Help - Search - Members
Full Version: Not getting detected
Piriform Community Forums > Computer Help and Discussion > Spyware Hell
ryuko
Oct 9 2009, 04:12 PM
MBAM log

Malwarebytes' Anti-Malware 1.41
Database version: 2929
Windows 5.1.2600 Service Pack 3

10/9/2009 9:56:23 AM
mbam-log-2009-10-09 (09-56-23).txt

Scan type: Quick Scan
Objects scanned: 88307
Time elapsed: 3 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




OTL


OTL logfile created on: 10/9/2009 10:05:02 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Shirley\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.74 Gb Total Space | 280.72 Gb Free Space | 95.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 485.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: HALE
Current User Name: Shirley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/09/27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2009/10/08 19:41:42 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/10/08 19:47:01 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2006/03/20 16:00:04 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2009/10/08 19:47:01 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/06/01 13:43:46 | 01,501,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\itype.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2009/06/01 13:43:46 | 00,448,400 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
PRC - [2009/08/24 14:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/09 10:04:24 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Shirley\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/08/28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Disabled | Stopped])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Disabled | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/10/08 19:41:42 | 00,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/09/21 16:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [Disabled | Stopped])
SRV - [2009/10/08 19:47:01 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/09/27 18:19:46 | 00,172,100 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (nvsvc [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig?hl=en&source=iglk
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/08 19:47:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/09 08:01:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/08 20:29:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/08 20:55:28 | 00,000,000 | ---D | M]

