Corp.) -- C:\WINDOWS\System32\dllcache\cpqtrnd5.sys
[2010/09/06 01:34:53 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/09/06 01:34:45 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/09/06 01:34:38 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/09/06 01:34:37 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/09/06 01:34:37 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/09/06 01:34:36 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/09/06 01:34:36 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/09/06 01:34:33 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/09/06 01:34:33 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/09/06 01:34:32 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/09/06 01:34:31 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/09/06 01:34:29 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/09/06 01:34:28 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/09/06 01:33:57 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/09/06 01:33:57 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/09/06 01:33:56 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/09/06 01:33:56 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/09/06 01:33:55 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/09/06 01:33:55 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/09/06 01:33:54 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/09/06 01:33:54 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/09/06 01:33:51 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/09/06 01:33:51 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/09/06 01:33:50 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/09/06 01:33:49 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/09/06 01:33:49 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/09/06 01:33:48 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/09/06 01:33:48 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/09/06 01:33:47 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/09/06 01:33:47 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/09/06 01:33:47 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/09/06 01:33:41 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/09/06 01:33:38 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/09/06 01:33:38 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/09/06 01:33:37 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/09/06 01:33:36 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/09/06 01:33:36 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/09/06 01:33:36 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/09/06 01:33:35 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/09/06 01:33:19 | 000,077,568 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\dllcache\ati.sys
[2010/09/06 01:33:18 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/09/06 01:33:12 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/09/06 01:33:01 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/09/06 01:33:00 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/09/06 01:33:00 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/09/06 01:33:00 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/09/06 01:32:59 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/09/06 01:32:59 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
[2010/09/06 01:32:57 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/09/06 01:32:55 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
[2010/09/06 01:32:54 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/09/06 01:32:53 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2010/09/06 01:32:52 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/09/06 01:32:51 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/09/06 01:32:51 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/09/06 01:19:31 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010/09/04 00:50:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Authentium
[2010/09/04 00:49:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\RuleSpace
[2010/09/04 00:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sunbelt
[2010/09/04 00:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium
[2010/09/04 00:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Synacor 3.0
[2010/09/04 00:33:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Authentium Shared
[2010/09/03 23:45:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/09/03 23:42:18 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/09/03 23:42:17 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/09/03 23:42:17 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/09/03 23:40:30 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/09/03 23:24:51 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2010/09/03 23:24:51 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\dllcache\rtl8139.sys
[2010/09/03 23:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\x64
[2010/09/03 21:50:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\Temp
[2010/09/03 21:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\Deployment
[2010/08/31 22:31:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\My Documents\Downloads
[2010/08/31 20:48:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2010/08/29 18:48:14 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2010/08/29 18:34:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\Google
[2010/08/29 18:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/08/29 18:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2010/08/28 11:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\ABC Fun
[2010/08/28 01:59:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\Media Player Classic
[2010/08/22 13:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\WMTools Downloaded Files
[2010/08/21 01:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2010/08/20 22:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/08/20 22:37:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\BitTorrent
[2010/08/01 01:55:51 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/08/01 01:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\Dupeless
[2010/08/01 01:49:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\ACD Systems
[2010/08/01 01:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2010/08/01 01:13:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\ACD Systems
[2010/08/01 01:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/08/01 01:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2010/08/01 00:50:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dee Caskey\My Documents\My Videos
[2010/08/01 00:50:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/08/01 00:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/01 00:47:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/08/01 00:27:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/08/01 00:26:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/08/01 00:26:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/08/01 00:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/08/01 00:15:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/01 00:11:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\My Documents\Quicken
[2010/08/01 00:06:09 | 001,933,312 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf250.dll
[2010/08/01 00:06:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\Intuit
[2010/08/01 00:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Palo Alto Software
[2010/08/01 00:05:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2010/08/01 00:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2010/08/01 00:04:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2010/08/01 00:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Instant CD & DVD Burner
[2010/07/31 23:57:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/07/31 23:57:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF 6.0
[2010/07/31 23:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/07/31 23:53:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\Yahoo!
[2010/07/31 23:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/07/31 23:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/07/31 23:52:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\AdobeUM
[2010/07/31 23:52:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\Adobe
[2010/07/31 23:52:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\My Documents\My eBooks
[2010/07/31 23:52:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\Adobe
[2010/07/31 23:52:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/07/31 23:51:40 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/07/31 23:50:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2010/07/31 23:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\Downloaded Installations
[2010/07/31 16:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/31 00:08:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\OpenOffice.org
