Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

computer is running super slowly


  • This topic is locked This topic is locked
80 replies to this topic

#1 Sani-T-Capt1

Sani-T-Capt1

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:12:17 PM

Posted 28 January 2012 - 10:42 PM

Mod EDIT>>> adding note from PM

my physical memory being used is now up to 66% and i see two svchost entries in task manager that are using over 300,000k apiece


I don't know what is going with my computer so i am hoping that you fine people can tell me. here is the DDS file.
GMER only generated two lines and the boxes where unable to be accessed save the service, registry and files. Gmer did run a scan but did not post any findings like what was in the diagram. i am also attaching two scans that i did with AOL computer check-up lite. i don't know if they'll help but here goes

was unaware that i had to paste my logs and sent them as attached. sorry for the mistake and i understand that this makes my wait time longer.

DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Doug at 14:40:32 on 2012-01-28
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8125.3639 [GMT -5:00]
.
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
C:\Windows\system32\STacSV64.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Windows\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray64.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SetPoint\SetPoint.exe
C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\AOL\1324870613\ee\aolsoftware.exe
C:\Program Files\SetPoint\x86\SetPoint32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\system32\taskeng.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Trend Micro\Internet Security\UfNavi.exe
C:\Program Files (x86)\AOL Desktop 9.7a\waol.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [AOL Fast Start] "C:\Program Files (x86)\AOL Desktop 9.7a\AOL.EXE" -b
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
mRun: [<NO NAME>]
mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun: [Trend Micro RUBotted V2.0 Beta] "C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe"
mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
mRun: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1324870613\ee\AOLSoftware.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SetPoint.lnk - C:\Program Files\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA} - hxxp://javadl-esd.sun.com/update/1.6.0/jinstall-6u21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{0A48EE4D-537D-41E2-AFB6-3C3AF44D544D} : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
IFEO: isuspm.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: msoxmled.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: mstore.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: mydvd9.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: olrsubmission.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Nero Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
mRun-x64: [ISUSPM Startup REG_SZ C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup ]
mRun-x64: [ISUSScheduler REG_SZ "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start ]
mRun-x64: [(Default)]
mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
mRun-x64: [Trend Micro RUBotted V2.0 Beta] "C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe"
mRun-x64: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
mRun-x64: [HostManager] "C:\Program Files (x86)\Common Files\AOL\1324870613\ee\AOLSoftware.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
IFEO-X64: isuspm.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: msoxmled.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: mstore.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: mydvd9.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: olrsubmission.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 DRVECDB;DRVECDB;C:\Windows\system32\Drivers\DRVECDB.SYS --> C:\Windows\system32\Drivers\DRVECDB.SYS [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 CFRMD;CFRMD;C:\Windows\system32\DRIVERS\CFRMD.sys --> C:\Windows\system32\DRIVERS\CFRMD.sys [?]
R1 CFRPD;CFRPD;C:\Windows\system32\DRIVERS\CFRPD.sys --> C:\Windows\system32\DRIVERS\CFRPD.sys [?]
R1 DLARTL_E;DLARTL_E;C:\Windows\system32\Drivers\DLARTL_E.SYS --> C:\Windows\system32\Drivers\DLARTL_E.SYS [?]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys --> C:\Windows\system32\DRIVERS\tmlwf.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-12-2 20376]
R2 Cleaner_Validator;COMODO System - Cleaner Service;C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-9 371648]
R2 DLABMFSE;DLABMFSE;C:\Windows\system32\DLA\DLABMFSE.SYS --> C:\Windows\system32\DLA\DLABMFSE.SYS [?]
R2 DLABOIOE;DLABOIOE;C:\Windows\system32\DLA\DLABOIOE.SYS --> C:\Windows\system32\DLA\DLABOIOE.SYS [?]
R2 DLADResE;DLADResE;C:\Windows\system32\DLA\DLADResE.SYS --> C:\Windows\system32\DLA\DLADResE.SYS [?]
R2 DLAIFS_E;DLAIFS_E;C:\Windows\system32\DLA\DLAIFS_E.SYS --> C:\Windows\system32\DLA\DLAIFS_E.SYS [?]
R2 DLAOPIOE;DLAOPIOE;C:\Windows\system32\DLA\DLAOPIOE.SYS --> C:\Windows\system32\DLA\DLAOPIOE.SYS [?]
R2 DLAPoolE;DLAPoolE;C:\Windows\system32\DLA\DLAPoolE.SYS --> C:\Windows\system32\DLA\DLAPoolE.SYS [?]
R2 DLAUDF_E;DLAUDF_E;C:\Windows\system32\DLA\DLAUDF_E.SYS --> C:\Windows\system32\DLA\DLAUDF_E.SYS [?]
R2 DLAUDFAE;DLAUDFAE;C:\Windows\system32\DLA\DLAUDFAE.SYS --> C:\Windows\system32\DLA\DLAUDFAE.SYS [?]
R2 DRVEDDM;DRVEDDM;C:\Windows\system32\Drivers\DRVEDDM.SYS --> C:\Windows\system32\Drivers\DRVEDDM.SYS [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
R2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2012-1-22 439632]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-26 1153368]
R2 tmpreflt;tmpreflt;C:\Windows\system32\DRIVERS\tmpreflt.sys --> C:\Windows\system32\DRIVERS\tmpreflt.sys [?]
R2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys --> C:\Windows\system32\DRIVERS\tmwfp.sys [?]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-3-30 2026304]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;\??\C:\Windows\system32\Drivers\OEM05Afx.sys --> C:\Windows\system32\Drivers\OEM05Afx.sys [?]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM05Vfx.sys --> C:\Windows\system32\DRIVERS\OEM05Vfx.sys [?]
R3 OEM05Vid;Creative Camera OEM005 Driver;C:\Windows\system32\DRIVERS\OEM05Vid.sys --> C:\Windows\system32\DRIVERS\OEM05Vid.sys [?]
R3 TmPfw;Trend Micro Personal Firewall;C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe [2011-6-8 587696]
R3 tmproxy;Trend Micro Proxy Service;C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2011-6-8 854280]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]
R3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
R3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]
S1 DLACDBHE;DLACDBHE;C:\Windows\system32\Drivers\DLACDBHE.SYS --> C:\Windows\system32\Drivers\DLACDBHE.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 INIDVD;Initio USB DVD Filter Driver;C:\Windows\system32\DRIVERS\inidvd.sys --> C:\Windows\system32\DRIVERS\inidvd.sys [?]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2011-12-13 25072]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 CLKMSVC10_9EC60124;CyberLink Product - 2011/06/03 18:54:12;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-5-25 246256]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2011-5-10 89920]
S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]
S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-10 136176]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-26 18:27:40 58696 ----a-w- C:\Windows\SysWow64\AOLParconLink.exe
2012-01-26 18:25:50 -------- d-----w- C:\Program Files (x86)\AOL Desktop 9.7a
2012-01-26 18:25:49 -------- d-----w- C:\Program Files (x86)\Common Files\aolshare
2012-01-26 17:35:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-01-26 17:35:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-01-25 23:29:16 388096 ----a-r- C:\Users\Doug\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-24 06:38:42 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8953E32D-7069-4A54-A432-4D7BC02DF00C}\mpengine.dll
2012-01-22 19:34:48 19916 ----a-w- C:\Windows\cscmondump.bin
2012-01-22 05:30:39 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2012-01-22 05:21:48 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-01-20 21:54:14 -------- d-----w- C:\Program Files\COMODO
2012-01-13 15:26:04 -------- d-----w- C:\Program Files (x86)\Common Files\Software Update Utility
2012-01-11 13:55:50 94720 ----a-w- C:\Windows\System32\secur32.dll
2012-01-11 13:55:50 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-01-11 13:55:50 515968 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-01-11 13:55:50 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-01-11 13:55:50 377344 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-01-11 13:55:50 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-01-11 13:55:50 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-01-11 13:55:50 1689600 ----a-w- C:\Windows\System32\lsasrv.dll
2012-01-11 13:55:50 11264 ----a-w- C:\Windows\System32\lsass.exe
2012-01-01 04:09:44 -------- d-----w- C:\Users\Doug\AppData\Local\Microsoft_Research
.
==================== Find3M ====================
.
2011-12-14 20:51:17 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-12-14 20:51:16 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-12-03 03:59:38 8892928 ----a-w- C:\ProgramData\atscie.msi
2011-12-01 18:31:38 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-25 16:25:32 451072 ----a-w- C:\Windows\System32\winsrv.dll
2011-11-23 13:57:38 2764800 ----a-w- C:\Windows\System32\win32k.sys
2011-11-18 20:55:05 1585152 ----a-w- C:\Windows\System32\ntdll.dll
2011-11-18 20:55:05 1167984 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-18 18:07:45 76800 ----a-w- C:\Windows\System32\packager.dll
2011-11-18 17:47:03 66560 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-10 08:45:32 10567680 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-11-10 08:20:52 25218048 ----a-w- C:\Windows\System32\atio6axx.dll
2011-11-10 08:17:12 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-11-10 08:16:58 774656 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-11-10 08:15:22 927232 ----a-w- C:\Windows\System32\aticfx64.dll
2011-11-10 08:12:26 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-11-10 08:12:12 516608 ----a-w- C:\Windows\System32\atieclxx.exe
2011-11-10 08:11:34 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-11-10 08:10:20 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-11-10 08:10:00 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-11-10 08:09:54 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-11-10 08:09:42 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-11-10 08:09:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-11-10 08:09:32 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-11-10 08:09:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-11-10 08:06:22 6077952 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-11-10 07:58:22 18996224 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-11-10 07:51:20 7405056 ----a-w- C:\Windows\System32\atidxx64.dll
2011-11-10 07:40:54 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-11-10 07:40:20 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-11-10 07:40:06 4061696 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-11-10 07:34:56 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-11-10 07:34:54 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-11-10 07:34:46 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-11-10 07:34:44 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-11-10 07:34:30 13552640 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-11-10 07:33:54 5852672 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-11-10 07:30:00 11300864 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-11-10 07:29:48 4200960 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-11-10 07:24:28 7439360 ----a-w- C:\Windows\System32\atiumd64.dll
2011-11-10 07:18:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-11-10 07:13:34 494592 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-11-10 07:13:24 348160 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-11-10 07:13:10 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-11-10 07:13:06 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-11-10 07:13:06 14336 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-11-10 07:13:02 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-11-10 07:12:54 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-11-10 07:12:46 325632 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-11-10 07:11:56 41984 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-11-10 07:11:48 32256 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-11-10 07:11:42 39424 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-11-10 07:11:34 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-11-10 07:11:34 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-11-10 07:11:34 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-11-10 07:11:28 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-11-10 07:11:28 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-11-10 07:11:16 45056 ----a-w- C:\Windows\System32\atitmp64.dll
2011-11-10 07:10:56 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-11-08 14:58:31 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-11-08 14:42:19 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 14:41:14.90 ===============

DDS attach log:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 5/9/2011 9:09:41 PM
System Uptime: 1/26/2012 10:29:12 PM (40 hours ago)
.
Motherboard: Dell Inc. | | 0TP406
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | CPU | 2394/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 305.115 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.571 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable
L: is FIXED (NTFS) - 233 GiB total, 34.408 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP408: 1/24/2012 1:32:35 AM - Windows Update
RP411: 1/26/2012 4:11:32 AM - Scheduled Checkpoint
.
==== Image File Execution Options =============
.
IFEO: isuspm.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: msoxmled.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: mstore.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: mydvd9.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: olrsubmission.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: pcdlauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: pdvdlaunchpolicy.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: photoshop elements 6.0.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: photoshopelementseditor.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: photoshopelementsorganizer.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: videowave9.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: visio.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: winproj.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: isuspm.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: msoxmled.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: mstore.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: mydvd9.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: olrsubmission.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: pcdlauncher.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: pdvdlaunchpolicy.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: photoshop elements 6.0.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: photoshopelementseditor.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: photoshopelementsorganizer.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: videowave9.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: visio.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: winproj.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
5600
5600_Help
5600Trb
64 bit Windows Card Reader Driver
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Common File Installer
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Help Viewer CS3
Adobe PDF Library Files
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Adobe Reader X (10.1.2)
Adobe Setup
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Soundbooth CS3 Scores
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
AOL Uninstaller (Choose which Products to Remove)
Ask Toolbar
AVS Cover Editor 2.0.1.3
AVS Disc Creator version 5.0.1
AVS Update Manager 1.0
AVS Video Converter 7
AVS4YOU Software Navigator 1.4
BufferChm
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
ccc-core-static
CCC Help English
CDDRV_Installer
Cisco Network Magic
ConvertXtoDVD 4.1.9.347
Copy
CustomerResearchQFolder
CyberLink Blu-ray Disc Suite
CyberLink LG Burning Tool
CyberLink MediaShow
CyberLink PowerDVD 9
CyberLink PowerProducer
CyberLink YouCam
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
Download Updater (AOL LLC)
eSupportQFolder
Fax
Google Toolbar for Internet Explorer
Google Update Helper
GoToAssist Corporate
Hauppauge TV Tuner Diagnostics (1.1.7057)
Hauppauge TV Tuner Driver
High-Definition Video Playback 10
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Photosmart Essential
HP Product Assistant
HP Product Detection
HP Update
HPDiagnosticAlert
HPProductAssistant
HPSSupply
ImTOO Blu-ray Creator 2
Java Auto Updater
Java™ 6 Update 21
LG Tool Kit
MarketResearch
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio 2007 Service Pack 3 (SP3)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Word MUI (English) 2007
Microsoft Primary Interoperability Assemblies 2005
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft WorldWide Telescope
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
Network Magic
Primo
Pure Networks Platform
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
SetPoint
SigmaTel Audio
Skins
SolutionCenter
Sonic Activation Module
Sony Picture Utility
Spybot - Search & Destroy
Status
System Requirements Lab for Intel
Toolbox
TrayApp
Trend Micro RUBotted 2.0 Beta
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
WebEx Support Manager for Internet Explorer
WebReg
WinPcap 4.1.1
WinZip 15.5
.
==== Event Viewer Messages From Past Week ========
.
1/27/2012 9:41:17 PM, Error: Service Control Manager [7034] - The Trend Micro Central Control Component service terminated unexpectedly. It has done this 1 time(s).
1/26/2012 8:33:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/26/2012 8:33:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
1/26/2012 8:33:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/26/2012 8:32:27 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CFRMD CFRPD spldr tmtdi Wanarpv6
1/26/2012 8:32:27 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
1/26/2012 11:33:42 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/26/2012 10:29:47 PM, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
1/26/2012 10:29:42 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet 5600 series with shared resource name . Error 1215. The printer cannot be used by others on the network.
1/26/2012 10:29:28 PM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
1/26/2012 10:29:20 PM, Error: Application Popup [876] - Driver DLACDBHE.SYS has been blocked from loading.
1/25/2012 10:45:57 PM, Error: Service Control Manager [7034] - The COMODO System - Cleaner Service service terminated unexpectedly. It has done this 1 time(s).
1/24/2012 9:30:36 AM, Error: Service Control Manager [7034] - The SigmaTel Audio Service service terminated unexpectedly. It has done this 1 time(s).
1/24/2012 10:45:08 AM, Error: Service Control Manager [7030] - The Creative OEM005 RunApp Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
1/23/2012 9:19:30 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
1/23/2012 7:08:20 AM, Error: Service Control Manager [7043] - The TuneUp Utilities Service service did not shut down properly after receiving a preshutdown control.
1/23/2012 2:03:42 PM, Error: Microsoft-Windows-PrintSpooler [19] - The print spooler failed to share printer HP Officejet 5600 series with shared resource name HPOfficejet5. Error 2114. The printer cannot be used by others on the network.
1/23/2012 2:03:30 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.199 for the Network Card with network address 001EC951A85A has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
1/21/2012 3:49:41 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the TrkWks service.
1/21/2012 3:43:19 PM, Error: EventLog [6008] - The previous system shutdown at 3:41:16 PM on 1/21/2012 was unexpected.
.
==== End Of File ===========================
GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-28 22:03:15
Windows 6.0.6002 Service Pack 2
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197ee6af23
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00197ee6af23 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

that was all I received from the GMER scan, i did make two AOL checkup scans on Jan. 26th and 27th and saved those files to desktop before i joined this forum, if they are helpful in explaining some problems in more detail than i can, i would be happy to copy and paste those as well

Edited by boopme, 30 January 2012 - 03:20 PM.

Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

BC AdBot (Login to Remove)

 


#2 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:17 AM

Posted 31 January 2012 - 07:18 AM

Greetings Sani-T-Capt1 and Welcome to the forums,

While we troubleshoot your issue, please don't run any tools or make any system changes except what is directed here. I'd also like to know what, if anything, you have done to date, as far as attempting to fix your issue.

Before we continue, I'd like to ask you if you installed GoToAssist Corporate? Also, please uninstall the following software:
Ask Tool Bar
Java <-- out dated and exploited. We will install the latest version before we finish up and send you on your way
uTorrent
Viewpoint Media player


...and although not entirely the issue, I'd like to ask you to disable the Spybot Search and Destroy's TeaTimer feature. To do that:
  • Run Spybot-S&D
  • Go to the Mode menu, and make sure "Advanced Mode" is selected
  • On the left hand side, choose Tools -> Resident
  • Uncheck "Resident TeaTimer" and OK any prompts
  • Restart your computer.
Please disable the active protection component of your antivirus and antispyware programs by following the directions that apply Here.
...of those, many people overlook the Windows Defender since, for most, there is no icon for it in the system tray. Scroll through those directives above and look for this application specifically, to make certain it is disabled.

Please download combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#3 Sani-T-Capt1

Sani-T-Capt1
  • Topic Starter

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:12:17 PM

Posted 31 January 2012 - 02:37 PM

Hello 1972vet, yes i did install gotoassist (i don't know about corporate part) for work with Dell Techs on hardware issues that weren't resolved but that's for another forum on another day. I am running vista 64bit so am i correct in reading that i do NOT have to install Windows recovery console? in the meantime i will remove the suggested programs and gotoassist(?) before i run combo fix. I also should let you know that i have a built in viewpoint viewer on the top of my tower so i don't know if the program viewpoint media player did or did not come with this system. please advise before i uninstall that program. thanx

ask toolbar is not on my list of programs in the control panel.

Edited by Sani-T-Capt1, 31 January 2012 - 02:45 PM.

Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:17 AM

Posted 31 January 2012 - 03:14 PM

So, are you finished working with Dell tech? If you are still having hardware issues, we can deal with that when we finish up this troubleshooting endeavor.

As far as combofix instructions, it may have been confusing for you but it does mention there that for Vista and Windows7 users, the installation of recovery console doesn't apply.

ViewPoint Media player, ViewPoint Tool Bar, and just about ViewPoint "anything" are programs that are foisted along with other downloads...most often, AOL stuff. They are not malicious and if you're OK with it, then you certainly should leave it be. The ask tool bar was listed in your listing of installed software which is why I mentioned it. Don't worry if you can't find an uninstall string, we can nuke it using combofix. I'll wait for that log. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 Sani-T-Capt1

Sani-T-Capt1
  • Topic Starter

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:12:17 PM

Posted 31 January 2012 - 04:59 PM

Hello 1972vet. yes i'm finished working with those techs (@#!!^@#@#*%%) it seems that they never are able to resolve your issues when you talk to them (I apologize to those that can, i just haven't met any :wacko:) anyway, here is the combofix log as per your request:

ComboFix 12-01-30.02 - Doug 01/31/2012 15:51:24.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8125.6235 [GMT -5:00]
Running from: c:\users\Doug\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Doug\GoToAssistDownloadHelper.exe
c:\windows\cscmondump.bin
c:\windows\logboot_23.01.2012.tureg.log
c:\windows\PFRO.log
L:\autorun.inf
L:\Pictures.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))
.
.
2012-01-31 21:17 . 2012-01-31 21:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 21:17 . 2012-01-31 21:17 -------- d-----w- c:\users\Nadine\AppData\Local\temp
2012-01-31 06:17 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1635206-DD4A-48C2-B92B-C330A516964E}\mpengine.dll
2012-01-30 02:32 . 2012-01-30 02:32 -------- d-----w- c:\users\DJ
2012-01-26 18:27 . 2011-12-26 01:57 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
2012-01-26 18:25 . 2012-01-26 18:28 -------- d-----w- c:\program files (x86)\AOL Desktop 9.7a
2012-01-26 18:25 . 2012-01-26 18:27 -------- d-----w- c:\program files (x86)\Common Files\aolshare
2012-01-26 17:35 . 2012-01-28 01:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-26 17:35 . 2012-01-26 18:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-25 23:29 . 2012-01-25 23:29 388096 ----a-r- c:\users\Doug\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-22 05:30 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-01-22 05:21 . 2012-01-22 05:21 -------- d-----w- c:\program files (x86)\WinPcap
2012-01-20 21:54 . 2012-01-20 21:54 -------- d-----w- c:\program files\COMODO
2012-01-13 15:26 . 2012-01-13 15:26 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-01-11 13:55 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 13:55 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-11 13:55 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 13:55 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 13:55 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 13:55 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-11 13:55 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-11 13:55 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-11 13:55 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-14 20:51 . 2011-04-25 21:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-14 20:51 . 2011-12-14 20:51 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-07 15:39 . 2011-05-10 13:30 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-03 03:59 . 2011-12-03 03:59 8892928 ----a-w- c:\programdata\atscie.msi
2011-12-01 18:31 . 2011-06-08 19:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 13:57 . 2011-12-14 06:58 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 08:45 . 2011-11-10 08:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 08:20 . 2011-11-10 08:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-10 08:17 . 2011-11-10 08:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 08:16 . 2011-11-10 08:16 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 08:15 . 2011-03-09 08:55 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 08:12 . 2011-11-10 08:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 08:12 . 2011-03-09 08:53 516608 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 08:11 . 2011-03-09 08:53 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 08:10 . 2011-11-10 08:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-10 08:10 . 2011-11-10 08:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-10 08:09 . 2011-11-10 08:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-10 08:09 . 2011-11-10 08:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-10 08:09 . 2011-11-10 08:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 08:09 . 2011-11-10 08:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-10 08:09 . 2011-11-10 08:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-10 08:06 . 2011-11-10 08:06 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 07:58 . 2011-11-10 07:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-10 07:51 . 2011-11-10 07:51 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 07:40 . 2011-11-10 07:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 07:40 . 2011-11-10 07:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-10 07:40 . 2011-04-20 05:40 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 07:34 . 2011-11-10 07:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-10 07:34 . 2011-11-10 07:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-10 07:34 . 2011-11-10 07:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-10 07:34 . 2011-11-10 07:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-10 07:34 . 2011-11-10 07:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-10 07:33 . 2011-11-10 07:33 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 07:30 . 2011-11-10 07:30 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-10 07:29 . 2011-11-10 07:29 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 07:24 . 2011-03-09 08:24 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 07:18 . 2011-03-09 08:11 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 07:13 . 2011-03-09 08:18 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-10 07:13 . 2011-11-10 07:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 07:12 . 2011-11-10 07:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-10 07:12 . 2011-11-10 07:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 07:11 . 2011-11-10 07:11 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 07:11 . 2011-11-10 07:11 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 07:11 . 2011-03-09 08:16 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 07:11 . 2011-11-10 07:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-10 07:11 . 2011-11-10 07:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-10 07:11 . 2011-11-10 07:11 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-10 07:11 . 2011-11-10 07:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-10 07:11 . 2011-11-10 07:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-10 07:11 . 2011-03-09 08:16 45056 ----a-w- c:\windows\system32\atitmp64.dll
2011-11-10 07:10 . 2011-11-10 07:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-08 14:58 . 2011-12-14 06:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-14 06:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 08:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 08:00 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 08:00 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 08:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 08:00 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 08:00 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.7a\AOL.EXE" [2011-12-14 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2010-10-23 472112]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-25 75048]
"HostManager"="c:\program files (x86)\Common Files\AOL\1324870613\ee\AOLSoftware.exe" [2010-03-08 41800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-5-9 1015296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"OEM05Mon.exe"=c:\windows\OEM05Mon.exe
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-30 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO System-Cleaner\Updater.exe [2010-12-09 12:08]
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 03:09]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 03:09]
.
2011-12-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2011-12-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray64.exe" [2007-05-06 424448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2011-06-08 1290504]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-01-31 16:20:03
ComboFix-quarantined-files.txt 2012-01-31 21:20
.
Pre-Run: 322,214,895,616 bytes free
Post-Run: 321,046,417,408 bytes free
.
- - End Of File - - F926C41CB67CAB2A29BEB52DA96B5DC5

I think i'm going to try to enroll in bleepin computers tech school (I just love a challenge) so that I may learn this new language and join in the war against malicious malware. :thumbsup:
Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

#6 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:17 AM

Posted 31 January 2012 - 05:54 PM

Usually I won't bother to mention a thing about a user who has PCDoctor on board simply because it's a pretty good tool...however, with your setup, I'm afraid you would experience some arguments with TrendMicro. As you have the complete "suite" installed, there is not only no need for any other spyware scanner, there is also the prospect of conflicts that could cause some instability and eventually, a system crash with possible data loss. It would be in your best interest to uninstall it...and while you're at it, consider removing the "Comodo" system cleaner. I've seen users pick things apart on their system's with the "one button miracles" on more than one occasion.

If you consider yourself an "expert" user, then I would agree you should keep it but if not, I really would consider restoring everything it has removed, then uninstall it. These "all in one" cleaning utilities that purport to "clean" or "defrag" the registry are meaning well I'm sure, but I challenge anyone to show proof of any measurable benefit from removing unused/unneeded registry keys. There is none. Sure, cleaning the disk is good and beneficial, but Windows already has it's own very good disk cleaning utility. Aside from that, there are other very good, and free utilities that clean the disk...before I send you on your way, I will have recommendations for your benefit and "disk cleanup" will be among them.

Next, please upload the file indicated below in Bold text, Here for a free scan:
c:\windows\system32\coinst.dll
...please remember to copy those results to post back here on your next reply.


Next, please open a blank Notepad by clicking start-->run...Then, in the run box type Notepad.exe and click "OK".
Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



KILLALL::

DDS::
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
BHO-X64: AcroIEHelperStub -
BHO-X64: Ask Toolbar BHO -

dirlook::
c:\users\DJ

folder::
c:\program files\COMODO
c:\program files (x86)\Ask.com

registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

reglock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#7 Sani-T-Capt1

Sani-T-Capt1
  • Topic Starter

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:12:17 PM

Posted 31 January 2012 - 06:04 PM

i'm not an expert by any stretch of the imagination and my next few questions will verify my testimony handily LOL. what is pcdoctor because i don't see it in my control panel under uninstall programs and two, how do i restore the registries that comodo "fixed" :blink:
Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

#8 Sani-T-Capt1

Sani-T-Capt1
  • Topic Starter

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:12:17 PM

Posted 31 January 2012 - 06:16 PM

i am getting a file not found when i try to upload c:\windows\system32\coinst.dll
to virscan do you want me to go to step 2 or wait for a reply from you?

Edited by Sani-T-Capt1, 31 January 2012 - 06:16 PM.

Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

#9 Sani-T-Capt1

Sani-T-Capt1
  • Topic Starter

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:12:17 PM

Posted 31 January 2012 - 08:01 PM

Hi 1972vet, as i posted earlier virscan could not find file c:\windows\system32\coinst.dll. :file not found :please verify name and path is correct.
i did step 2 as per your instructions and also found out how to restore registry keys Comodo "fixed" and then deleted the program.

here is the CFScript/Combofix file:

