[code] OTScanIt2 logfile created on: 12/7/2008 9:20:51 AM - Run 1 OTScanIt2 by OldTimer - Version 1.0.2.1 Folder = C:\Documents and Settings\Owner\Desktop\OTScanIt2 Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18241) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1023.00 Mb Total Physical Memory | 572.18 Mb Available Physical Memory | 55.93% Memory free 2.41 Gb Paging File | 1.73 Gb Available in Paging File | 71.77% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.87 Gb Total Space | 36.81 Gb Free Space | 65.87% Space Free | Partition Type: NTFS Unable to calculate disk information. E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-12D01BC88C Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 90 Days [Processes - Safe List] applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) directcd.exe -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe -> [2002/04/10 16:44:04 | 00,679,936 | ---- | M] (Roxio) hplamp.exe -> %SystemDrive%\SCANJET\PrecisionScanPro\HPLamp.exe -> [1998/09/02 01:00:00 | 00,042,496 | ---- | M] () iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/09/10 16:39:48 | 00,536,872 | ---- | M] (Apple Inc.) ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/09/10 16:40:06 | 00,289,576 | ---- | M] (Apple Inc.) java.exe -> %ProgramFiles%\Java\jre6\bin\java.exe -> [2008/11/27 09:29:23 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/27 09:29:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/11/27 09:29:24 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> [2007/02/21 13:49:18 | 00,032,768 | ---- | M] (Logitech) mantispm.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe -> [2008/05/30 06:37:30 | 00,808,208 | ---- | M] (SonicWALL, Inc.) mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools) rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) scanningprocess.exe -> %SystemRoot%\system32\ZoneLabs\avsys\ScanningProcess.exe -> [2008/06/03 21:59:02 | 00,139,264 | ---- | M] () symlcsvc.exe -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2007/02/21 15:20:31 | 01,174,152 | ---- | M] (Symantec Corporation) vsmon.exe -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> [2008/10/09 13:25:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) wlloginproxy.exe -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WLLoginProxy.exe -> [2006/08/31 19:33:02 | 00,115,024 | ---- | M] (Microsoft Corporation) zlclient.exe -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe -> [2008/10/09 13:25:34 | 00,981,904 | ---- | M] (Check Point Software Technologies LTD) [Win32 Services - Safe List] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/09/10 15:50:26 | 00,116,040 | ---- | M] (Apple Inc.) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) (AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped] -> -> File not found (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) (FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2007/10/09 11:58:12 | 00,036,864 | ---- | M] (Microsoft Corporation) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2007/10/11 08:55:10 | 00,864,256 | ---- | M] (Microsoft Corporation) (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/09/10 16:39:48 | 00,536,872 | ---- | M] (Apple Inc.) (JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/11/27 09:29:24 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) (NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2007/10/11 08:55:14 | 00,122,880 | ---- | M] (Microsoft Corporation) (Symantec Core LC) Symantec Core LC [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\CCPD-LC\symlcsvc.exe -> [2007/02/21 15:20:31 | 01,174,152 | ---- | M] (Symantec Corporation) (usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 11:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) (vsmon) TrueVector Internet Monitor [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> [2008/10/09 13:25:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) (WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) (WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation) [Driver Services - Safe List] (aeaudio) aeaudio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\aeaudio.sys -> [2002/04/01 13:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) (Aspi32) Aspi32 [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\aspi32.sys -> [1997/12/22 20:02:46 | 00,023,936 | ---- | M] (Adaptec) (ati2mtaa) ati2mtaa [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtaa.sys -> [2004/08/03 16:29:28 | 00,327,040 | ---- | M] (ATI Technologies Inc.) (AvgAsCln) AVG Anti-Spyware Clean Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AvgAsCln.sys -> [2006/09/05 10:03:16 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) (Cdr4_xp) Cdr4_xp [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdr4_xp.sys -> [2007/02/02 03:00:00 | 00,009,336 | ---- | M] (Sonic Solutions) (Cdralw2k) Cdralw2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\cdralw2k.sys -> [2007/02/02 03:00:00 | 00,009,464 | ---- | M] (Sonic Solutions) (cdudf_xp) cdudf_xp [File_System | System | Running] -> %SystemRoot%\System32\drivers\cdudf_xp.sys -> [2002/04/10 16:48:04 | 00,236,032 | ---- | M] (Roxio) (dvd_2K) dvd_2K [Kernel | On_Demand | Stopped] -> %SystemRoot%\System32\drivers\Dvd_2k.sys -> [2002/04/10 17:01:12 | 00,024,554 | ---- | M] (Roxio) (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2002/09/19 14:59:50 | 00,139,776 | ---- | M] (Intel Corporation) (eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> %CommonProgramFiles%\Symantec Shared\EENGINE\eeCtrl.sys -> [2007/02/13 17:00:42 | 00,383,800 | ---- | M] (Symantec Corporation) (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) (HSFHWBS2) HSFHWBS2 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWBS2.sys -> [2002/07/09 16:13:00 | 00,167,155 | ---- | M] (Conexant Systems) (HSF_DP) HSF_DP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> [2002/07/09 16:13:00 | 01,172,416 | ---- | M] (Conexant Systems) (KLIF) KLIF [Kernel | System | Running] -> %SystemRoot%\system32\drivers\klif.sys -> [2008/09/18 17:15:14 | 00,148,496 | ---- | M] (Kaspersky Lab) (MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\mcstrm.sys -> [2007/07/24 09:58:14 | 00,008,413 | ---- | M] (RealNetworks, Inc.) (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2002/07/09 16:13:00 | 00,009,855 | ---- | M] (Conexant) (mmc_2K) mmc_2K [Kernel | On_Demand | Running] -> %SystemRoot%\System32\drivers\Mmc_2k.sys -> [2002/04/10 17:01:00 | 00,029,638 | ---- | M] (Roxio) (NetMate2) CATC USB/Ethernet Link II device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\netmate2.sys -> [2000/04/25 11:01:16 | 00,035,694 | ---- | M] (CATC (Computer Access Technology Corp.)) (OMCI) OMCI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2001/08/22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (pwd_2k) pwd_2k [Kernel | System | Running] -> %SystemRoot%\System32\drivers\pwd_2K.sys -> [2002/04/10 17:00:44 | 00,117,898 | ---- | M] (Roxio) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2008/02/13 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (smwdm) smwdm [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\smwdm.sys -> [2002/05/28 15:18:46 | 00,500,568 | ---- | M] (Analog Devices, Inc.) (srescan) srescan [Kernel | Boot | Running] -> %SystemRoot%\system32\ZoneLabs\srescan.sys -> [2008/04/21 06:19:58 | 00,051,648 | ---- | M] (Check Point Software Technologies LTD) (symlcbrd) symlcbrd [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\symlcbrd.sys -> [2007/02/21 13:27:04 | 00,010,344 | ---- | M] (Symantec Corporation) (UdfReadr_xp) UdfReadr_xp [File_System | System | Running] -> %SystemRoot%\System32\drivers\udfreadr_xp.sys -> [2002/04/10 16:45:16 | 00,206,336 | ---- | M] (Roxio) (vsdatant) vsdatant [Kernel | System | Running] -> %SystemRoot%\system32\vsdatant.sys -> [2008/10/09 13:25:36 | 00,353,680 | ---- | M] (Check Point Software Technologies LTD) (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2002/07/09 16:13:00 | 00,594,832 | ---- | M] (Conexant Systems) (WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 06:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.golfdigest.com/ -> HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://ie.search.msn.com/en-ca/srchasst/srchasst.htm -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://home.microsoft.com/access/autosearch.asp?p=%s -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\3880xolz.default\prefs.js -> browser.startup.homepage -> "http://www.pinnacledigest.com/" -> browser.startup.homepage_override.mstone -> "rv:1.9.0.4" -> extensions.enabledItems -> {463F6CA5-EE3C-4be1-B7E6-7FEE11953374}:3.0.3.1 -> extensions.enabledItems -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10 -> extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.0.20080712 -> extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.4 -> < HOSTS File > (734 bytes and 19 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> File not found {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} [HKLM] -> %SystemRoot%\_MWOLTB.DLL [Merriam-Webster Online BHO] -> [2007/12/30 08:59:35 | 00,385,024 | ---- | M] () {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/11/27 09:29:25 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2006/08/31 19:33:06 | 00,322,368 | ---- | M] (Microsoft Corporation) {9394EDE7-C8B5-483E-8773-474BF36AF6E4} [HKLM] -> %ProgramFiles%\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [ST] -> [2004/08/13 16:42:00 | 00,155,648 | ---- | M] (Microsoft Corporation) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} [HKLM] -> %ProgramFiles%\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll [MSNToolBandBHO] -> [2006/01/17 15:04:16 | 00,282,624 | ---- | M] (Microsoft Corporation) {da43a1f3-3822-45e6-8d39-dd3c5fcf355e} [HKLM] -> %SystemRoot%\system32\nadusifa.dll [Reg Error: Value does not exist or could not be read.] -> File not found {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/11/27 09:29:23 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.) {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/11/27 09:29:26 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D}" [HKLM] -> %SystemRoot%\_MWOLTB.DLL [Merriam-Webster Online] -> [2007/12/30 08:59:35 | 00,385,024 | ---- | M] () "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll [MSN] -> [2006/01/17 15:04:16 | 00,282,624 | ---- | M] (Microsoft