[2009/10/08 19:46:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\mozilla\Extensions
[2009/10/08 19:46:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/09 08:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\mozilla\Firefox\Profiles\o8dee00i.default\extensions
[2009/10/09 08:16:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\mozilla\Firefox\Profiles\o8dee00i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/08 20:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\mozilla\Firefox\Profiles\o8dee00i.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2009/10/08 23:48:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/08 19:44:52 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/10/08 19:47:06 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/08/24 14:15:25 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 14:15:26 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/10/08 19:47:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2009/08/24 14:15:27 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/10/08 19:46:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/10/08 19:46:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/10/08 19:46:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/10/08 19:46:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/10/08 19:46:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/10/08 19:46:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/10/08 19:46:21 | 00,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/08/24 12:45:46 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/08/24 12:45:46 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 12:45:46 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 12:45:46 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/24 12:45:46 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 12:45:46 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 12:45:46 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No CLSID value found.
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EXSHOW95.EXE] File not found
O4 - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskmgr = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 55 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/08 19:16:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/25 15:14:48 | 00,180,224 | R--- | M] (Dell Computer Corporation) - H:\AUTORCD.EXE -- [ CDFS ]
O32 - AutoRun File - [2000/01/11 16:51:40 | 00,000,049 | RH-- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{01b05392-b43d-11de-9b0f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{01b05392-b43d-11de-9b0f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{01b05392-b43d-11de-9b0f-806d6172696f}\Shell\AutoRun\command - "" = H:\autoRcd.exe -- [2001/07/25 15:14:48 | 00,180,224 | R--- | M] (Dell Computer Corporation)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/08 13:10:53 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/10/08 19:46:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/08 19:43:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/08 19:45:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/10/08 19:46:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/10/08 19:41:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/10/08 23:20:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/10/09 00:10:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/08 13:10:53 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/10/08 20:06:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/10/08 23:20:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/08 20:29:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/08 19:18:41 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Shirley\Application Data
[2009/10/08 20:43:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Adobe
[2009/10/08 19:46:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Apple Computer
[2009/10/08 19:18:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Identities
[2009/10/08 20:43:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Macromedia
[2009/10/09 08:18:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Malwarebytes
[2009/10/08 19:18:41 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Shirley\Application Data\Microsoft
[2009/10/08 19:46:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Mozilla
[2009/10/08 23:23:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\OpenOffice.org
[2009/10/08 19:45:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Sun
[2009/10/09 08:36:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Application Data\Windows Desktop Search
[2009/10/08 19:18:41 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data
[2009/10/08 23:53:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data\Adobe
[2009/10/08 19:45:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data\Apple
[2009/10/08 19:45:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data\Apple Computer
[2009/10/09 08:01:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data\ApplicationHistory
[2009/10/08 23:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data\COMODO
[2009/10/08 23:24:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data\Identities
[2009/10/08 19:18:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data\Microsoft
[2009/10/08 19:46:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Local Settings\Application Data\Mozilla
[2009/10/08 13:11:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/10/08 19:43:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/10/08 19:45:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/08 19:25:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/10/08 19:34:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/10/08 13:11:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/10/08 19:14:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/10/08 13:11:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/10/08 19:14:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/10/08 13:11:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/10/08 19:14:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/10/08 13:11:20 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/10/08 19:43:13 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/10/08 19:34:03 | 00,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2009/10/08 19:45:57 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/08 23:21:03 | 00,000,000 | ---D | C] -- C:\Program Files\Atari
[2009/10/08 19:46:24 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/08 19:44:04 | 00,000,000 | ---D | C] -- C:\Program Files\Canon
[2009/10/08 19:45:27 | 00,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2009/10/08 13:11:20 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/10/08 19:41:43 | 00,000,000 | ---D | C] -- C:\Program Files\COMODO
[2009/10/08 19:14:21 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/10/08 19:29:50 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/10/08 19:44:15 | 00,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2009/10/08 19:25:48 | 00,000,000 | ---D | C] -- C:\Program Files\Dell
[2009/10/08 23:21:10 | 00,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2009/10/08 19:44:35 | 00,000,000 | ---D | C] -- C:\Program Files\EPSON
[2009/10/08 20:40:14 | 00,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2009/10/08 23:21:10 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/10/08 19:28:56 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/08 19:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/10/08 19:14:23 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/10/08 19:46:33 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/10/08 19:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/10/08 19:47:00 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/10/08 23:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/08 19:14:04 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/10/08 23:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/08 19:16:19 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/10/08 19:51:51 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2009/10/08 23:21:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/10/08 23:21:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Plus! Photo Story 2 LE
[2009/10/08 23:21:15 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/10/08 19:14:37 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/10/08 19:44:52 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/08 23:41:28 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/08 19:13:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/10/08 19:14:02 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/10/08 19:51:37 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/10/08 19:14:30 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/10/08 23:21:19 | 00,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2009/10/08 20:06:19 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009/10/08 19:14:06 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/10/08 23:21:19 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/10/08 19:14:28 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/10/08 23:21:34 | 00,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2009/10/08 19:46:10 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/10/08 23:41:22 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/08 19:28:56 | 00,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2009/10/08 23:21:35 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/08 19:40:17 | 00,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2009/10/08 23:21:36 | 00,000,000 | ---D | C] -- C:\Program Files\Turbo Tax Audit Support Center