[2010/07/31 00:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/07/31 00:02:36 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010/07/31 00:02:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/31 00:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/07/31 00:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\Sun
[2010/07/30 23:06:55 | 000,000,000 | R-SD | C] -- C:\Documents and Settings\Dee Caskey\My Documents\My Stationery
[2010/07/30 23:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Tracing
[2010/07/30 22:39:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/07/30 22:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/07/30 22:37:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/07/30 22:35:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/07/30 22:35:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/07/30 22:35:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/07/30 22:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/07/30 22:18:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/07/30 21:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\Macromedia
[2010/07/29 16:09:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dee Caskey\IECompatCache
[2010/07/29 16:07:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dee Caskey\PrivacIE
[2010/07/29 15:04:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/07/29 15:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/07/29 15:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/07/29 14:55:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dee Caskey\IETldCache
[2010/07/29 14:30:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/07/29 14:29:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/07/29 14:28:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/29 14:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/07/29 13:34:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/07/29 13:34:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/07/29 13:34:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/07/29 13:34:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/07/29 13:26:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/07/29 03:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/07/29 03:16:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Eastman Kodak Company
[2010/07/29 03:16:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\Eastman_Kodak_Company
[2010/07/29 03:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\Microsoft Corporation
[2010/07/29 03:05:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kodak
[2010/07/29 03:01:46 | 000,421,888 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJ5000MON.dll
[2010/07/29 03:01:46 | 000,131,072 | ---- | C] (Eastman Kodak Company) -- C:\WINDOWS\System32\EKIJCOINST08.dll
[2010/07/29 02:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/29 02:53:45 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2010/07/29 02:50:01 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/29 02:50:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2010/07/29 02:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/07/29 02:47:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kodak
[2010/07/29 02:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\Temp
[2010/07/29 02:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\Eastman Kodak Company
[2010/07/29 02:44:40 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/07/29 02:44:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/07/29 02:28:24 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2010/07/29 02:26:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/07/29 02:10:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/07/29 02:01:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/07/29 02:01:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/07/29 01:58:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/07/29 01:53:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/07/29 01:49:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/07/29 01:47:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/07/29 01:45:18 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/07/29 01:45:18 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/07/29 01:45:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/07/29 01:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/07/29 01:36:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/29 01:26:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/07/29 01:23:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/07/29 01:23:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/07/29 01:22:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/07/29 01:19:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/07/29 01:19:44 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dee Caskey\UserData
[2010/07/29 01:10:12 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/07/29 01:03:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/07/29 00:50:24 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/07/29 00:50:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Application Data\Identities
[2010/07/29 00:50:18 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/07/29 00:50:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dee Caskey\My Documents\My Pictures
[2010/07/29 00:50:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dee Caskey\My Documents\My Music
[2010/07/29 00:50:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\Microsoft
[2010/07/29 00:50:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft
[2010/07/29 00:50:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Dee Caskey\Cookies
[2010/07/29 00:50:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dee Caskey\SendTo
[2010/07/29 00:50:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dee Caskey\Application Data
[2010/07/29 00:50:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dee Caskey\Start Menu
[2010/07/29 00:50:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dee Caskey\My Documents
[2010/07/29 00:50:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Dee Caskey\Favorites
[2010/07/29 00:50:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dee Caskey\Templates
[2010/07/29 00:50:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dee Caskey\PrintHood
[2010/07/29 00:50:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dee Caskey\NetHood
[2010/07/29 00:50:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Dee Caskey\Local Settings
[2010/07/29 00:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dee Caskey\Desktop
[2010/07/29 00:48:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/07/29 00:47:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/07/29 00:47:58 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/07/29 00:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/07/29 00:47:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/07/29 00:45:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/07/29 00:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/07/29 00:45:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/07/29 00:44:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/07/29 00:43:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/07/29 00:43:56 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/07/29 00:43:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/07/29 00:42:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/07/29 00:42:49 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/07/29 00:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/07/29 00:42:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/07/29 00:42:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/07/29 00:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/07/29 00:42:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2010/07/29 00:42:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/07/29 00:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/07/29 00:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/07/29 00:42:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/07/29 00:42:26 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/07/29 00:42:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/07/29 00:42:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/07/29 00:42:06 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/07/29 00:41:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/07/29 00:41:29 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/07/29 00:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/07/29 00:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/07/29 00:41:22 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/07/29 00:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/07/29 00:41:15 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/07/29 00:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/07/29 00:40:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/07/29 00:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/07/29 00:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/07/28 22:34:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/07/28 22:34:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/07/28 22:34:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/07/28 22:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/07/28 22:34:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/07/28 22:34:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/07/28 22:34:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2006/02/28 08:00:00 | 000,197,632 | ---- | C] ( ) -- C:\WINDOWS\afayitejedab.dll