ComboFix 12-01-30.02 - Doug 01/31/2012 19:27:17.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8125.5733 [GMT -5:00]
Running from: c:\users\Doug\Desktop\ComboFix.exe
Command switches used :: c:\users\Doug\Desktop\CFScript.txt
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Enabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\users\Doug\AppData\Roaming\vso_ts_preview.xml
c:\windows\cscmondump.bin
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-01-31 06:17 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1635206-DD4A-48C2-B92B-C330A516964E}\mpengine.dll
2012-01-30 02:32 . 2012-01-30 02:32 -------- d-----w- c:\users\DJ
2012-01-26 18:27 . 2011-12-26 01:57 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
2012-01-26 18:25 . 2012-01-26 18:28 -------- d-----w- c:\program files (x86)\AOL Desktop 9.7a
2012-01-26 18:25 . 2012-01-26 18:27 -------- d-----w- c:\program files (x86)\Common Files\aolshare
2012-01-26 17:35 . 2012-01-28 01:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-26 17:35 . 2012-01-26 18:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-25 23:29 . 2012-01-25 23:29 388096 ----a-r- c:\users\Doug\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-22 05:30 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-01-22 05:21 . 2012-01-22 05:21 -------- d-----w- c:\program files (x86)\WinPcap
2012-01-13 15:26 . 2012-01-13 15:26 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-01-11 13:55 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 13:55 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-11 13:55 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 13:55 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 13:55 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 13:55 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-11 13:55 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-11 13:55 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-11 13:55 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 22:49 . 2011-06-08 19:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-14 20:51 . 2011-04-25 21:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-14 20:51 . 2011-12-14 20:51 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-07 15:39 . 2011-05-10 13:30 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-03 03:59 . 2011-12-03 03:59 8892928 ----a-w- c:\programdata\atscie.msi
2011-11-23 13:57 . 2011-12-14 06:58 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 08:45 . 2011-11-10 08:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 08:20 . 2011-11-10 08:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-10 08:17 . 2011-11-10 08:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 08:16 . 2011-11-10 08:16 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 08:15 . 2011-03-09 08:55 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 08:12 . 2011-11-10 08:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 08:12 . 2011-03-09 08:53 516608 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 08:11 . 2011-03-09 08:53 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 08:10 . 2011-11-10 08:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-10 08:10 . 2011-11-10 08:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-10 08:09 . 2011-11-10 08:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-10 08:09 . 2011-11-10 08:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-10 08:09 . 2011-11-10 08:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 08:09 . 2011-11-10 08:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-10 08:09 . 2011-11-10 08:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-10 08:06 . 2011-11-10 08:06 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 07:58 . 2011-11-10 07:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-10 07:51 . 2011-11-10 07:51 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 07:40 . 2011-11-10 07:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 07:40 . 2011-11-10 07:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-10 07:40 . 2011-04-20 05:40 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 07:34 . 2011-11-10 07:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-10 07:34 . 2011-11-10 07:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-10 07:34 . 2011-11-10 07:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-10 07:34 . 2011-11-10 07:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-10 07:34 . 2011-11-10 07:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-10 07:33 . 2011-11-10 07:33 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 07:30 . 2011-11-10 07:30 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-10 07:29 . 2011-11-10 07:29 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 07:24 . 2011-03-09 08:24 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 07:18 . 2011-03-09 08:11 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 07:13 . 2011-03-09 08:18 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-10 07:13 . 2011-11-10 07:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 07:12 . 2011-11-10 07:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-10 07:12 . 2011-11-10 07:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 07:11 . 2011-11-10 07:11 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 07:11 . 2011-11-10 07:11 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 07:11 . 2011-03-09 08:16 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 07:11 . 2011-11-10 07:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-10 07:11 . 2011-11-10 07:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-10 07:11 . 2011-11-10 07:11 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-10 07:11 . 2011-11-10 07:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-10 07:11 . 2011-11-10 07:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-10 07:11 . 2011-03-09 08:16 45056 ----a-w- c:\windows\system32\atitmp64.dll
2011-11-10 07:10 . 2011-11-10 07:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-08 14:58 . 2011-12-14 06:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-14 06:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 08:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 08:00 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 08:00 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 08:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 08:00 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 08:00 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\DJ ----
.
2012-01-30 02:41 . 2012-01-30 02:41 2387454 ---ha-w- c:\users\DJ\AppData\Local\IconCache.db
2012-01-30 02:39 . 2012-01-30 02:39 6931 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\AOLBrowserUSGM\Win32\0.2.8.1\manifest.bin
2012-01-30 02:39 . 2012-01-30 02:39 366 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\AOLBrowserUSGM\Win32\0.2.8.1\permdata.box
2012-01-30 02:38 . 2012-01-30 02:38 6928 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\TopSpeedUSGM\Win32\3.3.22.1\manifest.bin
2012-01-30 02:38 . 2012-01-30 02:39 365 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\TopSpeedUSGM\Win32\3.3.22.1\permdata.box
2012-01-30 02:38 . 2012-01-30 02:39 25 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\spool.lst
2012-01-30 02:38 . 2012-01-30 02:39 1357 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\sysnews.lst
2012-01-30 02:38 . 2012-01-30 02:38 181 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\Apps.Lst
2012-01-30 02:38 . 2012-01-30 02:38 351232 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\sap.dat
2012-01-30 02:38 . 2012-01-30 02:39 21901 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\art.idx
2012-01-30 02:38 . 2012-01-30 02:38 6923 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\WAOLUSGM\Win32\0.4343.19.1\manifest.bin
2012-01-30 02:38 . 2012-01-30 02:39 364 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\WAOLUSGM\Win32\0.4343.19.1\permdata.box
2012-01-30 02:38 . 2012-01-30 02:39 48 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\#Security\FlashPlayerTrust\AOL.cfg
2012-01-30 02:37 . 2012-01-30 02:37 291 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
2012-01-30 02:37 . 2012-01-30 02:37 16384 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 360448 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 294820 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat
2012-01-30 02:37 . 2012-01-30 02:37 360448 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\index.dat
2012-01-30 02:37 . 2012-01-30 02:39 16384 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
2012-01-30 02:37 . 2012-01-30 02:39 16384 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DH5J28LE\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RRCBIA66\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GZPKBVB9\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWW712KF\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:39 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\Low\History.IE5\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 145 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\Low\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
2012-01-30 02:35 . 2012-01-30 02:41 850 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\1305025467\dj\metrics\cmls_ms.tlv
2012-01-30 02:33 . 2012-01-30 02:33 4776 ----a-w- c:\users\DJ\AppData\Roaming\HP\CRMLogs\BrandAuthentication.htm
2012-01-30 02:33 . 2012-01-30 02:33 13960 ----a-w- c:\users\DJ\AppData\Local\ATI\ACE\Manifest.Bin
2012-01-30 02:33 . 2012-01-30 02:33 12791 ----a-w- c:\users\DJ\AppData\Local\ATI\ACE\Manifest.xml
2012-01-30 02:33 . 2012-01-30 02:33 817 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer Wizard.LNK
2012-01-30 02:33 . 2012-01-30 02:33 174 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini
2012-01-30 02:33 . 2012-01-30 02:33 144 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\1305025467\dj\metrics\cmls_cs.tlv
2012-01-30 02:33 . 2012-01-30 02:33 174 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini
2012-01-30 02:33 . 2011-11-14 15:19 0 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
2012-01-30 02:33 . 2012-01-30 02:33 1210 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00002
2012-01-30 02:33 . 2012-01-30 02:33 10227 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00001
2012-01-30 02:33 . 2012-01-30 02:37 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012012920120130\index.dat
2012-01-30 02:33 . 2012-01-30 02:41 139264 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\All Users\cls\common.cls
2012-01-30 02:33 . 2012-01-30 02:33 49120 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
2012-01-30 02:33 . 2012-01-30 02:33 47186 --s-a-w- c:\users\DJ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2012-01-30 02:33 . 2012-01-30 02:33 342 --s-a-w- c:\users\DJ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2012-01-30 02:33 . 2012-01-30 02:41 368 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\ServiceHost2USGM\Win32\0.0.7.1\permdata.box
2012-01-30 02:33 . 2012-01-30 02:33 6935 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\ServiceHost2USGM\Win32\0.0.7.1\manifest.bin
2012-01-30 02:32 . 2012-01-30 02:41 2394 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
2012-01-30 02:32 . 2012-01-30 02:32 124424 ----a-w- c:\users\DJ\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
2012-01-30 02:32 . 2012-01-30 02:32 1048576 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
2012-01-30 02:32 . 2012-01-30 02:32 4064 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
2012-01-30 02:32 . 2012-01-30 02:32 159853 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 6223 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\brndlog.bak
2012-01-30 02:32 . 2012-01-30 02:32 951 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2012-01-30 02:32 . 2012-01-30 02:32 0 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\KCGSFPYH\fwlink[1]
2012-01-30 02:32 . 2012-01-30 02:32 5120 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
2012-01-30 02:32 . 2012-01-30 02:32 28672 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\XOKT8XII\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\9913KMGD\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\KCGSFPYH\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\OG0ZFK0C\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:37 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\index.dat
2012-01-30 02:32 . 2012-01-30 02:32 226 ----a-w- c:\users\DJ\Favorites\Links\Web Slice Gallery.url
2012-01-30 02:32 . 2012-01-30 02:32 80 --sh--w- c:\users\DJ\Favorites\Links\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 6223 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
2012-01-30 02:32 . 2012-01-30 02:32 100624 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
2012-01-30 02:32 . 2012-01-30 02:32 941 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2012-01-30 02:32 . 2012-01-30 02:32 971 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
2012-01-30 02:32 . 2012-01-30 02:32 415 ----a-w- c:\users\DJ\Links\Documents.lnk
2012-01-30 02:32 . 2012-01-30 02:32 412 ----a-w- c:\users\DJ\Links\Pictures.lnk
2012-01-30 02:32 . 2012-01-30 02:32 403 ----a-w- c:\users\DJ\Links\Music.lnk
2012-01-30 02:32 . 2012-01-30 02:32 655 ----a-w- c:\users\DJ\Links\Recently Changed.lnk
2012-01-30 02:32 . 2012-01-30 02:32 412 ----a-w- c:\users\DJ\Links\Searches.lnk
2012-01-30 02:32 . 2012-01-30 02:32 377 ----a-w- c:\users\DJ\Links\Public.lnk
2012-01-30 02:32 . 2012-01-30 02:32 735 ----a-w- c:\users\DJ\Searches\Recent E-mail.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 930 ----a-w- c:\users\DJ\Searches\Recently Changed.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 754 ----a-w- c:\users\DJ\Searches\Recent Pictures and Videos.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 723 ----a-w- c:\users\DJ\Searches\Recent Documents.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 719 ----a-w- c:\users\DJ\Searches\Recent Music.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 248 ---ha-r- c:\users\DJ\Searches\Everywhere.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 1523 ----a-w- c:\users\DJ\Searches\Shared By Me.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 282 --sha-w- c:\users\DJ\Saved Games\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 248 ---ha-r- c:\users\DJ\Searches\Indexed Locations.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 782 --sh--w- c:\users\DJ\Links\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 402 --sha-w- c:\users\DJ\Documents\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 6 --sha-w- c:\users\DJ\AppData\LocalLow\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 282 --sha-w- c:\users\DJ\Downloads\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 1078 --sh--w- c:\users\DJ\Searches\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 432 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 676 ----a-w- c:\users\DJ\Music\Sample Music.lnk
2012-01-30 02:32 . 2012-01-30 02:32 668 --sha-w- c:\users\DJ\Music\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 402 --sha-w- c:\users\DJ\Favorites\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 282 --sha-w- c:\users\DJ\Desktop\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 710 ----a-w- c:\users\DJ\Pictures\Sample Pictures.lnk
2012-01-30 02:32 . 2012-01-30 02:32 674 --sha-w- c:\users\DJ\Pictures\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 688 ----a-w- c:\users\DJ\Videos\Sample Videos.lnk
2012-01-30 02:32 . 2012-01-30 02:32 670 --sha-w- c:\users\DJ\Videos\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 936 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2012-01-30 02:32 . 2012-01-30 02:32 68920 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
2012-01-30 02:32 . 2012-01-30 02:32 1003520 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb
2012-01-30 02:32 . 2012-01-30 02:32 498 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNS.DTD
2012-01-30 02:32 . 2012-01-30 02:32 10191 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNS.XML
2012-01-30 02:32 . 2012-01-30 02:32 1079 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\12_All_Video.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1040 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\07_TV_recorded_in_the_last_week.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1020 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\08_Video_rated_at_4_or_5_stars.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1025 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\09_Music_played_the_most.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1063 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\10_All_Music.wpl
2012-01-30 02:32 . 2012-01-30 02:32 585 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\11_All_Pictures.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1284 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\04_Music_played_in_the_last_month.wpl
2012-01-30 02:32 . 2012-01-30 02:32 797 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\05_Pictures_taken_in_the_last_month.wpl
2012-01-30 02:32 . 2012-01-30 02:32 785 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\06_Pictures_rated_4_or_5_stars.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1044 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\01_Music_auto_rated_at_5_stars.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1279 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\02_Music_added_in_the_last_month.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1267 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\03_Music_rated_at_4_or_5_stars.wpl
2012-01-30 02:32 . 2006-11-02 15:04 15063 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
2012-01-30 02:32 . 2006-11-02 15:04 3168 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
2012-01-30 02:32 . 2006-11-02 15:04 26720 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
2012-01-30 02:32 . 2006-11-02 15:04 4638 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
2012-01-30 02:32 . 2006-11-02 15:04 1864 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
2012-01-30 02:32 . 2006-11-02 15:04 3650 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
2012-01-30 02:32 . 2006-11-02 15:02 7505 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
2012-01-30 02:32 . 2006-11-02 15:02 10569 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
2012-01-30 02:32 . 2006-11-02 15:02 230 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
2012-01-30 02:32 . 2006-11-02 15:04 81292 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
2012-01-30 02:32 . 2006-11-02 15:04 1990 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
2012-01-30 02:32 . 2006-11-02 15:02 232 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
2012-01-30 02:32 . 2006-11-02 15:02 4734 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
2012-01-30 02:32 . 2006-11-02 15:04 37316 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
2012-01-30 02:32 . 2006-11-02 15:02 237 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
2012-01-30 02:32 . 2006-11-02 15:04 15776 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
2012-01-30 02:32 . 2006-11-02 15:02 1920 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
2012-01-30 02:32 . 2006-11-02 15:04 14049 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
2012-01-30 02:32 . 2006-11-02 15:02 233 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
2012-01-30 02:32 . 2006-11-02 15:04 3981 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
2012-01-30 02:32 . 2006-11-02 15:04 5115 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
2012-01-30 02:32 . 2006-11-02 15:02 5115 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
2012-01-30 02:32 . 2006-11-02 15:02 232 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
2012-01-30 02:32 . 2006-11-02 15:02 237 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
2012-01-30 02:32 . 2006-11-02 15:02 6381 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
2012-01-30 02:32 . 2006-11-02 15:04 26036 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
2012-01-30 02:32 . 2006-11-02 15:04 2950 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
2012-01-30 02:32 . 2006-11-02 15:04 4192 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
2012-01-30 02:32 . 2006-11-02 15:04 152300 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
2012-01-30 02:32 . 2006-11-02 15:04 2209 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
2012-01-30 02:32 . 2006-11-02 15:02 4222 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
2012-01-30 02:32 . 2006-11-02 15:04 7498 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
2012-01-30 02:32 . 2006-11-02 15:02 235 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
2012-01-30 02:32 . 2006-11-02 15:04 2920 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
2012-01-30 02:32 . 2006-11-02 15:04 116724 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
2012-01-30 02:32 . 2006-11-02 15:02 237 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
2012-01-30 02:32 . 2006-11-02 15:02 6406 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
2012-01-30 02:32 . 2006-11-02 15:04 10340 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
2012-01-30 02:32 . 2006-11-02 15:04 5524 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
2012-01-30 02:32 . 2006-11-02 15:02 231 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
2012-01-30 02:32 . 2006-11-02 15:02 23871 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
2012-01-30 02:32 . 2006-11-02 15:06 645 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini
2012-01-30 02:32 . 2006-11-02 15:04 3792 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
2012-01-30 02:32 . 2006-11-02 15:04 2319 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
2012-01-30 02:32 . 2006-11-02 15:04 2575 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
2012-01-30 02:32 . 2006-11-02 15:04 4587 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
2012-01-30 02:32 . 2006-11-02 15:02 1074 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
2012-01-30 02:32 . 2012-01-30 02:32 1508 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\account{24B576BB-16E0-468D-BBBD-DDF0B2ABE708}.oeaccount
2012-01-30 02:32 . 2012-01-30 02:32 1736 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\account{9D349828-A269-4D05-A367-57D9AD239ED8}.oeaccount
2012-01-30 02:32 . 2012-01-30 02:32 260 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\oeold.xml
2012-01-30 02:32 . 2006-11-02 15:02 255 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
2012-01-30 02:32 . 2012-01-30 02:32 672 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\account{358D3A74-2E50-4463-8C8D-E57D8B1D0061}.oeaccount
2012-01-30 02:32 . 2012-01-30 02:32 16384 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
2012-01-30 02:32 . 2012-01-30 02:32 24 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Protect\S-1-5-21-1678378614-2818533487-3223694174-1002\Preferred
2012-01-30 02:32 . 2012-01-30 02:32 388 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Protect\S-1-5-21-1678378614-2818533487-3223694174-1002\227bb665-805d-40ee-8cb7-a637eda2bbe3
2012-01-30 02:32 . 2012-01-30 02:32 2121728 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
2012-01-30 02:32 . 2012-01-30 02:32 16384 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
2012-01-30 02:32 . 2012-01-30 02:32 24 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Protect\CREDHIST
2012-01-30 02:32 . 2012-01-30 02:32 8192 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edb.chk
2012-01-30 02:32 . 2012-01-30 02:32 2113536 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edb.log
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edb00001.log
2012-01-30 02:32 . 2012-01-30 02:32 44593 ----a-w- c:\users\DJ\Contacts\DJ.contact
2012-01-30 02:32 . 2012-01-30 02:32 412 --sha-w- c:\users\DJ\Contacts\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 730 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 917 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2012-01-30 02:32 . 2012-01-30 02:32 0 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs
2012-01-30 02:32 . 2012-01-30 02:39 262144 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
2012-01-30 02:32 . 2012-01-30 02:41 524288 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat{98ef6b6a-4ae9-11e1-8b2c-00038a000015}.TMContainer00000000000000000002.regtrans-ms
2012-01-30 02:32 . 2012-01-30 02:41 524288 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat{98ef6b6a-4ae9-11e1-8b2c-00038a000015}.TMContainer00000000000000000001.regtrans-ms
2012-01-30 02:32 . 2012-01-30 02:41 65536 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat{98ef6b6a-4ae9-11e1-8b2c-00038a000015}.TM.blf
2012-01-30 02:32 . 2012-01-30 02:32 0 ---ha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
2012-01-30 02:32 . 2012-01-30 02:41 262144 ---ha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat
2012-01-30 02:32 . 2012-01-30 02:41 78848 ---ha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
2012-01-30 02:32 . 2012-01-30 02:32 20 --sha-w- c:\users\DJ\ntuser.ini
2012-01-30 02:32 . 2012-01-31 20:50 524288 --sha-w- c:\users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
2012-01-30 02:32 . 2012-01-30 02:41 524288 --sha-w- c:\users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
2012-01-30 02:32 . 2012-01-31 20:50 65536 --sha-w- c:\users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
2012-01-30 02:32 . 2012-01-31 20:50 262144 ---ha-w- c:\users\DJ\ntuser.dat.LOG1
2012-01-30 02:32 . 2012-01-30 02:32 0 ---ha-w- c:\users\DJ\ntuser.dat.LOG2
2012-01-30 02:32 . 2012-01-30 02:39 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2012-01-30 02:32 . 2011-05-11 03:10 53632 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2012-01-30 02:32 . 2011-05-10 11:44 145 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
2012-01-30 02:32 . 2011-05-11 03:10 2834 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\digest.s
2012-01-30 02:32 . 2012-01-30 02:39 16384 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2012-01-30 02:32 . 2011-05-10 11:44 67 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 146 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 258 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
2012-01-30 02:32 . 2008-01-21 03:20 240 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
2012-01-30 02:32 . 2006-09-18 21:34 3 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2012-01-30 02:32 . 2012-01-30 02:33 588 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:21 704 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:21 1753 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
2012-01-30 02:32 . 2006-11-02 15:30 1662 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2012-01-30 02:32 . 2006-11-02 15:31 1629 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2012-01-30 02:32 . 2006-09-18 21:32 7 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
2012-01-30 02:32 . 2006-09-18 21:32 4 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
2012-01-30 02:32 . 2006-11-02 15:31 1659 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
2012-01-30 02:32 . 2008-01-21 03:20 678 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 1699 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
2012-01-30 02:32 . 2006-11-02 15:31 1653 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
2012-01-30 02:32 . 2008-01-21 03:20 1537 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
2012-01-30 02:32 . 2011-06-03 23:13 1288 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Blu-ray Disc Suite.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1251 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LG Burning Tool\LG Burning Tool.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1225 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LG Burning Tool\Power2Go Online Help.lnk
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
2012-01-30 02:32 . 2012-01-30 02:32 594 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
2012-01-30 02:32 . 2011-06-03 22:49 1325 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\MediaShow4\MediaShow Online Help.lnk
2012-01-30 02:32 . 2011-06-03 22:49 2263 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\MediaShow4\MediaShow.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1285 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\PowerProducer Online Help.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1223 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\PowerProducer.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1222 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LG Burning Tool\Power2Go.lnk
2012-01-30 02:32 . 2011-06-03 22:49 1308 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\MediaShow4\Readme.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1254 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\OnLine Registration.lnk
2012-01-30 02:32 . 2011-06-03 23:13 1283 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\OnLine Registration.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1248 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\Readme.lnk
2012-01-30 02:32 . 2011-06-03 22:57 1941 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\Uninstall YouCam.lnk
2012-01-30 02:32 . 2011-06-03 22:57 1128 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\YouCam Online Help.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1927 ----a-w- c:\users\DJ\Desktop\LG Burning Tool.lnk
2012-01-30 02:32 . 2011-06-03 22:57 984 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\CyberLink YouCam.lnk
2012-01-30 02:32 . 2011-06-03 22:57 1128 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\Readme.lnk
2012-01-30 02:32 . 2008-01-21 03:20 318 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
2012-01-30 02:32 . 2011-06-03 23:13 1090 ----a-w- c:\users\DJ\Desktop\Blu-ray Disc Suite.lnk
2012-01-30 02:32 . 2012-01-31 20:50 786432 --sha-w- c:\users\DJ\NTUSER.DAT
2011-08-08 17:53 . 2012-01-30 02:33 6702 ----a-w- c:\users\DJ\AppData\Local\VirtualStore\ProgramData\HP\Digital Imaging\hp officejet 5600 series\1312825999\Data\ScanTo.ini
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-31_21.17.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-01-30 11:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-01-31 20:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-01-30 11:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-31 20:35 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-01-31 20:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-30 11:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-01-31 23:37 65406 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-01-31 23:37 69268 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-10 01:32 . 2012-01-31 23:37 11106 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1678378614-2818533487-3223694174-1000_UserData.bin
+ 2011-05-10 01:19 . 2012-01-31 23:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-10 01:19 . 2012-01-31 18:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-10 01:19 . 2012-01-31 23:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-10 01:19 . 2012-01-31 18:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-10 01:19 . 2012-01-31 23:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-10 01:19 . 2012-01-31 18:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-31 20:32 . 2012-01-31 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-01 00:33 . 2012-02-01 00:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-31 20:32 . 2012-01-31 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-01 00:33 . 2012-02-01 00:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-01 18:31 . 2012-01-31 22:49 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
- 2011-12-01 18:31 . 2011-12-01 18:31 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-01 18:31 . 2012-01-31 22:49 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
- 2011-12-01 18:31 . 2011-12-01 18:31 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
- 2006-11-02 12:46 . 2012-01-31 20:39 604264 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-02-01 00:39 604264 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-02-01 00:39 103964 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-01-31 20:39 103964 c:\windows\system32\perfc009.dat
- 2011-05-11 02:28 . 2012-01-31 20:31 416868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-11 02:28 . 2012-02-01 00:32 416868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-11 02:28 . 2012-01-31 20:31 7701128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-8192.dat
+ 2011-05-11 02:28 . 2012-02-01 00:32 7701128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-8192.dat
- 2011-05-11 02:28 . 2012-01-30 02:24 7946168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-12288.dat
+ 2011-05-11 02:28 . 2012-01-31 23:34 7946168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-12288.dat
+ 2011-05-11 02:28 . 2012-02-01 00:32 42223856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-4096.dat
- 2011-05-11 02:28 . 2012-01-31 20:31 42223856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2010-10-23 472112]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-25 75048]
"HostManager"="c:\program files (x86)\Common Files\AOL\1324870613\ee\AOLSoftware.exe" [2010-03-08 41800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-5-9 1015296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"OEM05Mon.exe"=c:\windows\OEM05Mon.exe
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 03:09]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 03:09]
.
2011-12-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2011-12-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray64.exe" [2007-05-06 424448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2011-06-08 1290504]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Applications\Adobe Soundbooth CS3.exe\shell\open]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\JSXFile\shell\Edit]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\JSXFile\shell\Open]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SoundboothFile_sbsc\shell\open\command]
@DACL=(02 0000)
@="\"c:\\Program Files (x86)\\Adobe\\Adobe Soundbooth CS3\\Adobe Soundbooth CS3.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SoundboothFile_sbsc\shell\open\DropTarget]
@DACL=(02 0000)
"CLSID"="{72EC9533-51C1-4449-A56B-B28825C23183}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SoundboothFile_sbst\shell\open\command]
@DACL=(02 0000)
@="\"c:\\Program Files (x86)\\Adobe\\Adobe Soundbooth CS3\\Adobe Soundbooth CS3.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SoundboothFile_sbst\shell\open\DropTarget]
@DACL=(02 0000)
"CLSID"="{72EC9533-51C1-4449-A56B-B28825C23183}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\atashost.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-01-31 19:51:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 00:51
ComboFix2.txt 2012-01-31 21:20
.
Pre-Run: 321,634,611,200 bytes free
Post-Run: 321,424,347,136 bytes free
.
- - End Of File - - 31A183D39E7C0A07DB3D555D2CC306A4
Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