Corporation) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\"{B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D}" [HKLM] -> %SystemRoot%\_MWOLTB.DLL [Merriam-Webster Online] -> [2007/12/30 08:59:35 | 00,385,024 | ---- | M] () WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> %ProgramFiles%\MSN Apps\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll [MSN] -> [2006/01/17 15:04:16 | 00,282,624 | ---- | M] (Microsoft Corporation) WebBrowser\\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AdaptecDirectCD" -> %ProgramFiles%\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe ["C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"] -> [2002/04/10 16:44:04 | 00,679,936 | ---- | M] (Roxio) "b468834b" -> %SystemRoot%\system32\lezaromo.dll [rundll32.exe "C:\WINDOWS\system32\lezaromo.dll",b] -> [2008/12/07 07:23:13 | 00,088,854 | -HS- | M] () "CPMb75bb0d7" -> %SystemRoot%\system32\feyujafi.dll [Rundll32.exe "c:\windows\system32\feyujafi.dll",a] -> [2008/12/07 07:23:13 | 00,093,293 | -HS- | M] () "gebuvesowi" -> %SystemRoot%\system32\duhavevo.DLL [Rundll32.exe "C:\WINDOWS\system32\duhavevo.dll",s] -> File not found "HP Lamp" -> %SystemDrive%\SCANJET\PrecisionScanPro\HPLamp.exe [C:\SCANJET\PrecisionScanPro\HPLamp.exe] -> [1998/09/02 01:00:00 | 00,042,496 | ---- | M] () "iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/09/10 16:40:06 | 00,289,576 | ---- | M] (Apple Inc.) "QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/09/06 14:09:14 | 00,413,696 | ---- | M] (Apple Inc.) "SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/11/27 09:29:24 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) "ZoneAlarm Client" -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2008/10/09 13:25:34 | 00,981,904 | ---- | M] (Check Point Software Technologies LTD) < RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx -> "" -> [] -> File not found < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "LDM" -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> [2007/02/21 13:49:18 | 00,032,768 | ---- | M] (Logitech) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 02:38:16 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) %AllUsersProfile%\Start Menu\Programs\Startup\CreataCard Gold 2 Forget Me Not Reminders.lnk -> %ProgramFiles%\CreataCard\Gold\FMRMD32.EXE -> [1997/09/08 02:00:00 | 00,055,296 | ---- | M] (Micrografx, Inc.) %AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe -> [2007/02/21 13:49:21 | 00,450,560 | ---- | M] (Logitech) %AllUsersProfile%\Start Menu\Programs\Startup\Microsoft Office.lnk -> %ProgramFiles%\Microsoft Office\Office10\OSA.EXE -> [2001/02/13 01:01:04 | 00,083,360 | ---- | M] (Microsoft Corporation) %AllUsersProfile%\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk -> %ProgramFiles%\Quicken\bagent.exe -> [2005/01/21 11:45:16 | 00,057,344 | ---- | M] (Intuit Inc.) < Owner Startup Folder > -> C:\Documents and Settings\Owner\Start Menu\Programs\Startup -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableRegistryTools" -> [0] -> File not found \\"DisableTaskMgr" -> [0] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\Office10\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000] -> [2001/02/16 01:05:38 | 09,164,192 | R--- | M] (Microsoft Corporation) MWOL &Dictionary -> %SystemRoot%\_MWOLTB.DLL [res://C:\WINDOWS\_MWOLTB.DLL/23/219] -> [2007/12/30 08:59:35 | 00,385,024 | ---- | M] () MWOL &Thesaurus -> %SystemRoot%\_MWOLTB.DLL [res://C:\WINDOWS\_MWOLTB.DLL/23/220] -> [2007/12/30 08:59:35 | 00,385,024 | ---- | M] () < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value does not exist or could not be read.] -> File not found CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. -> download_skygolf.com [http] -> Trusted sites -> www_skygolfgps.com [http] -> Trusted sites -> www_skygolfgps.com [https] -> Trusted sites -> 2 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader5.cab[Facebook Photo Uploader 5] -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://go.microsoft.com/fwlink/?linkid=39204[Windows Genuine Advantage Validation Tool] -> {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {3CF32649-D1C0-4F42-AB44-ED284748920B} [HKLM] -> http://www.m-w.com/downloads/toolbar/webinstall.cab[Merriam-Webster Online Toolbar] -> {5ED80217-570B-4DA9-BF44-BE107C0EC166} [HKLM] -> http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab[Windows Live Safety Center Base Module] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {B8BE5E93-A60C-4D26-A2DC-220313175592} [HKLM] -> http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[MSN Games - Installer] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab[Java Plug-in 1.5.0_06] -> {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab[Java Plug-in 1.5.0_11] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab[Java Plug-in 1.6.0_02] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab[Java Plug-in 1.6.0_10] -> {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} [HKLM] -> http://www.adobe.com/products/acrobat/nos/gp.cab[get_atlcom Class] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {DE625294-70E6-45ED-B895-CFFA13AEB044} [HKLM] -> http://engine.netanday.it/ajax_webcam/codec/AMC.cab[AxisMediaControlEmb Class] -> {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} [HKLM] -> http://walmart.pnimedia.com/upload/activex/v2_0_0_10/PCAXSetupv2.0.0.10.cab?