[2006/02/28 08:00:00 | 000,193,536 | ---- | C] ( ) -- C:\WINDOWS\ixisewer.dll
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/09/14 20:49:02 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\RKUnhookerLE.EXE
[2010/09/14 20:48:42 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dee Caskey\Desktop\OTL.exe
[2010/09/14 20:32:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/09/14 20:12:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/14 19:49:23 | 000,048,173 | ---- | M] () -- C:\WINDOWS\Sysvxd.exe
[2010/09/13 22:53:05 | 000,006,555 | ---- | M] () -- C:\WINDOWS\System32\atmfln.dat
[2010/09/13 22:53:05 | 000,000,676 | ---- | M] () -- C:\WINDOWS\System32\smloccfg.dat
[2010/09/13 22:53:05 | 000,000,474 | ---- | M] () -- C:\WINDOWS\System32\dpnhuptp.dat
[2010/09/13 22:53:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\termirv.dat
[2010/09/13 22:52:59 | 000,000,700 | ---- | M] () -- C:\WINDOWS\System32\jgmd40bb.dat
[2010/09/13 22:52:59 | 000,000,700 | ---- | M] () -- C:\WINDOWS\System32\ieakwie.dat
[2010/09/13 22:52:59 | 000,000,700 | ---- | M] () -- C:\WINDOWS\System32\docprop.dat
[2010/09/13 22:52:55 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\setuvapi.dat
[2010/09/13 22:49:01 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/13 22:48:57 | 000,021,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/13 22:48:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/13 22:48:03 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Dee Caskey\NTUSER.DAT
[2010/09/13 22:47:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Dee Caskey\ntuser.ini
[2010/09/13 22:07:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-179605362-725345543-1004Core.job
[2010/09/12 00:46:30 | 000,047,616 | -H-- | M] () -- C:\WINDOWS\System32\slrusort.dll
[2010/09/09 18:49:42 | 000,002,301 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/09 18:49:41 | 000,002,323 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Google Chrome.lnk
[2010/09/09 01:17:37 | 000,000,298 | ---- | M] () -- C:\WINDOWS\System32\inetppei.dat
[2010/09/06 01:19:31 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\SpeedFan.lnk
[2010/09/06 01:19:31 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/09/05 22:27:40 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\gmer.zip
[2010/09/05 22:18:04 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\dds.scr
[2010/09/05 22:11:00 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\defogger_reenable
[2010/09/04 22:41:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBRC.dat
[2010/09/04 22:41:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\SBFC.dat
[2010/09/04 22:31:11 | 000,001,621 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Armstrong SS.lnk
[2010/09/04 00:25:08 | 000,020,440 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/03 23:59:51 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer (2).lnk
[2010/09/03 23:48:31 | 000,529,708 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/03 23:48:31 | 000,448,374 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/03 23:48:31 | 000,072,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/03 23:48:15 | 000,021,760 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/09/03 23:44:53 | 000,127,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/03 23:43:38 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/09/03 23:39:21 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/09/03 23:39:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/09/03 23:39:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/09/03 23:39:05 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/03 23:38:04 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/09/03 23:38:04 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/09/03 23:37:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/09/03 23:37:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/09/03 23:37:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/09/03 23:37:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/09/03 23:37:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/09/03 23:37:56 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/09/03 23:37:41 | 000,000,517 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/03 23:36:21 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/03 23:33:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/09/03 23:20:24 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/03 21:29:03 | 000,035,810 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/09/03 18:52:04 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/09/02 21:55:22 | 000,013,431 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\My Documents\Bills 8-25-10.ods
[2010/08/29 22:54:38 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Home Depot Credit Center.url
[2010/08/29 22:52:56 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\The Home Depot Secure Sign-on.url
[2010/08/29 18:34:24 | 000,001,526 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Movies.lnk
[2010/08/29 18:34:24 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2010/08/28 13:14:28 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\National Penn Bank.url
[2010/08/28 11:02:23 | 000,002,223 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ABC Fun.lnk
[2010/08/25 23:51:10 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Passwords.xls
[2010/08/25 22:02:48 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Walmart Credit Cards Login Page.url
[2010/08/25 21:50:41 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\The Home Depot Secure Sign-on.url
[2010/08/25 21:50:26 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Orchard Bank Credit Card - Log in for Account Services.url
[2010/08/25 20:55:09 | 000,012,713 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\My Documents\dl 020001-000000021607241720100825.csv
[2010/08/25 19:06:28 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Bank of America Home Personal.url
[2010/08/24 00:24:22 | 000,020,082 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\My Documents\dl 020001-000000021607241720100823.ods
[2010/08/23 22:59:03 | 000,008,161 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\My Documents\dl 020001-000000021607241720100823.csv
[2010/08/22 13:40:40 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 22:38:03 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/08/20 22:38:03 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/08/15 22:42:40 | 000,003,649 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\My Documents\dl 020001-000000021607241720100815.csv
[2010/08/15 18:59:22 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Armstrong - Webmail Login.url
[2010/08/08 22:02:04 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\backup2Edrive.bat
[2010/08/06 09:56:12 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Paint.lnk
[2010/08/05 23:21:11 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Walmart Credit Cards Login Page.url
[2010/08/05 23:19:49 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\MyCheckFree.com - Walmart & Armstrong.url
[2010/08/05 23:17:45 | 000,000,231 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\MyCheckFree.com.url
[2010/08/05 22:07:18 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Armstrong and Guardian.url
[2010/08/05 22:06:52 | 000,000,517 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Armstrong and Guardian.url
[2010/08/05 21:37:08 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Nascar.com.url
[2010/08/05 21:36:57 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Nascar.com.url
[2010/08/05 21:28:27 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Armstrong - Webmail Login.url
[2010/08/04 23:59:07 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Delmarva Power - Access My Account.url
[2010/08/04 23:58:56 | 000,000,201 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Delmarva Power - Access My Account.url
[2010/08/04 23:58:23 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\ADP iPayStatements Login.url
[2010/08/04 23:58:14 | 000,000,237 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\ADP iPayStatements Login.url
[2010/08/04 23:57:49 | 000,000,391 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Wells Fargo.url
[2010/08/04 23:57:40 | 000,000,391 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Wells Fargo.url
[2010/08/04 23:56:49 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Sprint.url
[2010/08/04 23:56:39 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Sprint.url
[2010/08/04 23:55:20 | 000,000,226 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Orchard Bank Credit Card - Log in for Account Services.url
[2010/08/04 23:52:31 | 000,000,254 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Bank of America Home Personal.url