#10 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:17 AM

Posted 31 January 2012 - 09:35 PM

The PCDoctor reference is made in your scheduled tasks folder. On your Desktop, you should have an application that Dell pre-installs on their systems, named...appropriately enough, "Dell Support Center". You can open that program and find the scheduling feature. There are two scheduled tasks that were setup in your Dell Support Center software. They are:
PCDoctorBackgroundMonitorTask.job
SystemToolsDailyTest.job

...You can remove both of them if you didn't set these up. For that matter, if your system is beyond the warranty time period, you can even uninstall the Dell Support Center software. I removed it from my Dell e521, I think the day after I brought it home.

You have no need now to bother with comodo's restore feature since you went ahead with the cfscript. Combofix will have removed it. Might not be a big deal...we shall see.

Let's not worry then with the VirScan. Combofix didn't squawk about it and neither has your TrendMicro so we can delay that one.

OK, on to business. You still have the Spybot Search and Destroy's TeaTimer function enabled. Additionally, you have the Windows Defender enabled. Please carefully read through These Instructions and scroll through to find Windows Defender. Refer to my previous instruction again if needed, to try once more and disable TeaTimer. The reason we need to disable them is because they both will try to wrestle away the rights to combofix while it attempts to write some changes to the registry.

Next, please open another blank Notepad...Copy the below text in Bold and paste it into the blank Notepad. Save it as CFScript.txt...Change the "Save as type" to All Files and save it to your desktop. Now drag the text document over to your Combofix.exe

Combofix will run again automatically. Please post back the new log that will be generated. Let me know what issues remain and if you have noticed any improvement. Thanks!
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall



KILLALL::

reglock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Applications\Adobe Soundbooth CS3.exe\shell\open]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\JSXFile\shell\Edit]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\JSXFile\shell\Open]
@DACL=(02 0000)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SoundboothFile_sbsc\shell\open\command]
@DACL=(02 0000)
@="\"c:\\Program Files (x86)\\Adobe\\Adobe Soundbooth CS3\\Adobe Soundbooth CS3.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SoundboothFile_sbsc\shell\open\DropTarget]
@DACL=(02 0000)
"CLSID"="{72EC9533-51C1-4449-A56B-B28825C23183}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SoundboothFile_sbst\shell\open\command]
@DACL=(02 0000)
@="\"c:\\Program Files (x86)\\Adobe\\Adobe Soundbooth CS3\\Adobe Soundbooth CS3.exe\" \"%1\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\SoundboothFile_sbst\shell\open\DropTarget]
@DACL=(02 0000)
"CLSID"="{72EC9533-51C1-4449-A56B-B28825C23183}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#11 Sani-T-Capt1