[2009/10/08 19:18:45 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/10/09 08:35:22 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/10/08 23:21:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/10/09 08:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/10/08 19:14:06 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/10/08 19:13:37 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/10/08 19:15:19 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/10/08 19:16:19 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/10/09 09:53:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\logs
[2009/10/09 09:49:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2009/10/09 08:35:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/09 08:23:06 | 00,000,000 | ---D | C] -- C:\6e3f3ee304b979f7ce1b755815bde5
[2009/10/09 08:21:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/10/09 08:21:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/10/09 08:15:11 | 00,000,000 | -HSD | C] -- C:\USMT0001.TMP
[2009/10/09 08:03:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/09 08:02:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/10/09 00:12:52 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/10/09 00:10:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/09 00:10:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/08 23:41:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/08 23:41:03 | 00,000,000 | ---D | C] -- C:\d64051813f3c858841ef7f81cb9a54
[2009/10/08 23:28:35 | 00,000,000 | ---D | C] -- C:\2541b37ef92e15258d4a67fee1eb
[2009/10/08 23:25:10 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Shirley\My Documents\My Videos
[2009/10/08 23:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\speaker_files
[2009/10/08 23:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\regbackup
[2009/10/08 23:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\Recordpad
[2009/10/08 23:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\Paint.NET User Files
[2009/10/08 23:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\NFS ProStreet
[2009/10/08 23:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\New Folder
[2009/10/08 23:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\My Received Files
[2009/10/08 23:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\My Print Creations
[2009/10/08 23:24:36 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Shirley\My Documents\My DVDs
[2009/10/08 23:24:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\C_
[2009/10/08 23:24:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Shirley\My Documents\Copy of My Pictures
[2009/10/08 23:24:07 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Shirley\My Documents\Copy (2) of My Pictures
[2009/10/08 23:24:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\wsdl
[2009/10/08 23:24:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\RCT3
[2009/10/08 23:24:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\Application Files
[2009/10/08 23:24:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\moms
[2009/10/08 23:24:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\Fax
[2009/10/08 23:24:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2009/10/08 23:23:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\en music
[2009/10/08 23:23:51 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Shirley\Desktop\ResHack
[2009/10/08 23:23:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\band pics
[2009/10/08 23:23:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\mm
[2009/10/08 23:23:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\EBAY
[2009/10/08 23:21:52 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/08 23:20:54 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/10/08 23:20:54 | 00,000,000 | ---D | C] -- C:\i386
[2009/10/08 23:20:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/10/08 23:20:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\ians school
[2009/10/08 22:58:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/08 22:47:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/10/08 22:46:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/10/08 22:46:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/10/08 22:46:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/10/08 22:46:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/10/08 22:42:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/10/08 22:37:18 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/10/08 22:37:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/10/08 22:21:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/10/08 20:49:50 | 00,000,000 | ---D | C] -- C:\100b647cb30795c17e
[2009/10/08 20:43:14 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/08 20:42:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/10/08 20:42:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2009/10/08 20:38:32 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/10/08 20:38:14 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/10/08 20:15:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\Desktop\BACKUP 10.8.09
[2009/10/08 20:06:04 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/10/08 19:49:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Shirley\My Documents\Downloads
[2009/10/08 19:45:54 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/10/08 19:45:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2009/10/08 19:44:28 | 00,000,000 | ---D | C] -- C:\epson
[2009/10/08 19:41:45 | 00,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/10/08 19:41:45 | 00,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/10/08 19:41:45 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/10/08 19:41:45 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/10/08 19:39:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/10/08 19:39:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/10/08 19:34:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/10/08 19:34:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2009/10/08 19:32:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/08 19:32:08 | 00,000,000 | ---D | C] -- C:\drvrtmp
[2009/10/08 19:30:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/10/08 19:18:43 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Shirley\My Documents\My Pictures
[2009/10/08 19:18:43 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Shirley\My Documents\My Music
[2009/10/08 19:18:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/10/08 19:18:04 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/10/08 19:17:06 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/10/08 19:17:06 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/10/08 19:16:39 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/10/08 19:16:39 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/10/08 19:16:39 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/10/08 19:16:33 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/10/08 19:16:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/10/08 19:16:17 | 00,000,000 | ---D | C] -- C:\DELL
[2009/10/08 19:16:11 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/10/08 19:15:25 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/10/08 19:15:25 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/10/08 19:15:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/10/08 19:14:46 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/10/08 19:14:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/10/08 19:14:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/10/08 19:14:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/10/08 19:14:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/10/08 19:14:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/10/08 19:14:06 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/10/08 19:13:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/10/08 19:13:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/10/08 13:11:23 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/10/08 13:11:20 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/10/08 13:10:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/10/08 13:10:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/10/08 13:10:37 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/10/08 13:10:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/10/08 13:05:28 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/10/08 13:05:28 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/10/08 13:05:28 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/10/08 13:05:28 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/10/08 13:05:28 | 00,000,000 | ---D | C] -- C:\WINDOWS