[2010/08/04 23:50:35 | 000,000,203 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Capital One Online Banking Online Banking - Credit Cards.url
[2010/08/04 23:50:20 | 000,000,203 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Capital One.url
[2010/08/01 01:55:51 | 000,001,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album 2.0.lnk
[2010/08/01 00:50:52 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/01 00:43:17 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Quicken Deluxe 2007.lnk
[2010/08/01 00:26:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/08/01 00:16:08 | 000,001,518 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/08/01 00:16:08 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/08/01 00:11:07 | 000,000,216 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/08/01 00:06:08 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2007.lnk
[2010/08/01 00:03:30 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Instant CD & DVD Burner.lnk
[2010/07/31 23:58:28 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/07/31 23:58:28 | 000,001,758 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Standard.lnk
[2010/07/31 23:53:22 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\CCleaner.lnk
[2010/07/31 00:23:30 | 000,014,406 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Passwords.ods
[2010/07/31 00:12:32 | 000,000,232 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\National Penn Bank.url
[2010/07/31 00:08:46 | 000,000,864 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/07/31 00:04:10 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/07/30 23:08:23 | 005,342,092 | -H-- | M] () -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\IconCache.db
[2010/07/30 23:07:33 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail (2).lnk
[2010/07/30 23:07:23 | 000,001,931 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Windows Live Mail (2).lnk
[2010/07/30 22:04:53 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Pandora radio.url
[2010/07/30 22:04:15 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Pandora radio.url
[2010/07/29 23:18:14 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Founders Federal CU.url
[2010/07/29 23:18:11 | 000,002,372 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\BMiWay Online.url
[2010/07/29 13:25:58 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/29 03:16:36 | 000,000,775 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2010/07/29 02:11:02 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/07/29 02:11:01 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/07/29 01:54:08 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/07/29 01:09:25 | 000,000,869 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\Founders Federal CU.url
[2010/07/29 01:08:46 | 000,002,372 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Desktop\BMiWay Online.url
[2010/07/29 00:50:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/29 00:50:22 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/07/29 00:47:40 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/29 00:44:58 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/29 00:44:58 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/07/29 00:44:58 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/07/29 00:44:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/07/29 00:44:58 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/07/29 00:44:58 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 00:44:56 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/07/29 00:42:04 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/07/29 00:42:04 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/14 20:58:00 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\RKUnhookerLE.EXE
[2010/09/12 02:31:47 | 000,048,173 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2010/09/12 00:46:30 | 000,047,616 | -H-- | C] () -- C:\WINDOWS\System32\slrusort.dll
[2010/09/09 01:17:37 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\jgmd40bb.dat
[2010/09/09 01:17:37 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\ieakwie.dat
[2010/09/09 01:17:37 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\docprop.dat
[2010/09/09 01:17:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\setuvapi.dat
[2010/09/08 01:01:26 | 000,006,555 | ---- | C] () -- C:\WINDOWS\System32\atmfln.dat
[2010/09/08 01:01:26 | 000,000,676 | ---- | C] () -- C:\WINDOWS\System32\smloccfg.dat
[2010/09/08 01:01:26 | 000,000,474 | ---- | C] () -- C:\WINDOWS\System32\dpnhuptp.dat
[2010/09/08 01:01:26 | 000,000,298 | ---- | C] () -- C:\WINDOWS\System32\inetppei.dat
[2010/09/08 01:01:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\termirv.dat
[2010/09/06 02:00:39 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/09/06 02:00:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/09/06 01:49:23 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2010/09/06 01:49:19 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010/09/06 01:44:52 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010/09/06 01:39:34 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/09/06 01:39:30 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/09/06 01:39:25 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/09/06 01:39:21 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/09/06 01:39:17 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/09/06 01:36:24 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/09/06 01:36:23 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/09/06 01:36:22 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/09/06 01:33:29 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/09/06 01:33:28 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/09/06 01:33:28 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/09/06 01:33:27 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/09/06 01:33:27 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/09/06 01:33:26 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/09/06 01:33:26 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/09/06 01:33:26 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/09/06 01:33:25 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/09/06 01:33:21 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/09/06 01:19:31 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\SpeedFan.lnk
[2010/09/06 01:19:29 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/09/05 22:27:37 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\gmer.zip
[2010/09/05 22:17:59 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\dds.scr
[2010/09/05 22:11:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\defogger_reenable
[2010/09/04 22:41:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBRC.dat
[2010/09/04 22:41:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\SBFC.dat
[2010/09/04 00:56:10 | 000,001,621 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Armstrong SS.lnk
[2010/09/03 23:43:16 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/09/03 23:42:09 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/09/03 23:42:08 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/09/03 23:42:07 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/09/03 23:41:26 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/09/03 23:41:26 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/09/03 23:41:16 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/09/03 23:41:15 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/09/03 23:41:14 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/09/03 23:41:04 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/09/03 23:40:57 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/09/03 23:40:52 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/09/03 23:40:33 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/09/03 23:40:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/09/03 23:40:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/09/03 23:40:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/09/03 23:40:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/09/03 23:40:28 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/09/03 23:40:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/09/03 23:40:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/09/03 23:40:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/09/03 23:40:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/09/03 23:40:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/09/03 23:40:27 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/09/03 23:40:27 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/09/03 23:40:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/09/03 23:40:26 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/09/03 23:40:26 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/09/03 23:40:26 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/09/03 23:40:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/09/03 23:40:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/09/03 23:40:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/09/03 