Sani-T-Capt1
  • Topic Starter

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:12:17 PM

Posted 31 January 2012 - 10:45 PM

*NOTE* i have discovered an icon that looks like IE. Explorer on my desktop only it's named "The Internet" should i be concerned with this?
*Note 2* My Dell XPS is still under Warranty for a couple of years and now that i have opened that file containing PCDoctor, i recalled that one of their techs was using that feature via remote access to try and resolve the aforementioned hardware issues that have not been resolved lol. Back to business. here is the new log from CFScript, and please be advised that on the startup portion of S&D Spybot, there was NOT a checkbox for me to disable Teatimer at start-up so i hope it didn't corrupt this log.
:ComboFix 12-01-30.02 - Doug 01/31/2012 22:17:36.3.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8125.6172 [GMT -5:00]
Running from: c:\users\Doug\Desktop\ComboFix.exe
Command switches used :: c:\users\Doug\Desktop\CFScript.txt
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 03:22 . 2012-02-01 03:22 -------- d-----w- c:\users\Nadine\AppData\Local\temp
2012-02-01 03:22 . 2012-02-01 03:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 06:17 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1635206-DD4A-48C2-B92B-C330A516964E}\mpengine.dll
2012-01-30 02:32 . 2012-01-30 02:32 -------- d-----w- c:\users\DJ
2012-01-26 18:27 . 2011-12-26 01:57 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
2012-01-26 18:25 . 2012-01-26 18:28 -------- d-----w- c:\program files (x86)\AOL Desktop 9.7a
2012-01-26 18:25 . 2012-01-26 18:27 -------- d-----w- c:\program files (x86)\Common Files\aolshare
2012-01-26 17:35 . 2012-01-28 01:25 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-26 17:35 . 2012-01-26 18:06 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-25 23:29 . 2012-01-25 23:29 388096 ----a-r- c:\users\Doug\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-22 05:30 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-01-22 05:21 . 2012-01-22 05:21 -------- d-----w- c:\program files (x86)\WinPcap
2012-01-13 15:26 . 2012-01-13 15:26 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-01-11 13:55 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 13:55 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-11 13:55 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 13:55 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 13:55 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 13:55 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-11 13:55 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-11 13:55 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-11 13:55 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 22:49 . 2011-06-08 19:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-14 20:51 . 2011-04-25 21:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-14 20:51 . 2011-12-14 20:51 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-07 15:39 . 2011-05-10 13:30 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-03 03:59 . 2011-12-03 03:59 8892928 ----a-w- c:\programdata\atscie.msi
2011-11-23 13:57 . 2011-12-14 06:58 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 08:45 . 2011-11-10 08:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 08:20 . 2011-11-10 08:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-10 08:17 . 2011-11-10 08:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 08:16 . 2011-11-10 08:16 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 08:15 . 2011-03-09 08:55 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 08:12 . 2011-11-10 08:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 08:12 . 2011-03-09 08:53 516608 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 08:11 . 2011-03-09 08:53 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 08:10 . 2011-11-10 08:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-10 08:10 . 2011-11-10 08:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-10 08:09 . 2011-11-10 08:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-10 08:09 . 2011-11-10 08:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-10 08:09 . 2011-11-10 08:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 08:09 . 2011-11-10 08:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-10 08:09 . 2011-11-10 08:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-10 08:06 . 2011-11-10 08:06 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 07:58 . 2011-11-10 07:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-10 07:51 . 2011-11-10 07:51 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 07:40 . 2011-11-10 07:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 07:40 . 2011-11-10 07:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-10 07:40 . 2011-04-20 05:40 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 07:34 . 2011-11-10 07:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-10 07:34 . 2011-11-10 07:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-10 07:34 . 2011-11-10 07:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-10 07:34 . 2011-11-10 07:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-10 07:34 . 2011-11-10 07:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-10 07:33 . 2011-11-10 07:33 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 07:30 . 2011-11-10 07:30 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-10 07:29 . 2011-11-10 07:29 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 07:24 . 2011-03-09 08:24 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 07:18 . 2011-03-09 08:11 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 07:13 . 2011-03-09 08:18 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-10 07:13 . 2011-11-10 07:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 07:12 . 2011-11-10 07:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-10 07:12 . 2011-11-10 07:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 07:11 . 2011-11-10 07:11 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 07:11 . 2011-11-10 07:11 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 07:11 . 2011-03-09 08:16 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 07:11 . 2011-11-10 07:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-10 07:11 . 2011-11-10 07:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-10 07:11 . 2011-11-10 07:11 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-10 07:11 . 2011-11-10 07:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-10 07:11 . 2011-11-10 07:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-10 07:11 . 2011-03-09 08:16 45056 ----a-w- c:\windows\system32\atitmp64.dll
2011-11-10 07:10 . 2011-11-10 07:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-08 14:58 . 2011-12-14 06:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-14 06:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 08:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 08:00 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 08:00 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 08:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 08:00 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 08:00 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\DJ ----
.
2012-01-30 02:41 . 2012-01-30 02:41 2387454 ---ha-w- c:\users\DJ\AppData\Local\IconCache.db
2012-01-30 02:39 . 2012-01-30 02:39 6931 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\AOLBrowserUSGM\Win32\0.2.8.1\manifest.bin
2012-01-30 02:39 . 2012-01-30 02:39 366 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\AOLBrowserUSGM\Win32\0.2.8.1\permdata.box
2012-01-30 02:38 . 2012-01-30 02:38 6928 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\TopSpeedUSGM\Win32\3.3.22.1\manifest.bin
2012-01-30 02:38 . 2012-01-30 02:39 365 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\TopSpeedUSGM\Win32\3.3.22.1\permdata.box
2012-01-30 02:38 . 2012-01-30 02:39 25 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\spool.lst
2012-01-30 02:38 . 2012-01-30 02:39 1357 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\sysnews.lst
2012-01-30 02:38 . 2012-01-30 02:38 181 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\Apps.Lst
2012-01-30 02:38 . 2012-01-30 02:38 351232 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\sap.dat
2012-01-30 02:38 . 2012-01-30 02:39 21901 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\art.idx
2012-01-30 02:38 . 2012-01-30 02:38 6923 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\WAOLUSGM\Win32\0.4343.19.1\manifest.bin
2012-01-30 02:38 . 2012-01-30 02:39 364 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\WAOLUSGM\Win32\0.4343.19.1\permdata.box
2012-01-30 02:38 . 2012-01-30 02:39 48 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\#Security\FlashPlayerTrust\AOL.cfg
2012-01-30 02:37 . 2012-01-30 02:37 291 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
2012-01-30 02:37 . 2012-01-30 02:37 16384 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 360448 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 294820 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat
2012-01-30 02:37 . 2012-01-30 02:37 360448 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\index.dat
2012-01-30 02:37 . 2012-01-30 02:39 16384 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
2012-01-30 02:37 . 2012-01-30 02:39 16384 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DH5J28LE\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RRCBIA66\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GZPKBVB9\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWW712KF\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:39 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\Low\History.IE5\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 145 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\Low\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
2012-01-30 02:35 . 2012-01-30 02:41 850 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\1305025467\dj\metrics\cmls_ms.tlv
2012-01-30 02:33 . 2012-01-30 02:33 4776 ----a-w- c:\users\DJ\AppData\Roaming\HP\CRMLogs\BrandAuthentication.htm
2012-01-30 02:33 . 2012-01-30 02:33 13960 ----a-w- c:\users\DJ\AppData\Local\ATI\ACE\Manifest.Bin
2012-01-30 02:33 . 2012-01-30 02:33 12791 ----a-w- c:\users\DJ\AppData\Local\ATI\ACE\Manifest.xml
2012-01-30 02:33 . 2012-01-30 02:33 817 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer Wizard.LNK
2012-01-30 02:33 . 2012-01-30 02:33 174 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini
2012-01-30 02:33 . 2012-01-30 02:33 144 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\1305025467\dj\metrics\cmls_cs.tlv
2012-01-30 02:33 . 2012-01-30 02:33 174 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini
2012-01-30 02:33 . 2011-11-14 15:19 0 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
2012-01-30 02:33 . 2012-01-30 02:33 1210 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00002
2012-01-30 02:33 . 2012-01-30 02:33 10227 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00001
2012-01-30 02:33 . 2012-01-30 02:37 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012012920120130\index.dat
2012-01-30 02:33 . 2012-01-30 02:41 139264 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\All Users\cls\common.cls
2012-01-30 02:33 . 2012-01-30 02:33 49120 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
2012-01-30 02:33 . 2012-01-30 02:33 47186 --s-a-w- c:\users\DJ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2012-01-30 02:33 . 2012-01-30 02:33 342 --s-a-w- c:\users\DJ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2012-01-30 02:33 . 2012-01-30 02:41 368 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\ServiceHost2USGM\Win32\0.0.7.1\permdata.box
2012-01-30 02:33 . 2012-01-30 02:33 6935 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\ServiceHost2USGM\Win32\0.0.7.1\manifest.bin
2012-01-30 02:32 . 2012-01-30 02:41 2394 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
2012-01-30 02:32 . 2012-01-30 02:32 124424 ----a-w- c:\users\DJ\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
2012-01-30 02:32 . 2012-01-30 02:32 1048576 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
2012-01-30 02:32 . 2012-01-30 02:32 4064 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
2012-01-30 02:32 . 2012-01-30 02:32 159853 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 6223 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\brndlog.bak
2012-01-30 02:32 . 2012-01-30 02:32 951 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2012-01-30 02:32 . 2012-01-30 02:32 0 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\KCGSFPYH\fwlink[1]
2012-01-30 02:32 . 2012-01-30 02:32 5120 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
2012-01-30 02:32 . 2012-01-30 02:32 28672 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\XOKT8XII\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\9913KMGD\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\KCGSFPYH\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\OG0ZFK0C\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:37 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\index.dat
2012-01-30 02:32 . 2012-01-30 02:32 226 ----a-w- c:\users\DJ\Favorites\Links\Web Slice Gallery.url
2012-01-30 02:32 . 2012-01-30 02:32 80 --sh--w- c:\users\DJ\Favorites\Links\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 6223 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
2012-01-30 02:32 . 2012-01-30 02:32 100624 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
2012-01-30 02:32 . 2012-01-30 02:32 941 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2012-01-30 02:32 . 2012-01-30 02:32 971 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
2012-01-30 02:32 . 2012-01-30 02:32 415 ----a-w- c:\users\DJ\Links\Documents.lnk
2012-01-30 02:32 . 2012-01-30 02:32 412 ----a-w- c:\users\DJ\Links\Pictures.lnk
2012-01-30 02:32 . 2012-01-30 02:32 403 ----a-w- c:\users\DJ\Links\Music.lnk
2012-01-30 02:32 . 2012-01-30 02:32 655 ----a-w- c:\users\DJ\Links\Recently Changed.lnk
2012-01-30 02:32 . 2012-01-30 02:32 412 ----a-w- c:\users\DJ\Links\Searches.lnk
2012-01-30 02:32 . 2012-01-30 02:32 377 ----a-w- c:\users\DJ\Links\Public.lnk
2012-01-30 02:32 . 2012-01-30 02:32 735 ----a-w- c:\users\DJ\Searches\Recent E-mail.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 930 ----a-w- c:\users\DJ\Searches\Recently Changed.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 754 ----a-w- c:\users\DJ\Searches\Recent Pictures and Videos.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 723 ----a-w- c:\users\DJ\Searches\Recent Documents.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 719 ----a-w- c:\users\DJ\Searches\Recent Music.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 248 ---ha-r- c:\users\DJ\Searches\Everywhere.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 1523 ----a-w- c:\users\DJ\Searches\Shared By Me.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 282 --sha-w- c:\users\DJ\Saved Games\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 248 ---ha-r- c:\users\DJ\Searches\Indexed Locations.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 782 --sh--w- c:\users\DJ\Links\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 402 --sha-w- c:\users\DJ\Documents\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 6 --sha-w- c:\users\DJ\AppData\LocalLow\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 282 --sha-w- c:\users\DJ\Downloads\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 1078 --sh--w- c:\users\DJ\Searches\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 432 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 676 ----a-w- c:\users\DJ\Music\Sample Music.lnk
2012-01-30 02:32 . 2012-01-30 02:32 668 --sha-w- c:\users\DJ\Music\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 402 --sha-w- c:\users\DJ\Favorites\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 282 --sha-w- c:\users\DJ\Desktop\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 710 ----a-w- c:\users\DJ\Pictures\Sample Pictures.lnk
2012-01-30 02:32 . 2012-01-30 02:32 674 --sha-w- c:\users\DJ\Pictures\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 688 ----a-w- c:\users\DJ\Videos\Sample Videos.lnk
2012-01-30 02:32 . 2012-01-30 02:32 670 --sha-w- c:\users\DJ\Videos\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 936 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2012-01-30 02:32 . 2012-01-30 02:32 68920 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
2012-01-30 02:32 . 2012-01-30 02:32 1003520 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb
2012-01-30 02:32 . 2012-01-30 02:32 498 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNS.DTD
2012-01-30 02:32 . 2012-01-30 02:32 10191 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNS.XML
2012-01-30 02:32 . 2012-01-30 02:32 1079 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\12_All_Video.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1040 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\07_TV_recorded_in_the_last_week.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1020 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\08_Video_rated_at_4_or_5_stars.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1025 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\09_Music_played_the_most.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1063 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\10_All_Music.wpl
2012-01-30 02:32 . 2012-01-30 02:32 585 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\11_All_Pictures.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1284 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\04_Music_played_in_the_last_month.wpl
2012-01-30 02:32 . 2012-01-30 02:32 797 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\05_Pictures_taken_in_the_last_month.wpl
2012-01-30 02:32 . 2012-01-30 02:32 785 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\06_Pictures_rated_4_or_5_stars.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1044 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\01_Music_auto_rated_at_5_stars.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1279 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\02_Music_added_in_the_last_month.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1267 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\03_Music_rated_at_4_or_5_stars.wpl
2012-01-30 02:32 . 2006-11-02 15:04 15063 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
2012-01-30 02:32 . 2006-11-02 15:04 3168 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
2012-01-30 02:32 . 2006-11-02 15:04 26720 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
2012-01-30 02:32 . 2006-11-02 15:04 4638 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
2012-01-30 02:32 . 2006-11-02 15:04 1864 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
2012-01-30 02:32 . 2006-11-02 15:04 3650 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
2012-01-30 02:32 . 2006-11-02 15:02 7505 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
2012-01-30 02:32 . 2006-11-02 15:02 10569 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
2012-01-30 02:32 . 2006-11-02 15:02 230 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
2012-01-30 02:32 . 2006-11-02 15:04 81292 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
2012-01-30 02:32 . 2006-11-02 15:04 1990 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
2012-01-30 02:32 . 2006-11-02 15:02 232 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
2012-01-30 02:32 . 2006-11-02 15:02 4734 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
2012-01-30 02:32 . 2006-11-02 15:04 37316 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
2012-01-30 02:32 . 2006-11-02 15:02 237 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
2012-01-30 02:32 . 2006-11-02 15:04 15776 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
2012-01-30 02:32 . 2006-11-02 15:02 1920 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
2012-01-30 02:32 . 2006-11-02 15:04 14049 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
2012-01-30 02:32 . 2006-11-02 15:02 233 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
2012-01-30 02:32 . 2006-11-02 15:04 3981 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
2012-01-30 02:32 . 2006-11-02 15:04 5115 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
2012-01-30 02:32 . 2006-11-02 15:02 5115 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
2012-01-30 02:32 . 2006-11-02 15:02 232 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
2012-01-30 02:32 . 2006-11-02 15:02 237 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
2012-01-30 02:32 . 2006-11-02 15:02 6381 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
2012-01-30 02:32 . 2006-11-02 15:04 26036 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
2012-01-30 02:32 . 2006-11-02 15:04 2950 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
2012-01-30 02:32 . 2006-11-02 15:04 4192 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
2012-01-30 02:32 . 2006-11-02 15:04 152300 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
2012-01-30 02:32 . 2006-11-02 15:04 2209 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
2012-01-30 02:32 . 2006-11-02 15:02 4222 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
2012-01-30 02:32 . 2006-11-02 15:04 7498 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
2012-01-30 02:32 . 2006-11-02 15:02 235 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
2012-01-30 02:32 . 2006-11-02 15:04 2920 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
2012-01-30 02:32 . 2006-11-02 15:04 116724 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
2012-01-30 02:32 . 2006-11-02 15:02 237 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
2012-01-30 02:32 . 2006-11-02 15:02 6406 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
2012-01-30 02:32 . 2006-11-02 15:04 10340 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
2012-01-30 02:32 . 2006-11-02 15:04 5524 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
2012-01-30 02:32 . 2006-11-02 15:02 231 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
2012-01-30 02:32 . 2006-11-02 15:02 23871 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
2012-01-30 02:32 . 2006-11-02 15:06 645 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini
2012-01-30 02:32 . 2006-11-02 15:04 3792 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
2012-01-30 02:32 . 2006-11-02 15:04 2319 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
2012-01-30 02:32 . 2006-11-02 15:04 2575 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
2012-01-30 02:32 . 2006-11-02 15:04 4587 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
2012-01-30 02:32 . 2006-11-02 15:02 1074 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
2012-01-30 02:32 . 2012-01-30 02:32 1508 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\account{24B576BB-16E0-468D-BBBD-DDF0B2ABE708}.oeaccount
2012-01-30 02:32 . 2012-01-30 02:32 1736 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\account{9D349828-A269-4D05-A367-57D9AD239ED8}.oeaccount
2012-01-30 02:32 . 2012-01-30 02:32 260 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\oeold.xml
2012-01-30 02:32 . 2006-11-02 15:02 255 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
2012-01-30 02:32 . 2012-01-30 02:32 672 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\account{358D3A74-2E50-4463-8C8D-E57D8B1D0061}.oeaccount
2012-01-30 02:32 . 2012-01-30 02:32 16384 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
2012-01-30 02:32 . 2012-01-30 02:32 24 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Protect\S-1-5-21-1678378614-2818533487-3223694174-1002\Preferred
2012-01-30 02:32 . 2012-01-30 02:32 388 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Protect\S-1-5-21-1678378614-2818533487-3223694174-1002\227bb665-805d-40ee-8cb7-a637eda2bbe3
2012-01-30 02:32 . 2012-01-30 02:32 2121728 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
2012-01-30 02:32 . 2012-01-30 02:32 16384 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
2012-01-30 02:32 . 2012-01-30 02:32 24 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Protect\CREDHIST
2012-01-30 02:32 . 2012-01-30 02:32 8192 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edb.chk
2012-01-30 02:32 . 2012-01-30 02:32 2113536 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edb.log
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edb00001.log
2012-01-30 02:32 . 2012-01-30 02:32 44593 ----a-w- c:\users\DJ\Contacts\DJ.contact
2012-01-30 02:32 . 2012-01-30 02:32 412 --sha-w- c:\users\DJ\Contacts\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 730 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 917 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2012-01-30 02:32 . 2012-01-30 02:32 0 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs
2012-01-30 02:32 . 2012-01-30 02:39 262144 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
2012-01-30 02:32 . 2012-01-30 02:41 524288 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat{98ef6b6a-4ae9-11e1-8b2c-00038a000015}.TMContainer00000000000000000002.regtrans-ms
2012-01-30 02:32 . 2012-01-30 02:41 524288 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat{98ef6b6a-4ae9-11e1-8b2c-00038a000015}.TMContainer00000000000000000001.regtrans-ms
2012-01-30 02:32 . 2012-01-30 02:41 65536 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat{98ef6b6a-4ae9-11e1-8b2c-00038a000015}.TM.blf
2012-01-30 02:32 . 2012-01-30 02:32 0 ---ha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
2012-01-30 02:32 . 2012-01-30 02:41 262144 ---ha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat
2012-01-30 02:32 . 2012-01-30 02:41 78848 ---ha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
2012-01-30 02:32 . 2012-01-30 02:32 20 --sha-w- c:\users\DJ\ntuser.ini
2012-01-30 02:32 . 2012-01-31 20:50 524288 --sha-w- c:\users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
2012-01-30 02:32 . 2012-01-30 02:41 524288 --sha-w- c:\users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
2012-01-30 02:32 . 2012-01-31 20:50 65536 --sha-w- c:\users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
2012-01-30 02:32 . 2012-01-31 20:50 262144 ---ha-w- c:\users\DJ\ntuser.dat.LOG1
2012-01-30 02:32 . 2012-01-30 02:32 0 ---ha-w- c:\users\DJ\ntuser.dat.LOG2
2012-01-30 02:32 . 2012-01-30 02:39 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2012-01-30 02:32 . 2011-05-11 03:10 53632 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2012-01-30 02:32 . 2011-05-10 11:44 145 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
2012-01-30 02:32 . 2011-05-11 03:10 2834 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\digest.s
2012-01-30 02:32 . 2012-01-30 02:39 16384 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2012-01-30 02:32 . 2011-05-10 11:44 67 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 146 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 258 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
2012-01-30 02:32 . 2008-01-21 03:20 240 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
2012-01-30 02:32 . 2006-09-18 21:34 3 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2012-01-30 02:32 . 2012-01-30 02:33 588 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:21 704 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:21 1753 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
2012-01-30 02:32 . 2006-11-02 15:30 1662 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2012-01-30 02:32 . 2006-11-02 15:31 1629 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2012-01-30 02:32 . 2006-09-18 21:32 7 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
2012-01-30 02:32 . 2006-09-18 21:32 4 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
2012-01-30 02:32 . 2006-11-02 15:31 1659 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
2012-01-30 02:32 . 2008-01-21 03:20 678 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 1699 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
2012-01-30 02:32 . 2006-11-02 15:31 1653 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
2012-01-30 02:32 . 2008-01-21 03:20 1537 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
2012-01-30 02:32 . 2011-06-03 23:13 1288 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Blu-ray Disc Suite.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1251 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LG Burning Tool\LG Burning Tool.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1225 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LG Burning Tool\Power2Go Online Help.lnk
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
2012-01-30 02:32 . 2012-01-30 02:32 594 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
2012-01-30 02:32 . 2011-06-03 22:49 1325 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\MediaShow4\MediaShow Online Help.lnk
2012-01-30 02:32 . 2011-06-03 22:49 2263 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\MediaShow4\MediaShow.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1285 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\PowerProducer Online Help.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1223 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\PowerProducer.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1222 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LG Burning Tool\Power2Go.lnk
2012-01-30 02:32 . 2011-06-03 22:49 1308 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\MediaShow4\Readme.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1254 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\OnLine Registration.lnk
2012-01-30 02:32 . 2011-06-03 23:13 1283 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\OnLine Registration.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1248 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\Readme.lnk
2012-01-30 02:32 . 2011-06-03 22:57 1941 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\Uninstall YouCam.lnk
2012-01-30 02:32 . 2011-06-03 22:57 1128 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\YouCam Online Help.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1927 ----a-w- c:\users\DJ\Desktop\LG Burning Tool.lnk
2012-01-30 02:32 . 2011-06-03 22:57 984 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\CyberLink YouCam.lnk
2012-01-30 02:32 . 2011-06-03 22:57 1128 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\Readme.lnk
2012-01-30 02:32 . 2008-01-21 03:20 318 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
2012-01-30 02:32 . 2011-06-03 23:13 1090 ----a-w- c:\users\DJ\Desktop\Blu-ray Disc Suite.lnk
2012-01-30 02:32 . 2012-01-31 20:50 786432 --sha-w- c:\users\DJ\NTUSER.DAT
2011-08-08 17:53 . 2012-01-30 02:33 6702 ----a-w- c:\users\DJ\AppData\Local\VirtualStore\ProgramData\HP\Digital Imaging\hp officejet 5600 series\1312825999\Data\ScanTo.ini
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-31_21.17.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-01-30 11:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-02-01 01:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-01-30 11:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-02-01 01:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-02-01 01:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-30 11:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-02-01 03:25 65652 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-02-01 03:26 69404 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-10 01:32 . 2012-02-01 03:26 11540 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1678378614-2818533487-3223694174-1000_UserData.bin
+ 2011-05-10 01:19 . 2012-01-31 23:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-05-10 01:19 . 2012-01-31 18:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-10 01:19 . 2012-01-31 23:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-10 01:19 . 2012-01-31 18:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-10 01:19 . 2012-01-31 23:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-05-10 01:19 . 2012-01-31 18:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-31 20:32 . 2012-01-31 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-01 03:24 . 2012-02-01 03:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-31 20:32 . 2012-01-31 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-01 03:24 . 2012-02-01 03:24 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-12-01 18:31 . 2012-01-31 22:49 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
- 2011-12-01 18:31 . 2011-12-01 18:31 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-01 18:31 . 2012-01-31 22:49 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
- 2011-12-01 18:31 . 2011-12-01 18:31 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
- 2006-11-02 12:46 . 2012-01-31 20:39 604264 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-02-01 03:06 604264 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-02-01 03:06 103964 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-01-31 20:39 103964 c:\windows\system32\perfc009.dat
- 2011-05-11 02:28 . 2012-01-31 20:31 416868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-11 02:28 . 2012-02-01 03:23 416868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-11 02:28 . 2012-01-31 20:31 7701128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-8192.dat
+ 2011-05-11 02:28 . 2012-02-01 03:23 7701128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-8192.dat
- 2011-05-11 02:28 . 2012-01-30 02:24 7946168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-12288.dat
+ 2011-05-11 02:28 . 2012-01-31 23:34 7946168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-12288.dat
+ 2011-05-11 02:28 . 2012-02-01 03:23 42223856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-4096.dat
- 2011-05-11 02:28 . 2012-01-31 20:31 42223856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2010-10-23 472112]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-25 75048]
"HostManager"="c:\program files (x86)\Common Files\AOL\1324870613\ee\AOLSoftware.exe" [2010-03-08 41800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-5-9 1015296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"OEM05Mon.exe"=c:\windows\OEM05Mon.exe
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 03:09]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 03:09]
.
2011-12-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2011-12-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray64.exe" [2007-05-06 424448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2011-06-08 1290504]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Applications\Adobe Soundbooth CS3.exe\shell\open\command]
@DACL=(02 0000)
@="\"c:\\Program Files (x86)\\Adobe\\Adobe Soundbooth CS3\\Adobe Soundbooth CS3.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Applications\Adobe Soundbooth CS3.exe\shell\open\DropTarget]
@DACL=(02 0000)
"CLSID"="{72EC9533-51C1-4449-A56B-B28825C23183}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\JSXFile\shell\Edit\Command]
@DACL=(02 0000)
@="\"c:\\Program Files (x86)\\Adobe\\Adobe Utilities\\ExtendScript Toolkit 2\\ExtendScript Toolkit 2.exe\" \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\JSXFile\shell\Open\Command]
@DACL=(02 0000)
@="\"c:\\Program Files (x86)\\Adobe\\Adobe Utilities\\ExtendScript Toolkit 2\\ExtendScript Toolkit 2.exe\" -run \"%1\""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\atashost.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\Common Files\AOL\1324870613\ee\aolupdates.exe
.
**************************************************************************
.
Completion time: 2012-01-31 22:31:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 03:31
ComboFix2.txt 2012-02-01 00:51
ComboFix3.txt 2012-01-31 21:20
.
Pre-Run: 321,514,283,008 bytes free
Post-Run: 321,446,027,264 bytes free
.
- - End Of File - - 3497E72040D1B33100CF26C9419A6145
Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