========== Files - Modified Within 14 Days ==========

[1 C:\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/09 09:57:40 | 01,410,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/10/09 09:48:10 | 00,250,701 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2009/10/09 09:47:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/09 09:47:52 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/09 09:44:38 | 00,636,682 | -H-- | M] () -- C:\Documents and Settings\Shirley\Local Settings\Application Data\IconCache.db
[2009/10/09 09:03:38 | 15,748,4384 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
[2009/10/09 08:40:17 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/09 08:39:13 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/09 08:35:49 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/09 08:35:26 | 00,542,792 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/09 08:35:26 | 00,461,728 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/09 08:35:26 | 00,078,056 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/09 08:34:49 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/09 08:34:49 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/09 08:34:45 | 00,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/09 08:21:53 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/10/09 00:10:20 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/09 00:03:15 | 00,086,536 | ---- | M] () -- C:\Documents and Settings\Shirley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/08 23:46:05 | 00,337,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/08 23:28:23 | 00,002,040 | ---- | M] () -- C:\Documents and Settings\Shirley\Local Settings\Application Data\FASTWiz.html
[2009/10/08 23:16:58 | 02,421,760 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/10/08 23:16:58 | 01,228,800 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/10/08 22:59:26 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/08 22:41:06 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/10/08 20:43:08 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/08 20:43:08 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/10/08 19:53:15 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2009/10/08 19:53:15 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/10/08 19:46:50 | 00,001,804 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/08 19:46:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/10/08 19:44:53 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/08 19:44:28 | 00,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/10/08 19:43:19 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/08 19:41:43 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/10/08 19:41:43 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/10/08 19:41:43 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/10/08 19:41:43 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/10/08 19:40:23 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/08 19:40:20 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/08 19:17:54 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/08 19:17:26 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/08 19:16:04 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/08 19:16:04 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/08 19:16:04 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/08 19:16:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/10/08 19:16:04 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/08 19:16:04 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/08 19:15:57 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/08 19:15:25 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/08 19:15:25 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/08 19:14:21 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/08 19:14:20 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/10/08 19:14:20 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/10/07 13:50:58 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\f.lnk
[2009/10/07 07:21:43 | 00,663,736 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\File0023.PDF
[2009/10/05 11:45:50 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Shirley\Desktop\budget.xlr
[2009/09/27 18:19:46 | 00,068,587 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/09/27 16:12:22 | 01,604,482 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2009/09/27 16:12:22 | 00,023,127 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu

========== Files - No Company Name ==========
[2009/10/09 09:03:34 | 15,748,4384 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\OOo_3.1.1_Win32Intel_install_wJRE_en-US.exe
[2009/10/09 08:35:49 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/09 08:21:53 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/10/09 07:59:11 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/10/09 00:10:20 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/08 23:28:23 | 00,002,040 | ---- | C] () -- C:\Documents and Settings\Shirley\Local Settings\Application Data\FASTWiz.html
[2009/10/08 23:28:06 | 00,135,089 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2009/10/08 23:28:00 | 00,023,127 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2009/10/08 23:20:16 | 02,421,760 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/10/08 23:20:16 | 01,228,800 | R--- | C] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/10/08 23:16:46 | 00,070,802 | ---- | C] () -- C:\Documents and Settings\Shirley\Local Settings\Application Data\FASTWiz.log
[2009/10/08 21:40:50 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/10/08 21:40:50 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/10/08 21:40:50 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/10/08 21:40:50 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/10/08 21:40:50 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/10/08 21:40:50 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/10/08 21:40:50 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/10/08 21:40:50 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/10/08 21:40:50 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/10/08 21:40:50 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/10/08 21:40:50 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/10/08 21:40:50 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/10/08 21:40:50 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/10/08 21:40:50 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/10/08 21:40:50 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/10/08 21:40:50 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/10/08 21:40:50 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/10/08 21:40:50 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/10/08 21:40:50 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/10/08 21:40:50 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/10/08 21:40:50 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/10/08 21:40:50 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/10/08 21:40:50 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/10/08 21:40:50 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/10/08 21:40:50 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/10/08 21:40:49 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/10/08 21:40:49 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/10/08 21:40:49 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/10/08 21:40:49 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/10/08 21:40:49 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/10/08 21:40:49 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/10/08 21:40:49 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/10/08 21:40:49 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/10/08 21:40:48 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/10/08 21:40:48 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/10/08 21:40:48 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/10/08 21:40:48 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/10/08 21:40:48 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/10/08 21:40:48 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/10/08 21:40:48 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/10/08 21:40:48 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/10/08 21:40:48 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/10/08 21:40:47 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/10/08 21:40:47 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/10/08 21:40:47 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/10/08 21:40:47 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/10/08 21:40:46 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/10/08 21:40:46 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/10/08 21:40:46 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/10/08 21:40:46 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/10/08 21:40:46 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/10/08 21:40:46 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/10/08 21:40:45 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/10/08 21:40:43 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/10/08 21:40:43 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/10/08 21:40:43 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/10/08 21:40:43 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/10/08 21:40:43 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/10/08 21:40:43 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/10/08 21:40:43 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/10/08 21:40:43 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/10/08 21:40:43 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/10/08 21:40:43 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/10/08 21:40:43 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/10/08 21:40:16 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/10/08 20:07:36 | 01,410,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2009/10/08 20:07:12 | 00,636,682 | -H-- | C] () -- C:\Documents and Settings\Shirley\Local Settings\Application Data\IconCache.db
[2009/10/08 19:53:15 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2009/10/08 19:53:15 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
[2009/10/08 19:46:50 | 00,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/10/08 19:46:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/08 19:44:53 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/08 19:44:28 | 00,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Internet Security.lnk
[2009/10/08 19:43:20 | 00,086,536 | ---- | C] () -- C:\Documents and Settings\Shirley\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/08 19:43:19 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/08 19:40:21 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/08 19:40:20 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/08 19:33:14 | 00,001,904 | ---- | C] () -- C:\WINDOWS\System32\SetupBD.din
[2009/10/08 19:32:08 | 00,002,877 | ---- | C] () -- C:\WINDOWS\System32\e1e5132.din
[2009/10/08 19:29:46 | 00,128,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\del200f.cty
[2009/10/08 19:18:42 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Shirley\Application Data\desktop.ini
[2009/10/08 19:18:04 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/08 19:17:54 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/08 19:17:23 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/08 19:17:19 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/10/08 19:17:03 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/10/08 19:17:03 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/10/08 19:17:02 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/10/08 19:16:54 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/10/08 19:16:54 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/10/08 19:16:50 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/10/08 19:16:50 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/10/08 19:16:48 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/10/08 19:16:44 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/10/08 19:16:42 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/10/08 19:16:34 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/10/08 19:16:32 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/10/08 19:16:32 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/10/08 19:16:32 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/10/08 19:16:32 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/10/08 19:16:32 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/10/08 19:16:32 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/10/08 19:16:32 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/10/08 19:16:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/10/08 19:16:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/10/08 19:16:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/10/08 19:16:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/10/08 19:16:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/10/08 19:16:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/10/08 19:16:32 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/10/08 19:16:31 