23:40:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/09/03 23:40:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/09/03 23:40:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/09/03 23:40:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/09/03 23:40:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/09/03 23:40:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/09/03 23:40:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/09/03 23:40:25 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/09/03 23:40:25 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/09/03 23:40:25 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/09/03 23:40:25 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/09/03 23:40:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/09/03 23:40:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/09/03 23:40:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/09/03 23:40:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/09/03 23:40:24 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/09/03 23:40:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/09/03 23:40:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/09/03 23:40:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/09/03 23:40:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/09/03 23:40:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/09/03 23:40:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/09/03 23:40:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/09/03 23:40:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/09/03 23:40:23 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/09/03 23:40:23 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/09/03 23:40:23 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/09/03 23:40:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/09/03 23:40:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/09/03 23:40:22 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/09/03 23:40:22 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/09/03 23:38:04 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/09/03 23:37:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/09/03 23:37:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/09/03 23:37:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/09/03 23:37:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/09/03 23:19:58 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/09/03 23:19:58 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/09/03 23:19:58 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/09/03 23:19:58 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2010/09/03 23:19:58 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/09/03 23:19:58 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/09/03 23:19:58 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/09/03 23:19:58 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/09/03 23:19:58 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/09/03 23:19:58 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/09/03 23:19:58 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/09/03 23:19:58 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/09/03 23:19:58 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/09/03 23:19:58 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/09/03 23:19:58 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/09/03 23:19:57 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/09/03 23:19:57 | 000,384,906 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/09/03 21:24:54 | 000,049,275 | ---- | C] () -- C:\WINDOWS\System32\wfospf.mib
[2010/09/03 21:24:54 | 000,038,608 | ---- | C] () -- C:\WINDOWS\System32\nipx.mib
[2010/09/03 21:24:54 | 000,034,317 | ---- | C] () -- C:\WINDOWS\System32\msiprip2.mib
[2010/09/03 21:24:54 | 000,026,236 | ---- | C] () -- C:\WINDOWS\System32\wins.mib
[2010/09/03 21:24:54 | 000,013,767 | ---- | C] () -- C:\WINDOWS\System32\msipbtp.mib
[2010/09/03 21:24:54 | 000,004,332 | ---- | C] () -- C:\WINDOWS\System32\smi.mib
[2010/09/03 21:24:53 | 000,107,882 | ---- | C] () -- C:\WINDOWS\System32\mib_ii.mib
[2010/09/03 21:24:53 | 000,030,448 | ---- | C] () -- C:\WINDOWS\System32\mcastmib.mib
[2010/09/03 21:24:53 | 000,026,100 | ---- | C] () -- C:\WINDOWS\System32\lmmib2.mib
[2010/09/03 21:24:53 | 000,021,386 | ---- | C] () -- C:\WINDOWS\System32\mipx.mib
[2010/09/03 21:24:53 | 000,010,313 | ---- | C] () -- C:\WINDOWS\System32\mripsap.mib
[2010/09/03 21:24:53 | 000,000,581 | ---- | C] () -- C:\WINDOWS\System32\msft.mib
[2010/09/03 21:24:52 | 000,048,593 | ---- | C] () -- C:\WINDOWS\System32\hostmib.mib
[2010/09/03 21:24:52 | 000,015,799 | ---- | C] () -- C:\WINDOWS\System32\ipforwd.mib
[2010/09/03 21:24:51 | 000,004,597 | ---- | C] () -- C:\WINDOWS\System32\dhcp.mib
[2010/09/03 21:24:50 | 000,016,617 | ---- | C] () -- C:\WINDOWS\System32\authserv.mib
[2010/09/03 21:24:49 | 000,015,597 | ---- | C] () -- C:\WINDOWS\System32\accserv.mib
[2010/09/03 21:21:07 | 000,035,810 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010/08/31 22:30:33 | 000,002,323 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Google Chrome.lnk
[2010/08/31 22:30:33 | 000,002,301 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/31 22:02:15 | 000,000,946 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-179605362-725345543-1004Core.job
[2010/08/29 18:34:24 | 000,001,526 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Movies.lnk
[2010/08/29 18:34:24 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2010/08/29 18:27:14 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/08/29 18:26:52 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/28 11:01:24 | 000,002,223 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ABC Fun.lnk
[2010/08/25 23:51:09 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Passwords.xls
[2010/08/25 22:29:07 | 000,013,431 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\My Documents\Bills 8-25-10.ods
[2010/08/25 21:51:21 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\The Home Depot Secure Sign-on.url
[2010/08/25 21:50:41 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\The Home Depot Secure Sign-on.url
[2010/08/25 20:55:02 | 000,012,713 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\My Documents\dl 020001-000000021607241720100825.csv
[2010/08/24 00:24:22 | 000,020,082 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\My Documents\dl 020001-000000021607241720100823.ods
[2010/08/23 22:12:13 | 000,008,161 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\My Documents\dl 020001-000000021607241720100823.csv
[2010/08/22 14:32:09 | 000,069,452 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\My Documents\maxp=location&q1=415%20Moun.pdf
[2010/08/22 13:32:21 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/20 22:38:03 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk
[2010/08/20 22:38:03 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2010/08/15 22:42:38 | 000,003,649 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\My Documents\dl 020001-000000021607241720100815.csv
[2010/08/06 09:25:32 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\backup2Edrive.bat
[2010/08/05 23:22:22 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Walmart Credit Cards Login Page.url
[2010/08/05 23:21:11 | 000,000,427 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Walmart Credit Cards Login Page.url
[2010/08/05 23:19:49 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\MyCheckFree.com - Walmart & Armstrong.url
[2010/08/05 23:17:45 | 000,000,231 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\MyCheckFree.com.url
[2010/08/05 22:07:18 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Armstrong and Guardian.url
[2010/08/05 22:05:33 | 000,000,517 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Armstrong and Guardian.url
[2010/08/05 21:37:08 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Nascar.com.url
[2010/08/05 21:36:57 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Nascar.com.url
[2010/08/05 21:28:54 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Armstrong - Webmail Login.url
[2010/08/05 21:28:27 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Armstrong - Webmail Login.url
[2010/08/04 23:59:07 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Delmarva Power - Access My Account.url
[2010/08/04 23:58:56 | 000,000,201 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Delmarva Power - Access My Account.url
[2010/08/04 23:58:23 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\ADP iPayStatements Login.url
[2010/08/04 23:58:14 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\ADP iPayStatements Login.url
[2010/08/04 23:57:49 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Wells Fargo.url
[2010/08/04 23:57:40 | 000,000,391 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Wells Fargo.url
[2010/08/04 23:56:49 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Sprint.url
[2010/08/04 23:56:39 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Sprint.url
[2010/08/04 23:55:31 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Orchard Bank Credit Card - Log in for Account Services.url