#12 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:17 AM

Posted 01 February 2012 - 10:11 AM

OK, if you can't find the "TeaTimer" function to disable it from those instructions...and I assure you it's there, it's just as easy to uninstall it. It's a free utility anyway so you can reinstall it when we finish if you absolutely can't live without it. I personally think it's a bit overkill with your setup. Regardless, for now, it's better if you just uninstall it as you can see from the log, there is interference from it. The registry keys we are trying to re-write have been unaffected and it's due to the TeaTimer function. Please uninstall it, run the cfscript again and post back THAT log. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#13 Sani-T-Capt1

Sani-T-Capt1
  • Topic Starter

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:12:17 PM

Posted 01 February 2012 - 01:05 PM

i will uninstall spybot S&D, i also uninstalled that viewer you were talking talking about and you're right it is an AOL feature that i had cunfused with the XPS Viewer. *note* the trendmicro icon in the systemtray is in a state of flux. the icon is animated and is giving me an "updating" message but when i open up the console it says protection is up to date and also when i click the update now button i get the message " the latest pattern definitions are already installed.
Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

#14 Sani-T-Capt1

Sani-T-Capt1
  • Topic Starter

  • Members
  • 559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Planet Earth
  • Local time:12:17 PM

Posted 01 February 2012 - 01:55 PM

Hi 1972vet, here is new CFScriptlog:

ComboFix 12-01-30.02 - Doug 02/01/2012 13:27:28.4.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8125.5645 [GMT -5:00]
Running from: c:\users\Doug\Desktop\ComboFix.exe
Command switches used :: c:\users\Doug\Desktop\CFScript.txt
AV: Trend Micro Internet Security *Disabled/Updated* {48929DFC-7A52-A34F-8351-C4DBEDBD9C50}
FW: Trend Micro Personal Firewall *Disabled* {70A91CD9-303D-A217-A80E-6DEE136EDB2B}
SP: Trend Micro Internet Security *Disabled/Updated* {F3F37C18-5C68-ACC1-B9E1-FFA9963AD6ED}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-01-01 to 2012-02-01 )))))))))))))))))))))))))))))))
.
.
2012-02-01 18:32 . 2012-02-01 18:32 -------- d-----w- c:\users\Nadine\AppData\Local\temp
2012-02-01 18:32 . 2012-02-01 18:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-31 06:17 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1635206-DD4A-48C2-B92B-C330A516964E}\mpengine.dll
2012-01-30 02:32 . 2012-01-30 02:32 -------- d-----w- c:\users\DJ
2012-01-26 18:27 . 2011-12-26 01:57 58696 ----a-w- c:\windows\SysWow64\AOLParconLink.exe
2012-01-26 18:25 . 2012-01-26 18:28 -------- d-----w- c:\program files (x86)\AOL Desktop 9.7a
2012-01-26 18:25 . 2012-01-26 18:27 -------- d-----w- c:\program files (x86)\Common Files\aolshare
2012-01-26 17:35 . 2012-02-01 18:08 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-01-26 17:35 . 2012-02-01 18:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-01-25 23:29 . 2012-01-25 23:29 388096 ----a-r- c:\users\Doug\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-22 05:30 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
2012-01-22 05:21 . 2012-01-22 05:21 -------- d-----w- c:\program files (x86)\WinPcap
2012-01-13 15:26 . 2012-01-13 15:26 -------- d-----w- c:\program files (x86)\Common Files\Software Update Utility
2012-01-11 13:55 . 2011-11-17 06:53 515968 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-11 13:55 . 2011-11-16 16:43 442368 ----a-w- c:\windows\system32\winhttp.dll
2012-01-11 13:55 . 2011-11-16 16:42 94720 ----a-w- c:\windows\system32\secur32.dll
2012-01-11 13:55 . 2011-11-16 16:42 347136 ----a-w- c:\windows\system32\schannel.dll
2012-01-11 13:55 . 2011-11-16 16:41 1689600 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-11 13:55 . 2011-11-16 16:24 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-01-11 13:55 . 2011-11-16 16:23 377344 ----a-w- c:\windows\SysWow64\winhttp.dll
2012-01-11 13:55 . 2011-11-16 16:23 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-01-11 13:55 . 2011-11-16 14:34 11264 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 22:49 . 2011-06-08 19:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-14 20:51 . 2011-04-25 21:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-12-14 20:51 . 2011-12-14 20:51 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2011-12-07 15:39 . 2011-05-10 13:30 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-12-03 03:59 . 2011-12-03 03:59 8892928 ----a-w- c:\programdata\atscie.msi
2011-11-23 13:57 . 2011-12-14 06:58 2764800 ----a-w- c:\windows\system32\win32k.sys
2011-11-10 08:45 . 2011-11-10 08:45 10567680 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-11-10 08:20 . 2011-11-10 08:20 25218048 ----a-w- c:\windows\system32\atio6axx.dll
2011-11-10 08:17 . 2011-11-10 08:17 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2011-11-10 08:16 . 2011-11-10 08:16 774656 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-11-10 08:15 . 2011-03-09 08:55 927232 ----a-w- c:\windows\system32\aticfx64.dll
2011-11-10 08:12 . 2011-11-10 08:12 466944 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-11-10 08:12 . 2011-03-09 08:53 516608 ----a-w- c:\windows\system32\atieclxx.exe
2011-11-10 08:11 . 2011-03-09 08:53 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-11-10 08:10 . 2011-11-10 08:10 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-11-10 08:10 . 2011-11-10 08:10 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-11-10 08:09 . 2011-11-10 08:09 360448 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-11-10 08:09 . 2011-11-10 08:09 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-11-10 08:09 . 2011-11-10 08:09 21504 ----a-w- c:\windows\system32\atimuixx.dll
2011-11-10 08:09 . 2011-11-10 08:09 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-11-10 08:09 . 2011-11-10 08:09 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-11-10 08:06 . 2011-11-10 08:06 6077952 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-11-10 07:58 . 2011-11-10 07:58 18996224 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-11-10 07:51 . 2011-11-10 07:51 7405056 ----a-w- c:\windows\system32\atidxx64.dll
2011-11-10 07:40 . 2011-11-10 07:40 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-11-10 07:40 . 2011-11-10 07:40 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-11-10 07:40 . 2011-04-20 05:40 4061696 ----a-w- c:\windows\system32\atiumd6a.dll
2011-11-10 07:34 . 2011-11-10 07:34 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-11-10 07:34 . 2011-11-10 07:34 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-11-10 07:34 . 2011-11-10 07:34 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-11-10 07:34 . 2011-11-10 07:34 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-11-10 07:34 . 2011-11-10 07:34 13552640 ----a-w- c:\windows\system32\aticaldd64.dll
2011-11-10 07:33 . 2011-11-10 07:33 5852672 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-11-10 07:30 . 2011-11-10 07:30 11300864 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-11-10 07:29 . 2011-11-10 07:29 4200960 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-11-10 07:24 . 2011-03-09 08:24 7439360 ----a-w- c:\windows\system32\atiumd64.dll
2011-11-10 07:18 . 2011-03-09 08:11 58880 ----a-w- c:\windows\system32\coinst.dll
2011-11-10 07:13 . 2011-03-09 08:18 494592 ----a-w- c:\windows\system32\atiadlxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 348160 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-11-10 07:13 . 2011-11-10 07:13 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 14336 ----a-w- c:\windows\system32\atiglpxx.dll
2011-11-10 07:13 . 2011-11-10 07:13 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-11-10 07:12 . 2011-11-10 07:12 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-11-10 07:12 . 2011-11-10 07:12 325632 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-11-10 07:11 . 2011-11-10 07:11 41984 ----a-w- c:\windows\system32\atiuxp64.dll
2011-11-10 07:11 . 2011-11-10 07:11 32256 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-11-10 07:11 . 2011-03-09 08:16 39424 ----a-w- c:\windows\system32\atiu9p64.dll
2011-11-10 07:11 . 2011-11-10 07:11 54784 ----a-w- c:\windows\system32\atimpc64.dll
2011-11-10 07:11 . 2011-11-10 07:11 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2011-11-10 07:11 . 2011-11-10 07:11 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-11-10 07:11 . 2011-11-10 07:11 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-11-10 07:11 . 2011-11-10 07:11 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-11-10 07:11 . 2011-03-09 08:16 45056 ----a-w- c:\windows\system32\atitmp64.dll
2011-11-10 07:10 . 2011-11-10 07:10 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-11-08 14:58 . 2011-12-14 06:58 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-08 14:42 . 2011-12-14 06:58 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 08:00 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 08:00 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 08:00 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 08:00 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 08:00 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 08:00 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 08:00 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 08:00 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\DJ ----
.
2012-01-30 02:41 . 2012-01-30 02:41 2387454 ---ha-w- c:\users\DJ\AppData\Local\IconCache.db
2012-01-30 02:39 . 2012-01-30 02:39 6931 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\AOLBrowserUSGM\Win32\0.2.8.1\manifest.bin
2012-01-30 02:39 . 2012-01-30 02:39 366 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\AOLBrowserUSGM\Win32\0.2.8.1\permdata.box
2012-01-30 02:38 . 2012-01-30 02:38 6928 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\TopSpeedUSGM\Win32\3.3.22.1\manifest.bin
2012-01-30 02:38 . 2012-01-30 02:39 365 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\TopSpeedUSGM\Win32\3.3.22.1\permdata.box
2012-01-30 02:38 . 2012-01-30 02:39 25 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\spool.lst
2012-01-30 02:38 . 2012-01-30 02:39 1357 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\sysnews.lst
2012-01-30 02:38 . 2012-01-30 02:38 181 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\Apps.Lst
2012-01-30 02:38 . 2012-01-30 02:38 351232 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\sap.dat
2012-01-30 02:38 . 2012-01-30 02:39 21901 ----a-w- c:\users\DJ\AppData\Roaming\AOL\C_AOL Desktop 9.7a\IDB\art.idx
2012-01-30 02:38 . 2012-01-30 02:38 6923 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\WAOLUSGM\Win32\0.4343.19.1\manifest.bin
2012-01-30 02:38 . 2012-01-30 02:39 364 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\WAOLUSGM\Win32\0.4343.19.1\permdata.box
2012-01-30 02:38 . 2012-01-30 02:39 48 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\#Security\FlashPlayerTrust\AOL.cfg
2012-01-30 02:37 . 2012-01-30 02:37 291 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
2012-01-30 02:37 . 2012-01-30 02:37 16384 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IEDownloadHistory\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 360448 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IECompatCache\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 294820 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat
2012-01-30 02:37 . 2012-01-30 02:37 360448 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IECompatCache\Low\index.dat
2012-01-30 02:37 . 2012-01-30 02:39 16384 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
2012-01-30 02:37 . 2012-01-30 02:39 16384 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DH5J28LE\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RRCBIA66\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GZPKBVB9\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RWW712KF\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:39 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\Low\History.IE5\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 145 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\Low\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\desktop.ini
2012-01-30 02:37 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\desktop.ini
2012-01-30 02:35 . 2012-01-30 02:41 850 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\1305025467\dj\metrics\cmls_ms.tlv
2012-01-30 02:33 . 2012-01-30 02:33 4776 ----a-w- c:\users\DJ\AppData\Roaming\HP\CRMLogs\BrandAuthentication.htm
2012-01-30 02:33 . 2012-01-30 02:33 13960 ----a-w- c:\users\DJ\AppData\Local\ATI\ACE\Manifest.Bin
2012-01-30 02:33 . 2012-01-30 02:33 12791 ----a-w- c:\users\DJ\AppData\Local\ATI\ACE\Manifest.xml
2012-01-30 02:33 . 2012-01-30 02:33 817 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer Wizard.LNK
2012-01-30 02:33 . 2012-01-30 02:33 174 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini
2012-01-30 02:33 . 2012-01-30 02:33 144 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\1305025467\dj\metrics\cmls_cs.tlv
2012-01-30 02:33 . 2012-01-30 02:33 174 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini
2012-01-30 02:33 . 2011-11-14 15:19 0 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
2012-01-30 02:33 . 2012-01-30 02:33 1210 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00002
2012-01-30 02:33 . 2012-01-30 02:33 10227 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\All Users\cls\clsFolder.000\cls00001
2012-01-30 02:33 . 2012-01-30 02:37 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012012012920120130\index.dat
2012-01-30 02:33 . 2012-01-30 02:41 139264 ----a-w- c:\users\DJ\AppData\Local\AOL\UserProfiles\All Users\cls\common.cls
2012-01-30 02:33 . 2012-01-30 02:33 49120 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
2012-01-30 02:33 . 2012-01-30 02:33 47186 --s-a-w- c:\users\DJ\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
2012-01-30 02:33 . 2012-01-30 02:33 342 --s-a-w- c:\users\DJ\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
2012-01-30 02:33 . 2012-01-30 02:41 368 ----a-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\ServiceHost2USGM\Win32\0.0.7.1\permdata.box
2012-01-30 02:33 . 2012-01-30 02:33 6935 ---ha-w- c:\users\DJ\AppData\Local\AOL\AOLDiag\AOL\ServiceHost2USGM\Win32\0.0.7.1\manifest.bin
2012-01-30 02:32 . 2012-01-30 02:41 2394 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
2012-01-30 02:32 . 2012-01-30 02:32 124424 ----a-w- c:\users\DJ\AppData\Local\GDIPFONTCACHEV1.DAT
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
2012-01-30 02:32 . 2012-01-30 02:32 1048576 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
2012-01-30 02:32 . 2012-01-30 02:32 4064 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
2012-01-30 02:32 . 2012-01-30 02:32 24 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
2012-01-30 02:32 . 2012-01-30 02:32 159853 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows\1033\StructuredQuerySchema.bin
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 6223 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\brndlog.bak
2012-01-30 02:32 . 2012-01-30 02:32 951 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2012-01-30 02:32 . 2012-01-30 02:32 0 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\KCGSFPYH\fwlink[1]
2012-01-30 02:32 . 2012-01-30 02:32 5120 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms
2012-01-30 02:32 . 2012-01-30 02:32 28672 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Web Slice Gallery~.feed-ms
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\XOKT8XII\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\9913KMGD\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\KCGSFPYH\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\OG0ZFK0C\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:37 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Feeds Cache\index.dat
2012-01-30 02:32 . 2012-01-30 02:32 226 ----a-w- c:\users\DJ\Favorites\Links\Web Slice Gallery.url
2012-01-30 02:32 . 2012-01-30 02:32 80 --sh--w- c:\users\DJ\Favorites\Links\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 6223 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
2012-01-30 02:32 . 2012-01-30 02:32 100624 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Internet Explorer\IECompatData\iecompatdata.xml
2012-01-30 02:32 . 2012-01-30 02:32 941 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2012-01-30 02:32 . 2012-01-30 02:32 971 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
2012-01-30 02:32 . 2012-01-30 02:32 415 ----a-w- c:\users\DJ\Links\Documents.lnk
2012-01-30 02:32 . 2012-01-30 02:32 412 ----a-w- c:\users\DJ\Links\Pictures.lnk
2012-01-30 02:32 . 2012-01-30 02:32 403 ----a-w- c:\users\DJ\Links\Music.lnk
2012-01-30 02:32 . 2012-01-30 02:32 655 ----a-w- c:\users\DJ\Links\Recently Changed.lnk
2012-01-30 02:32 . 2012-01-30 02:32 412 ----a-w- c:\users\DJ\Links\Searches.lnk
2012-01-30 02:32 . 2012-01-30 02:32 377 ----a-w- c:\users\DJ\Links\Public.lnk
2012-01-30 02:32 . 2012-01-30 02:32 735 ----a-w- c:\users\DJ\Searches\Recent E-mail.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 930 ----a-w- c:\users\DJ\Searches\Recently Changed.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 754 ----a-w- c:\users\DJ\Searches\Recent Pictures and Videos.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 723 ----a-w- c:\users\DJ\Searches\Recent Documents.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 719 ----a-w- c:\users\DJ\Searches\Recent Music.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 248 ---ha-r- c:\users\DJ\Searches\Everywhere.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 1523 ----a-w- c:\users\DJ\Searches\Shared By Me.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 282 --sha-w- c:\users\DJ\Saved Games\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 248 ---ha-r- c:\users\DJ\Searches\Indexed Locations.search-ms
2012-01-30 02:32 . 2012-01-30 02:32 782 --sh--w- c:\users\DJ\Links\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 402 --sha-w- c:\users\DJ\Documents\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 6 --sha-w- c:\users\DJ\AppData\LocalLow\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 282 --sha-w- c:\users\DJ\Downloads\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 1078 --sh--w- c:\users\DJ\Searches\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 432 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 676 ----a-w- c:\users\DJ\Music\Sample Music.lnk
2012-01-30 02:32 . 2012-01-30 02:32 668 --sha-w- c:\users\DJ\Music\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 174 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 402 --sha-w- c:\users\DJ\Favorites\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 282 --sha-w- c:\users\DJ\Desktop\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 710 ----a-w- c:\users\DJ\Pictures\Sample Pictures.lnk
2012-01-30 02:32 . 2012-01-30 02:32 674 --sha-w- c:\users\DJ\Pictures\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 688 ----a-w- c:\users\DJ\Videos\Sample Videos.lnk
2012-01-30 02:32 . 2012-01-30 02:32 670 --sha-w- c:\users\DJ\Videos\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 936 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2012-01-30 02:32 . 2012-01-30 02:32 68920 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
2012-01-30 02:32 . 2012-01-30 02:32 1003520 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\CurrentDatabase_360.wmdb
2012-01-30 02:32 . 2012-01-30 02:32 498 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNS.DTD
2012-01-30 02:32 . 2012-01-30 02:32 10191 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Media\11.0\WMSDKNS.XML
2012-01-30 02:32 . 2012-01-30 02:32 1079 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\12_All_Video.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1040 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\07_TV_recorded_in_the_last_week.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1020 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\08_Video_rated_at_4_or_5_stars.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1025 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\09_Music_played_the_most.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1063 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\10_All_Music.wpl
2012-01-30 02:32 . 2012-01-30 02:32 585 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\11_All_Pictures.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1284 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\04_Music_played_in_the_last_month.wpl
2012-01-30 02:32 . 2012-01-30 02:32 797 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\05_Pictures_taken_in_the_last_month.wpl