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/10/08 19:16:30 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/10/08 19:16:30 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/10/08 19:16:30 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/10/08 19:16:30 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/10/08 19:16:30 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/10/08 19:16:30 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/10/08 19:16:30 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/10/08 19:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/10/08 19:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/10/08 19:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/10/08 19:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/10/08 19:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/10/08 19:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/10/08 19:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/10/08 19:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/10/08 19:16:30 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/10/08 19:16:29 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/10/08 19:16:29 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/10/08 19:16:29 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/10/08 19:16:29 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/10/08 19:16:29 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/10/08 19:16:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/10/08 19:16:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/10/08 19:16:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/10/08 19:16:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/10/08 19:16:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/10/08 19:16:28 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/10/08 19:16:04 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/08 19:16:04 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/10/08 19:16:04 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/10/08 19:16:04 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/10/08 19:16:04 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/10/08 19:16:01 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/08 19:16:01 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/08 19:16:00 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/08 19:15:25 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/08 19:15:25 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/08 19:15:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/08 19:15:14 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/10/08 19:14:54 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/10/08 19:14:54 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/10/08 19:14:50 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/10/08 19:14:21 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/08 19:13:51 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/10/08 19:13:51 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/10/08 19:13:51 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/10/08 19:13:51 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/10/08 19:13:51 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/10/08 19:13:51 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/10/08 19:13:51 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/10/08 19:13:51 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/10/08 19:13:51 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/10/08 19:13:51 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/10/08 19:13:51 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/10/08 19:13:51 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/10/08 19:13:51 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/10/08 19:13:50 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/10/08 19:13:50 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/10/08 19:13:50 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/10/08 19:13:50 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/10/08 19:13:50 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/10/08 19:13:50 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/10/08 19:13:49 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/10/08 19:13:49 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/10/08 19:13:48 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/10/08 19:13:44 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/10/08 13:11:25 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/08 13:11:21 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/10/08 13:11:21 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/10/08 13:11:21 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/10/08 13:11:21 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/10/08 13:11:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/10/08 13:11:20 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/10/08 13:11:18 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009/10/08 13:11:18 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/10/08 13:11:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/10/08 13:11:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009/10/08 13:11:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/10/08 13:11:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/10/08 13:11:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/10/08 13:11:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009/10/08 13:11:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009/10/08 13:11:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/10/08 13:11:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/10/08 13:11:17 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/10/08 13:11:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009/10/08 13:11:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009/10/08 13:11:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/10/08 13:11:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/10/08 13:11:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009/10/08 13:11:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/10/08 13:11:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009/10/08 13:11:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/10/08 13:11:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/10/08 13:11:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/10/08 13:11:15 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009/10/08 13:11:15 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009/10/08 13:11:15 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/10/08 13:11:15 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/10/08 13:11:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/10/08 13:11:15 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/10/08 13:11:13 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009/10/08 13:11:13 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/10/08 13:11:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009/10/08 13:11:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009/10/08 13:11:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009/10/08 13:11:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/10/08 13:11:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/10/08 13:11:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/10/08 13:11:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/10/08 13:11:12 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/10/08 13:11:10 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/10/08 13:11:06 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/10/08 13:11:05 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/10/08 13:11:05 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/10/08 13:11:05 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/10/08 13:11:05 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/10/08 13:11:05 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/10/08 13:11:05 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/10/08 13:11:05 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/10/08 13:11:05 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/10/08 13:10:37 | 00,337,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/08 13:09:59 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2009/10/08 13:09:58 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/07 07:21:44 | 00,663,736 | ---- | C] () -- C:\Documents and Settings\Shirley\Desktop\File0023.PDF
[2009/09/29 12:07:53 | 00,002,473 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\f.lnk
[2009/09/27 18:19:46 | 00,250,701 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2009/09/27 18:19:46 | 00,068,587 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/09/27 16:12:22 | 01,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin

========== LOP Check ==========

[2009/10/09 00:10:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/08 19:46:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/09 08:36:06 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Shirley\Application Data
[2009/10/08 23:23:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\OpenOffice.org
[2009/10/09 08:36:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Shirley\Application Data\Windows Desktop Search
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/09 09:47:54 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
< End of report >


OTL EXTRA

OTL Extras logfile created on: 10/9/2009 10:05:02 AM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Shirley\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 294.74 Gb Total Space | 280.72 Gb Free Space | 95.24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 485.34 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded

Computer Name: HALE
Current User Name: Shirley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"8085:TCP" = 8085:TCP:*:Enabled:ddnsfilter

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- File not found
"C:\Program Files\AVG\AVG8\avgtray.exe" = C:\Program Files\AVG\AVG8\avgtray.exe:*:Enabled:AVG Free Tray Icon -- File not found
"C:\Program Files\AVG\AVG8\avgui.exe" = C:\Program Files\AVG\AVG8\avgui.exe:*:Enabled:AVG Free User Interface -- File not found
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- File not found
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- File not found
"C:\vnc\vnc2.exe" = C:\vnc\vnc2.exe:*:Enabled:vncviewer -- File not found
"C:\vnc\vnclogger.exe" = C:\vnc\vnclogger.exe:*:Enabled:TightVNC Win32 Server -- File not found
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{2C7D6B7D-1314-4FA7-97BF-62B978728110}" = AGEIA PhysX Engines
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{94A065E8-455D-41C1-AF1F-F0C1AF8F50F3}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{EEFEBB48-329E-46F6-AEB8-929A5BAFDB2F}" = Intel® Viiv™ Software
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"COMODO Internet Security" = COMODO Internet Security
"Defraggler" = Defraggler
"EPSON Printer and Utilities" = EPSON Printer Software
"FileHippo.com" = FileHippo.com Update Checker
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSet" = Intel® PRO Network Connections Drivers
"SystemRequirementsLab" = System Requirements Lab
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/9/2009 2:12:15 AM | Computer Name = HALE | Source = MsiInstaller | ID = 11706
Description = Product: Dell Resource CD -- Error 1706.No valid source could be found
for product Dell Resource CD. The Windows Installer cannot continue.

Error - 10/9/2009 9:58:17 AM | Computer Name = HALE | Source = MsiInstaller | ID = 11706
Description = Product: Dell Resource CD -- Error 1706.No valid source could be found
for product Dell Resource CD. The Windows Installer cannot continue.

Error - 10/9/2009 9:58:21 AM | Computer Name = HALE | Source = MsiInstaller | ID = 11706
Description = Product: Dell Resource CD -- Error 1706.No valid source could be found
for product Dell Resource CD. The Windows Installer cannot continue.

Error - 10/9/2009 10:26:41 AM | Computer Name = HALE | Source = Application Error | ID = 1000
Description = Faulting application the_comedian.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 10/9/2009 10:29:43 AM | Computer Name = HALE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/9/2009 10:36:13 AM | Computer Name = HALE | Source = Windows Search Service | ID = 3024
Description = The update cannot be started because the content sources cannot be
accessed. Fix the errors and try the update again. Context: Windows Application,
SystemIndex Catalog

Error - 10/9/2009 11:01:46 AM | Computer Name = HALE | Source = Application Error | ID = 1000
Description = Faulting application the_comedian.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 10/9/2009 11:28:42 AM | Computer Name = HALE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x00002511.

Error - 10/9/2009 11:28:51 AM | Computer Name = HALE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module flash10c.ocx, version 10.0.32.18, fault address 0x00002511.

Error - 10/9/2009 11:46:39 AM | Computer Name = HALE | Source = Application Error | ID = 1000
Description = Faulting application the_comedian.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 10/9/2009 10:29:51 AM | Computer Name = HALE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Windows Media Player 11.

Error - 10/9/2009 10:29:51 AM | Computer Name = HALE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Windows Search 4.0 for Windows XP (KB940157).

Error - 10/9/2009 10:29:51 AM | Computer Name = HALE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Microsoft Base Smart Card Cryptographic Service Provider
Package: x86 (KB909520).

Error - 10/9/2009 10:29:51 AM | Computer Name = HALE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x800706ba: Update for Root Certificates [September 2009] (KB931125).