[2010/08/04 23:55:20 | 000,000,226 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Orchard Bank Credit Card - Log in for Account Services.url
[2010/08/04 23:54:23 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Home Depot Credit Center.url
[2010/08/04 23:52:45 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Bank of America Home Personal.url
[2010/08/04 23:52:31 | 000,000,254 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Bank of America Home Personal.url
[2010/08/04 23:50:35 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Capital One Online Banking Online Banking - Credit Cards.url
[2010/08/04 23:50:20 | 000,000,203 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Capital One.url
[2010/08/01 01:55:51 | 000,001,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Photoshop Album 2.0.lnk
[2010/08/01 00:50:52 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/08/01 00:43:17 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Quicken Deluxe 2007.lnk
[2010/08/01 00:26:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2010/08/01 00:16:08 | 000,001,518 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2010/08/01 00:16:08 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2010/08/01 00:06:08 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quicken Deluxe 2007.lnk
[2010/08/01 00:05:29 | 000,000,216 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2010/08/01 00:03:30 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Instant CD & DVD Burner.lnk
[2010/07/31 23:58:28 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2010/07/31 23:58:28 | 000,001,758 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 6.0 Standard.lnk
[2010/07/31 23:53:22 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\CCleaner.lnk
[2010/07/31 00:23:29 | 000,014,406 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Passwords.ods
[2010/07/31 00:14:07 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\National Penn Bank.url
[2010/07/31 00:12:32 | 000,000,232 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\National Penn Bank.url
[2010/07/31 00:08:46 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
[2010/07/31 00:04:10 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.2.lnk
[2010/07/30 23:31:04 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Passwords.xls
[2010/07/30 23:07:33 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Mail (2).lnk
[2010/07/30 23:07:23 | 000,001,931 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Windows Live Mail (2).lnk
[2010/07/30 22:04:53 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Pandora radio.url
[2010/07/30 22:04:15 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Pandora radio.url
[2010/07/29 23:18:14 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Founders Federal CU.url
[2010/07/29 23:18:11 | 000,002,372 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\BMiWay Online.url
[2010/07/29 08:56:00 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/07/29 07:24:34 | 000,000,230 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Local Settings\Application Data\LaunchHomeCenter.log
[2010/07/29 03:16:36 | 000,000,775 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\KODAK AiO Home Center.lnk
[2010/07/29 02:26:50 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2010/07/29 02:26:49 | 000,655,842 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2010/07/29 02:26:49 | 000,023,632 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/07/29 02:26:48 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2010/07/29 02:26:48 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/07/29 02:26:47 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2010/07/29 02:26:47 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2010/07/29 02:24:42 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer (2).lnk
[2010/07/29 02:11:01 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/07/29 02:11:00 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/07/29 02:02:50 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/07/29 01:47:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/07/29 01:45:10 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/07/29 01:19:32 | 000,021,760 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/07/29 01:09:25 | 000,000,869 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Founders Federal CU.url
[2010/07/29 01:08:46 | 000,002,372 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\BMiWay Online.url
[2010/07/29 00:50:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/07/29 00:50:18 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/29 00:50:15 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Dee Caskey\ntuser.ini
[2010/07/29 00:50:14 | 004,194,304 | -H-- | C] () -- C:\Documents and Settings\Dee Caskey\NTUSER.DAT
[2010/07/29 00:50:14 | 000,040,960 | -H-- | C] () -- C:\Documents and Settings\Dee Caskey\NTUSER.DAT.LOG
[2010/07/29 00:47:40 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/07/29 00:46:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/07/29 00:44:58 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/07/29 00:44:58 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/07/29 00:44:58 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/07/29 00:44:58 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/07/29 00:44:58 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/07/29 00:44:57 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/07/29 00:44:56 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/07/29 00:44:56 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/07/29 00:44:56 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/07/29 00:43:56 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/07/29 00:43:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/07/29 00:43:50 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/07/29 00:43:33 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/07/29 00:43:03 | 000,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/07/29 00:43:01 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/07/29 00:43:01 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/07/29 00:42:56 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/07/29 00:42:36 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2010/07/29 00:42:18 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/07/29 00:41:29 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\Dee Caskey\Desktop\Paint.lnk
[2010/07/29 00:41:05 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/07/29 00:41:05 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/07/29 00:41:05 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/07/29 00:41:04 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/07/29 00:41:04 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/07/29 00:41:04 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/07/29 00:41:04 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/07/29 00:41:04 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/07/29 00:41:04 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/07/29 00:41:04 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/07/29 00:41:04 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/07/29 00:41:04 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/07/29 00:41:03 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/07/29 00:41:03 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/07/29 00:41:03 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/07/29 00:41:03 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/07/29 00:41:03 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/07/29 00:41:03 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/07/29 00:41:03 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/07/29 00:41:01 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/07/29 00:41:01 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/07/29 00:41:00 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/07/29 00:40:52 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2006/07/30 12:04:40 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\IMDBvb.dll
[2006/02/28 08:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/02/28 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2001/09/17 09:49:22 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/08/01 01:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2010/09/04 00:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Authentium
[2010/07/29 03:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2010/08/01 01:37:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dee Caskey\Application Data\ACD Systems
[2010/08/29 18:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dee Caskey\Application Data\BitTorrent
[2010/07/31 00:08:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dee Caskey\Application Data\OpenOffice.org
[2010/07/29 02:47:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dee Caskey\Application Data\Temp
[2010/09/14 20:12:00 | 000,000,298 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010/09/14 20:32:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