2012-01-30 02:32 . 2012-01-30 02:32 785 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\06_Pictures_rated_4_or_5_stars.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1044 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\01_Music_auto_rated_at_5_stars.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1279 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\02_Music_added_in_the_last_month.wpl
2012-01-30 02:32 . 2012-01-30 02:32 1267 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Media Player\Sync Playlists\en-US\00075051\03_Music_rated_at_4_or_5_stars.wpl
2012-01-30 02:32 . 2006-11-02 15:04 15063 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Wrinkled_Paper.gif
2012-01-30 02:32 . 2006-11-02 15:04 3168 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\White_Chocolate.jpg
2012-01-30 02:32 . 2006-11-02 15:04 26720 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\To_Do_List.emf
2012-01-30 02:32 . 2006-11-02 15:04 4638 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Tiki.gif
2012-01-30 02:32 . 2006-11-02 15:04 1864 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Stucco.gif
2012-01-30 02:32 . 2006-11-02 15:04 3650 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Tanspecks.jpg
2012-01-30 02:32 . 2006-11-02 15:02 7505 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.jpg
2012-01-30 02:32 . 2006-11-02 15:02 10569 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\SoftBlue.jpg
2012-01-30 02:32 . 2006-11-02 15:02 230 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Stars.htm
2012-01-30 02:32 . 2006-11-02 15:04 81292 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Shorthand.emf
2012-01-30 02:32 . 2006-11-02 15:04 1990 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Small_News.jpg
2012-01-30 02:32 . 2006-11-02 15:02 232 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Soft Blue.htm
2012-01-30 02:32 . 2006-11-02 15:02 4734 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\ShadesOfBlue.jpg
2012-01-30 02:32 . 2006-11-02 15:04 37316 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Seyes.emf
2012-01-30 02:32 . 2006-11-02 15:02 237 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Shades of Blue.htm
2012-01-30 02:32 . 2006-11-02 15:04 15776 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Sand_Paper.jpg
2012-01-30 02:32 . 2006-11-02 15:02 1920 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.jpg
2012-01-30 02:32 . 2006-11-02 15:04 14049 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Psychedelic.jpg
2012-01-30 02:32 . 2006-11-02 15:02 233 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Roses.htm
2012-01-30 02:32 . 2006-11-02 15:04 3981 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Pine_Lumber.jpg
2012-01-30 02:32 . 2006-11-02 15:04 5115 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Pretty_Peacock.jpg
2012-01-30 02:32 . 2006-11-02 15:02 5115 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.jpg
2012-01-30 02:32 . 2006-11-02 15:02 232 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Peacock.htm
2012-01-30 02:32 . 2006-11-02 15:02 237 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Orange Circles.htm
2012-01-30 02:32 . 2006-11-02 15:02 6381 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\OrangeCircles.jpg
2012-01-30 02:32 . 2006-11-02 15:04 26036 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Music.emf
2012-01-30 02:32 . 2006-11-02 15:04 2950 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Notebook.jpg
2012-01-30 02:32 . 2006-11-02 15:04 4192 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Month_Calendar.emf
2012-01-30 02:32 . 2006-11-02 15:04 152300 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Memo.emf
2012-01-30 02:32 . 2006-11-02 15:04 2209 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Monet.jpg
2012-01-30 02:32 . 2006-11-02 15:02 4222 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\HandPrints.jpg
2012-01-30 02:32 . 2006-11-02 15:04 7498 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(inch).wmf
2012-01-30 02:32 . 2006-11-02 15:02 235 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Hand Prints.htm
2012-01-30 02:32 . 2006-11-02 15:04 2920 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\grid_(cm).wmf
2012-01-30 02:32 . 2006-11-02 15:04 116724 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Graph.emf
2012-01-30 02:32 . 2006-11-02 15:02 237 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Green Bubbles.htm
2012-01-30 02:32 . 2006-11-02 15:02 6406 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\GreenBubbles.jpg
2012-01-30 02:32 . 2006-11-02 15:04 10340 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_2.emf
2012-01-30 02:32 . 2006-11-02 15:04 5524 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Genko_1.emf
2012-01-30 02:32 . 2006-11-02 15:02 231 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.htm
2012-01-30 02:32 . 2006-11-02 15:02 23871 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Garden.jpg
2012-01-30 02:32 . 2006-11-02 15:06 645 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini
2012-01-30 02:32 . 2006-11-02 15:04 3792 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Dotted_Lines.emf
2012-01-30 02:32 . 2006-11-02 15:04 2319 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Connectivity.gif
2012-01-30 02:32 . 2006-11-02 15:04 2575 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Blue_Gradient.jpg
2012-01-30 02:32 . 2006-11-02 15:04 4587 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Cave_Drawings.gif
2012-01-30 02:32 . 2006-11-02 15:02 1074 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.jpg
2012-01-30 02:32 . 2012-01-30 02:32 1508 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\account{24B576BB-16E0-468D-BBBD-DDF0B2ABE708}.oeaccount
2012-01-30 02:32 . 2012-01-30 02:32 1736 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\account{9D349828-A269-4D05-A367-57D9AD239ED8}.oeaccount
2012-01-30 02:32 . 2012-01-30 02:32 260 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\oeold.xml
2012-01-30 02:32 . 2006-11-02 15:02 255 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Stationery\Bears.htm
2012-01-30 02:32 . 2012-01-30 02:32 672 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\account{358D3A74-2E50-4463-8C8D-E57D8B1D0061}.oeaccount
2012-01-30 02:32 . 2012-01-30 02:32 16384 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.pat
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Backup\new\edb00001.log
2012-01-30 02:32 . 2012-01-30 02:32 24 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Protect\S-1-5-21-1678378614-2818533487-3223694174-1002\Preferred
2012-01-30 02:32 . 2012-01-30 02:32 388 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Protect\S-1-5-21-1678378614-2818533487-3223694174-1002\227bb665-805d-40ee-8cb7-a637eda2bbe3
2012-01-30 02:32 . 2012-01-30 02:32 2121728 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\Backup\new\WindowsMail.MSMessageStore
2012-01-30 02:32 . 2012-01-30 02:32 16384 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\WindowsMail.pat
2012-01-30 02:32 . 2012-01-30 02:32 24 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Protect\CREDHIST
2012-01-30 02:32 . 2012-01-30 02:32 8192 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edb.chk
2012-01-30 02:32 . 2012-01-30 02:32 2113536 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edbres00002.jrs
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edbres00001.jrs
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edb.log
2012-01-30 02:32 . 2012-01-30 02:32 2097152 ----a-w- c:\users\DJ\AppData\Local\Microsoft\Windows Mail\edb00001.log
2012-01-30 02:32 . 2012-01-30 02:32 44593 ----a-w- c:\users\DJ\Contacts\DJ.contact
2012-01-30 02:32 . 2012-01-30 02:32 412 --sha-w- c:\users\DJ\Contacts\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 730 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:32 917 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2012-01-30 02:32 . 2012-01-30 02:32 0 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Documents.mydocs
2012-01-30 02:32 . 2012-01-30 02:39 262144 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
2012-01-30 02:32 . 2012-01-30 02:41 524288 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat{98ef6b6a-4ae9-11e1-8b2c-00038a000015}.TMContainer00000000000000000002.regtrans-ms
2012-01-30 02:32 . 2012-01-30 02:41 524288 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat{98ef6b6a-4ae9-11e1-8b2c-00038a000015}.TMContainer00000000000000000001.regtrans-ms
2012-01-30 02:32 . 2012-01-30 02:41 65536 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat{98ef6b6a-4ae9-11e1-8b2c-00038a000015}.TM.blf
2012-01-30 02:32 . 2012-01-30 02:32 0 ---ha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2
2012-01-30 02:32 . 2012-01-30 02:41 262144 ---ha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat
2012-01-30 02:32 . 2012-01-30 02:41 78848 ---ha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1
2012-01-30 02:32 . 2012-01-30 02:32 20 --sha-w- c:\users\DJ\ntuser.ini
2012-01-30 02:32 . 2012-01-31 20:50 524288 --sha-w- c:\users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
2012-01-30 02:32 . 2012-01-30 02:41 524288 --sha-w- c:\users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
2012-01-30 02:32 . 2012-01-31 20:50 65536 --sha-w- c:\users\DJ\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
2012-01-30 02:32 . 2012-01-31 20:50 262144 ---ha-w- c:\users\DJ\ntuser.dat.LOG1
2012-01-30 02:32 . 2012-01-30 02:32 0 ---ha-w- c:\users\DJ\ntuser.dat.LOG2
2012-01-30 02:32 . 2012-01-30 02:39 32768 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2012-01-30 02:32 . 2011-05-11 03:10 53632 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2012-01-30 02:32 . 2011-05-10 11:44 145 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\desktop.ini
2012-01-30 02:32 . 2012-01-30 02:37 67 --sh--w- c:\users\DJ\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini
2012-01-30 02:32 . 2011-05-11 03:10 2834 ----a-w- c:\users\DJ\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\digest.s
2012-01-30 02:32 . 2012-01-30 02:39 16384 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2012-01-30 02:32 . 2011-05-10 11:44 67 --sha-w- c:\users\DJ\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 146 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 258 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
2012-01-30 02:32 . 2008-01-21 03:20 240 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
2012-01-30 02:32 . 2006-09-18 21:34 3 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2012-01-30 02:32 . 2012-01-30 02:33 588 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:21 704 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:21 1753 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk
2012-01-30 02:32 . 2006-11-02 15:30 1662 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2012-01-30 02:32 . 2006-11-02 15:31 1629 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2012-01-30 02:32 . 2006-09-18 21:32 7 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Desktop (create shortcut).DeskLink
2012-01-30 02:32 . 2006-09-18 21:32 4 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\SendTo\Mail Recipient.MAPIMail
2012-01-30 02:32 . 2006-11-02 15:31 1659 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk
2012-01-30 02:32 . 2008-01-21 03:20 678 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 1699 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk
2012-01-30 02:32 . 2006-11-02 15:31 1653 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk
2012-01-30 02:32 . 2008-01-21 03:20 1537 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk
2012-01-30 02:32 . 2011-06-03 23:13 1288 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\Blu-ray Disc Suite.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1251 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LG Burning Tool\LG Burning Tool.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1225 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LG Burning Tool\Power2Go Online Help.lnk
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk
2012-01-30 02:32 . 2012-01-30 02:32 594 --sh--w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini
2012-01-30 02:32 . 2011-06-03 22:49 1325 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\MediaShow4\MediaShow Online Help.lnk
2012-01-30 02:32 . 2011-06-03 22:49 2263 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\MediaShow4\MediaShow.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1285 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\PowerProducer Online Help.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1223 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\PowerProducer.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1222 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\LG Burning Tool\Power2Go.lnk
2012-01-30 02:32 . 2011-06-03 22:49 1308 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\MediaShow4\Readme.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1254 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\OnLine Registration.lnk
2012-01-30 02:32 . 2011-06-03 23:13 1283 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\OnLine Registration.lnk
2012-01-30 02:32 . 2011-06-03 22:56 1248 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\PowerProducer\Readme.lnk
2012-01-30 02:32 . 2011-06-03 22:57 1941 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\Uninstall YouCam.lnk
2012-01-30 02:32 . 2011-06-03 22:57 1128 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\YouCam Online Help.lnk
2012-01-30 02:32 . 2011-06-03 23:11 1927 ----a-w- c:\users\DJ\Desktop\LG Burning Tool.lnk
2012-01-30 02:32 . 2011-06-03 22:57 984 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\CyberLink YouCam.lnk
2012-01-30 02:32 . 2011-06-03 22:57 1128 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite\YouCam\Readme.lnk
2012-01-30 02:32 . 2008-01-21 03:20 318 --sha-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini
2012-01-30 02:32 . 2008-01-21 03:20 230 ----a-w- c:\users\DJ\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk
2012-01-30 02:32 . 2011-06-03 23:13 1090 ----a-w- c:\users\DJ\Desktop\Blu-ray Disc Suite.lnk
2012-01-30 02:32 . 2012-01-31 20:50 786432 --sha-w- c:\users\DJ\NTUSER.DAT
2011-08-08 17:53 . 2012-01-30 02:33 6702 ----a-w- c:\users\DJ\AppData\Local\VirtualStore\ProgramData\HP\Digital Imaging\hp officejet 5600 series\1312825999\Data\ScanTo.ini
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-31_21.17.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2012-01-30 11:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2012-02-01 01:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-01-21 03:20 . 2012-01-30 11:30 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-02-01 01:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-21 03:20 . 2012-02-01 01:14 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-01-21 03:20 . 2012-01-30 11:30 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2012-02-01 03:25 65652 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-02-01 03:26 69404 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2011-05-10 01:32 . 2012-02-01 03:26 11540 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1678378614-2818533487-3223694174-1000_UserData.bin
- 2011-05-10 01:19 . 2012-01-31 18:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-10 01:19 . 2012-02-01 05:05 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-05-10 01:19 . 2012-02-01 05:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-10 01:19 . 2012-01-31 18:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-10 01:19 . 2012-01-31 18:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-10 01:19 . 2012-02-01 05:05 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-01-31 20:32 . 2012-01-31 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-01 18:33 . 2012-02-01 18:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-02-01 18:33 . 2012-02-01 18:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-31 20:32 . 2012-01-31 20:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-01 18:31 . 2011-12-01 18:31 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-01 18:31 . 2012-01-31 22:49 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-01 18:31 . 2012-01-31 22:49 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
- 2011-12-01 18:31 . 2011-12-01 18:31 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.dll
+ 2006-11-02 12:46 . 2012-02-01 18:38 604264 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2012-01-31 20:39 604264 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2012-02-01 18:38 103964 c:\windows\system32\perfc009.dat
- 2006-11-02 12:46 . 2012-01-31 20:39 103964 c:\windows\system32\perfc009.dat
+ 2011-05-11 02:28 . 2012-02-01 18:32 416868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-11 02:28 . 2012-01-31 20:31 416868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-05-11 02:28 . 2012-01-31 20:31 7701128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-8192.dat
+ 2011-05-11 02:28 . 2012-02-01 18:32 7701128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-8192.dat
- 2011-05-11 02:28 . 2012-01-30 02:24 7946168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-12288.dat
+ 2011-05-11 02:28 . 2012-02-01 18:32 7946168 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-12288.dat
+ 2011-05-11 02:28 . 2012-02-01 18:32 42232382 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1678378614-2818533487-3223694174-1000-4096.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files (x86)\Pure Networks\Network Magic\nmapp.exe" [2010-10-23 472112]
"Trend Micro RUBotted V2.0 Beta"="c:\program files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe" [2010-12-17 1103184]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-05-25 75048]
"HostManager"="c:\program files (x86)\Common Files\AOL\1324870613\ee\AOLSoftware.exe" [2010-03-08 41800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-5-9 1015296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
"OEM05Mon.exe"=c:\windows\OEM05Mon.exe
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe"
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" blrun
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 03:09]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 03:09]
.
2011-12-29 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2011-12-29 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray64.exe" [2007-05-06 424448]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2011-06-08 1290504]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 56320]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.0.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\atashost.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2012-02-01 13:45:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-01 18:45
ComboFix2.txt 2012-02-01 03:31
ComboFix3.txt 2012-02-01 00:51
ComboFix4.txt 2012-01-31 21:20
.
Pre-Run: 317,426,253,824 bytes free
Post-Run: 317,534,994,432 bytes free
.
- - End Of File - - B7ADD98C2EF77164F6C7A80EB8D37B97
Either We Learn to Live Together as People, Or Die Apart as Fools !


Ignorance ISN'T Bliss, It's Just "IGNORANCE"!!

#15 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:10:17 AM

Posted 01 February 2012 - 03:02 PM

OK, thanks. Run a complete system scan with your on board antivirus product. Post back the results. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users