Error - 10/9/2009 10:37:20 AM | Computer Name = HALE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/9/2009 10:41:37 AM | Computer Name = HALE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/9/2009 11:45:39 AM | Computer Name = HALE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 10/9/2009 11:46:44 AM | Computer Name = HALE | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 10/9/2009 11:46:44 AM | Computer Name = HALE | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 10/9/2009 11:48:07 AM | Computer Name = HALE | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126


< End of report >
ryuko
Oct 9 2009, 04:14 PM
ROOTER
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows XP Home Edition (5.1.2600) Service Pack 3
[32_bits] - x86 Family 6 Model 15 Stepping 6, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[SharedAccess] RUNNING (state:4)
Windows Firewall -> Disabled !
.
Internet Explorer 8.0.6001.18702
Mozilla Firefox 3.5.3 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:294 Go - Free:280 Go )
D:\ [Removable]
E:\ [Removable]
F:\ [Removable]
G:\ [Removable]
H:\ [CD_Rom]
.
Scan : 09:58.17
Path : C:\Documents and Settings\Shirley\My Documents\Downloads\Rooter(2).exe
User : Shirley ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (648)
______ \??\C:\WINDOWS\system32\csrss.exe (696)
______ \??\C:\WINDOWS\system32\winlogon.exe (720)
______ C:\WINDOWS\system32\services.exe (764)
______ C:\WINDOWS\system32\lsass.exe (776)
______ C:\WINDOWS\system32\nvsvc32.exe (936)
______ C:\WINDOWS\system32\svchost.exe (980)
______ C:\WINDOWS\system32\svchost.exe (1048)
Locked cmdagent.exe (1144)
______ C:\WINDOWS\system32\svchost.exe (1172)
______ C:\WINDOWS\system32\svchost.exe (1376)
______ C:\WINDOWS\system32\svchost.exe (1468)
______ C:\WINDOWS\system32\spoolsv.exe (1552)
______ C:\WINDOWS\system32\svchost.exe (1740)
______ C:\Program Files\Java\jre6\bin\jqs.exe (1788)
______ C:\WINDOWS\system32\svchost.exe (1840)
______ C:\WINDOWS\system32\SearchIndexer.exe (468)
______ C:\WINDOWS\Explorer.EXE (520)
______ C:\WINDOWS\stsystra.exe (1264)
______ C:\Program Files\Java\jre6\bin\jusched.exe (1296)
______ C:\Program Files\Microsoft IntelliType Pro\itype.exe (1312)
______ C:\WINDOWS\system32\RUNDLL32.EXE (1320)
______ C:\WINDOWS\system32\ctfmon.exe (1352)
______ C:\Program Files\Windows Desktop Search\WindowsSearch.exe (1696)
______ c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe (3168)
______ C:\WINDOWS\system32\msiexec.exe (3232)
______ C:\WINDOWS\System32\alg.exe (3336)
______ C:\Program Files\Mozilla Firefox\firefox.exe (2536)
______ C:\WINDOWS\system32\SearchProtocolHost.exe (196)
______ C:\WINDOWS\system32\SearchFilterHost.exe (996)
______ C:\Documents and Settings\Shirley\My Documents\Downloads\Rooter(2).exe (2844)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:41094144)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:41126400 | Length:316475873280)
\Device\Harddisk0\Partition3 (Start_Offset:316516999680 | Length:3553320960)
.
----------------------\\ Scheduled Tasks
.
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 09:58.18
.
C:\Rooter$\Rooter_2.txt - (09/10/2009 | 09:58.18)


root repeal

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/09 10:03
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_iastor.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_iastor.sys
Address: 0xA91E7000 Size: 815104 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA8350000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aebd46

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeb250

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeb8ea

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aec2c2

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeb132

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aed254

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aed52c

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeacf8

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aebf2c

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aec0dc

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeaa5a

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeced6

#: 105 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeb4d4

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aebb2e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aea78a

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeb764

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aea902

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aec688

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aec9f0

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aecc72

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aed084

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aec488

#: 249 Function Name: NtShutdownSystem
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeb46e

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeb658

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeaffc

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\cmdguard.sys" at address 0xb1aeaeca

==EOF==
Rorschach112
Oct 10 2009, 12:12 AM
got the ckscanner log ?
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.