========== Purity Check ==========


< End of report >


OTL Extras logfile created on: 9/14/2010 8:59:43 PM - Run 1
OTL by OldTimer - Version 3.2.12.0 Folder = C:\Documents and Settings\Dee Caskey\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 627.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 10.31 Gb Free Space | 55.34% Space Free | Partition Type: NTFS
Drive D: | 564.18 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 142.27 Gb Total Space | 111.98 Gb Free Space | 78.71% Space Free | Partition Type: NTFS
Drive F: | 6.77 Gb Total Space | 3.37 Gb Free Space | 49.86% Space Free | Partition Type: FAT32
Drive G: | 18.63 Gb Total Space | 14.64 Gb Free Space | 78.59% Space Free | Partition Type: NTFS
Drive H: | 93.16 Gb Total Space | 2.29 Gb Free Space | 2.46% Space Free | Partition Type: NTFS
Drive I: | 3.81 Gb Total Space | 3.75 Gb Free Space | 98.21% Space Free | Partition Type: FAT32

Computer Name: HOME
Current User Name: Dee Caskey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1343024091-179605362-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9323:TCP" = 9323:TCP:*:Enabled:EKDiscovery

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (Eastman Kodak Company)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08959f19-fa0d-4ec6-807c-918d59568e51}" = Safe and Secure
"{0D2E80C8-0875-43EB-9623-47118E2DFBCA}" = Quicken 2007
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22B90C20-2697-4790-A95E-56463563F2EF}" = Authentium AntiVirus SDK - 2
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{2D02E0B0-D759-4F33-88E5-B83DDCB58473}" = Web Filtering (Kids Page)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{469455D3-2A23-44FF-BB13-DEF6B30AA694}" = Anti-Spyware (Sunbelt)
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A79D76E-D50E-46A6-9D78-F689CF58AC9D}" = Popup Blocker
"{5E6132A8-03B8-4C98-910F-0F261AB81BB8}" = Anti-Spyware (Sunbelt) Definitions
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6AC20055-5E5B-48FA-9F5F-E778D354CE50}" = Web Filtering (Base)
"{73ABB44B-6C5A-4DC4-A0BE-176DBADA8C69}" = ESP
"{7693F8DD-013C-4690-B71A-2BECA624D753}" = Armstrong (SYUS)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0 Standard
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A5671F-3BD1-4EAE-B613-946BB890662D}" = Anti-Virus (Command Software)
"{CA149887-D79F-4A83-8436-A9933011DBBC}" = Firewall (Core 2)
"{CD84ED4B-E33F-4E22-A471-95B7086CCC55}" = ABC Fun
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3AB0F01-C515-4470-B9CA-8CB78FD42AE8}" = Web Filtering (Base 2)
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E852648A-DECB-47AE-B7CE-0EE76A484D8C}" = Web Filtering (Rulespace CFI)
"{E9CD269E-EB1D-4410-AEA7-69AA098FCBCE}" = Web Filtering (RuleSpace CFI Anti-Phishing)
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6A31EEF-7DB9-4A46-B3BB-9DB5F117508D}" = Third Party Prerequisites
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AuthentiumWebInstaller" = Authentium Web Install Helper
"BitTorrent" = BitTorrent
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-02-22
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Instant CD & DVD Burner_is1" = Instant CD & DVD Burner
"LSI Soft Modem" = LSI PCI-SV92PP Soft Modem
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SpeedFan" = SpeedFan (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1343024091-179605362-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/3/2010 8:20:06 PM | Computer Name = HOME | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/3/2010 8:21:07 PM | Computer Name = HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/3/2010 8:21:07 PM | Computer Name = HOME | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/3/2010 8:40:53 PM | Computer Name = HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BE from line 62 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/3/2010 10:22:08 PM | Computer Name = HOME | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800700E6 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/3/2010 11:50:26 PM | Computer Name = HOME | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 9/4/2010 12:50:04 AM | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module webwiz.dll, version 3.0.0.4, fault address 0x00009c78.

Error - 9/4/2010 9:21:55 AM | Computer Name = HOME | Source = Application Hang | ID = 1002
Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2010 1:18:49 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: A connection with the server could not be established

Error - 9/6/2010 1:18:49 AM | Computer Name = HOME | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 9/3/2010 8:58:40 PM | Computer Name = HOME | Source = DCOM | ID = 10010
Description = The server {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} did not register
with DCOM within the required timeout.

Error - 9/3/2010 8:59:11 PM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%109" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 9/3/2010 9:03:45 PM | Computer Name = HOME | Source = DCOM | ID = 10010
Description = The server {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} did not register
with DCOM within the required timeout.

Error - 9/3/2010 9:04:46 PM | Computer Name = HOME | Source = DCOM | ID = 10010
Description = The server {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} did not register
with DCOM within the required timeout.

Error - 9/3/2010 9:09:22 PM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%109" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 9/3/2010 9:12:01 PM | Computer Name = HOME | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 9/3/2010 9:12:01 PM | Computer Name = HOME | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 9/3/2010 9:14:01 PM | Computer Name = HOME | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.

Error - 9/3/2010 9:14:19 PM | Computer Name = HOME | Source = DCOM | ID = 10005
Description = DCOM got error "%230" attempting to start the service winmgmt with
arguments "" in order to run the server: {8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error - 9/3/2010 9:14:47 PM | Computer Name = HOME | Source = DCOM | ID = 10010
Description = The server {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E} did not register
with DCOM within the required timeout.


< End of report >


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 2)
Number of processors #1
==============================================
>Drivers
==============================================
0xAA36A000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4546560 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0xBF1AE000 C:\WINDOWS\System32\igxpdx32.DLL 2306048 bytes (Intel Corporation, DirectDraw® Driver for Intel® Graphics Technology)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2056832 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2056832 bytes
0x804D7000 RAW 2056832 bytes
0x804D7000 WMIxWDM 2056832 bytes
0xBF800000 Win32k 1839104 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1839104 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xBF04D000 C:\WINDOWS\System32\igxpdv32.DLL 1445888 bytes (Intel Corporation, Component GHAL Driver)
0xF718A000 C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 1183744 bytes (Intel Corporation, Intel Graphics Miniport Driver)
0xF7011000 C:\WINDOWS\system32\DRIVERS\AGRSM.sys 1167360 bytes (LSI Corporation, SoftModem Device Driver)
0xA948B000 C:\WINDOWS\system32\DRIVERS\css-dvp.sys 843776 bytes (Authentium, Inc., Dynamic Virus Protection)
0xF733B000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xAA0E6000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xAA1CB000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA9370000 C:\WINDOWS\System32\DRIVERS\srv.sys 339968 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA8CC7000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF6F56000 C:\WINDOWS\System32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)
0xF7458000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA96E9000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF730E000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xAA155000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 180224 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xA8955000 C:\WINDOWS\system32\drivers\kmixer.sys 172032 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xBF024000 C:\WINDOWS\System32\igxpgd32.dll 167936 bytes (Intel Corporation, Intel Graphics 2D Driver)
0xAA1A3000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF7151000 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 151552 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xAA346000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xAA07A000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 143360 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF6FDA000 C:\WINDOWS\System32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF712E000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xAA181000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xAA0C5000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)
0x806CE000 ACPI_HAL 131968 bytes
0x806CE000 C:\WINDOWS\system32\hal.dll 131968 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF73F1000 fltmgr.sys 126976 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7428000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF72F3000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7410000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xAA062000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73C8000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6FC3000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA9CDD000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF6FFD000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF7176000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xAA223000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xBF012000 C:\WINDOWS\System32\igxprd32.dll 73728 bytes (Intel Corporation, Intel Graphics 2D Rotation Driver)
0xF73DF000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF7447000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6FB2000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF77B7000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7637000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76E7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7667000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xA9DC2000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF76F7000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7657000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 53248 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF75C7000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7677000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF75A7000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xA9FCA000 C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys 49152 bytes (Microsoft Corporation, Family Safety Filter Driver (TDI))
0xA9FAA000 C:\WINDOWS\System32\Drivers\GRTdiMon.sys 49152 bytes (Authentium Inc, GRTdiMon TDI Filter Driver)
0xF7697000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7647000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7597000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7687000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF76D7000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF76B7000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF75B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF7747000 C:\WINDOWS\System32\Drivers\Fips.SYS 36864 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7787000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xF7627000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF7587000 isapnp.sys 36864 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF76A7000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF7727000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xA9726000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF7757000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78CF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7937000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF793F000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF791F000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7807000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF78C7000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 28672 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7947000 C:\WINDOWS\System32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xF794F000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF78F7000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF78FF000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF78D7000 C:\WINDOWS\System32\DRIVERS\RTL8139.SYS 24576 bytes (Realtek Semiconductor Corporation, Realtek RTL8139 NDIS 5.0 Driver)
0xF7927000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF792F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF780F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78E7000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78EF000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF78DF000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF78BF000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 20480 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF783F000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF799B000 GRFILTER.sys 16384 bytes (Authentium Inc., NDIS Filter)
0xF6F8A000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A73000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA9F2A000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7A57000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF6F92000 C:\WINDOWS\System32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7997000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xAA256000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF6F8E000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xAA342000 C:\WINDOWS\System32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xF7A63000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF7A5B000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus® ASPI Shell)
0xF7A3F000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7AB1000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7AED000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7AAF000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A87000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7AB3000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7B03000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7AB5000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A8B000 speedfan.sys 8192 bytes
0xF7AA7000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7AA1000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A89000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7C01000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C92000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B50000 giveio.sys 4096 bytes
0xF7BDE000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B4F000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================
0x004C442E LDT (IN GDT of Core 1) Modification, Base+0xA78, DPL_INVALID, Rpl : 2, Type: CallGate32, Core [1]
0x4FAF849B LDT (IN GDT of Core 1) Modification, Base+0xAC0, DPL_INVALID, Rpl : 3, Type: CallGate32, Core [1]
0x035D0000 Hidden Image-->Inkjet.Localization.dll [ EPROCESS 0x861EB320 ] PID: 1088, 143360 bytes
0x03660000 Hidden Image-->Inkjet.Hardware.dll [ EPROCESS 0x861EB320 ] PID: 1088, 176128 bytes
0x03610000 Hidden Image-->Inkjet.Statistics.dll [ EPROCESS 0x861EB320 ] PID: 1088, 53248 bytes
0x03240000 Hidden Image-->Inkjet.Diagnostics.dll [ EPROCESS 0x861EB320 ] PID: 1088, 61440 bytes
0x03F20000 Hidden Image-->Inkjet.DeviceSettings.dll [ EPROCESS 0x861EB320 ] PID: 1088, 61440 bytes
0x031C0000 Hidden Image-->Inkjet.Automation.dll [ EPROCESS 0x861EB320 ] PID: 1088, 77824 bytes
0x036B0000 Hidden Image-->Inkjet.Utilities.dll [ EPROCESS 0x861EB320 ] PID: 1088, 86016 bytes


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 15 September 2010 - 03:23 AM

Hi, lets see if we can pinpoint the cause of these problems.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 LDCJr

LDCJr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:05:41 AM

Posted 15 September 2010 - 07:44 PM

It seems to be better now, but I haven't done much yet. I attached the ComboFix.txt file. I will start checking this out and see how it works.

Attached Files



#6 LDCJr

LDCJr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:05:41 AM

Posted 15 September 2010 - 09:00 PM

So far almost everything seems to be working OK. The printer isn't working - I expect I may need to un-install and re-install it.
Windows updates downloaded updates automatically - that wasn't working before.
I am not being redirected and I am not getting application errors.

I will not make any changes including the printer until I hear from you regarding the combofix.txt results.

Thanks for your help!

Dee

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 16 September 2010 - 02:55 AM

Hi, you can go ahead and reinstall your printer.


MALWAREBYTES ANTIMALWARE
-------------------------------------------
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Full Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.


UPDATE XP
--------------
Your Microsoft Windows installation is out of date. Using unpatched Windows systems on the Internet is a security risk to everyone. When there are insecure computers connected to the Internet, malware spreads faster and more extensively, distributed denial-of-service attacks are easier to launch, and spammers have more platforms from which to send e-mail. Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your computer. Keeping up-to-date with all these security patches will help prevent malware from reinfecting your machine. If you are not sure how to do this, see How to use Microsoft Update.

For additional information, be sure to read "Windows Xp Service Pack 3 (sp3) Information".

Then go here to check for & install updates to Microsoft applications.
Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.[/color]

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 LDCJr

LDCJr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:05:41 AM

Posted 17 September 2010 - 08:56 PM

It's much better now!

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4635

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

9/17/2010 9:51:51 PM
mbam-log-2010-09-17 (21-51-51).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 243724
Time elapsed: 2 hour(s), 23 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\sjel60.dll.vir (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{614C4815-0EEA-444C-89CE-3D2C98BA4ED7}\RP13\A0003546.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\ixisewer.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\afayitejedab.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DirectX\svchost.exe (Trojan.Dropper.XGen) -> Quarantined and deleted successfully.


#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 18 September 2010 - 04:22 AM

Please update XP as instructed and let me know if you have any other problems.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    Note - when ESET doesn't find any threats, no report will be created.
  12. Push the button.
  13. Push

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 LDCJr

LDCJr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Location:Maryland
  • Local time:05:41 AM

Posted 23 September 2010 - 08:54 PM

Sorry for the delay. I attached the Eset results. All available Windows updates have been installed and everything seems to be working OK now.

I am running Eset again tonight.

Thank you very much for your help. Please let me know if I need to do anything else.

Attached Files



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 24 September 2010 - 04:08 AM

That is great; no active items detected. smile.gif

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean smile.gif

Please do the following to remove the remaining programs from your PC:
  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, GMER (this is a random named file) and OTL.
Please read these advices, in order to prevent reinfecting your PC:
  1. Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  2. Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  3. Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  4. Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,308 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:41 PM

Posted 27 September 2010 - 05:32 AM

Since this issue seems to be resolved, this topic will now be closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users