[Photo Upload Plugin Class] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {14E7F811-FF12-43D0-9B82-37A9A688BD8A} -> (CATC USB/Ethernet Link II) -> {1FF4FF32-D215-413C-8FAA-08603888636C} -> (Intel(R) PRO/100 VE Network Connection) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\WINDOWS\system32\vafubamu.dll -> %SystemRoot%\system32\vafubamu.dll -> [2008/09/05 10:23:37 | 00,064,281 | -HS- | M] () c:\windows\system32\dunuhobu.dll -> %SystemRoot%\system32\dunuhobu.dll -> File not found c:\windows\system32\feyujafi.dll -> %SystemRoot%\system32\feyujafi.dll -> [2008/12/07 07:23:13 | 00,093,293 | -HS- | M] () *MultiFile Done* -> -> < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\feyujafi.dll [SSODL] -> [2008/12/07 07:23:13 | 00,093,293 | -HS- | M] () < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\feyujafi.dll [STS] -> [2008/12/07 07:23:13 | 00,093,293 | -HS- | M] () < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2007/02/21 13:49:18 | 00,032,768 | ---- | M] (Logitech) "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 18:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Documents and Settings\Owner\Desktop\INES\LimeWire\LimeWire.exe" -> C:\Documents and Settings\Owner\Desktop\INES\LimeWire\LimeWire.exe [C:\Documents and Settings\Owner\Desktop\INES\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/09/10 16:39:54 | 14,228,264 | ---- | M] (Apple Inc.) "C:\Program Files\iTunes\iTunesHelper.exe" -> C:\Program Files\iTunes\iTunesHelper.exe [C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper] -> [2008/09/10 16:40:06 | 00,289,576 | ---- | M] (Apple Inc.) "C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary] -> [2008/11/27 09:29:23 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) "C:\Program Files\Java\jre6\bin\jusched.exe" -> C:\Program Files\Java\jre6\bin\jusched.exe [C:\Program Files\Java\jre6\bin\jusched.exe:*:Enabled:jusched] -> [2008/11/27 09:29:24 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare] -> [2007/02/20 04:10:26 | 00,282,624 | ---- | M] (Eastman Kodak Company) "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> File not found "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger] -> [2007/02/21 13:49:18 | 00,032,768 | ---- | M] (Logitech) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 15:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1] -> [2007/01/19 11:54:56 | 05,674,352 | ---- | M] (Microsoft Corporation) "C:\SCANJET\PrecisionScanPro\HPLamp.exe" -> C:\SCANJET\PrecisionScanPro\HPLamp.exe [C:\SCANJET\PrecisionScanPro\HPLamp.exe:*:Enabled:HPLamp] -> [1998/09/02 01:00:00 | 00,042,496 | ---- | M] () "C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\logonui.exe" -> C:\WINDOWS\system32\logonui.exe [C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui] -> [2008/04/13 18:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32] -> [2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\usmt\migwiz.exe" -> C:\WINDOWS\system32\usmt\migwiz.exe [C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard] -> [2008/04/13 18:12:25 | 00,245,248 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\system32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2008/04/13 18:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\wuauclt.exe" -> C:\WINDOWS\system32\wuauclt.exe [C:\WINDOWS\system32\wuauclt.exe:*:Enabled:wuauclt] -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 12:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2007/02/20 13:49:33 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Registry - Additional Scans - Safe List] < ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ -> {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} [HKLM] -> %ProgramFiles%\OpenOffice.org 2.1\program\shlxthdl.dll [Reg Error: Value does not exist or could not be read.] -> [2006/11/14 12:03:30 | 00,335,872 | ---- | M] (Sun Microsystems, Inc.) {F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> [2004/12/14 01:20:02 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = My Current Home Page -> 0 -> Source = About:Home -> 0 -> SubscribedURL = About:Home -> < Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ -> !AVG Anti-Spyware hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found < Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> "bootini" -> 2 -> "services" -> 0 -> "startup" -> 2 -> "system.ini" -> 0 -> "win.ini" -> 0 -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/13 18:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation) .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> .hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004/08/04 06:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) .hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2008/08/22 02:04:54 | 00,045,568 | ---- | M] (Microsoft Corporation) .html [@ = htmlfile] -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) .inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 05:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 05:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .pif [@ = piffile] -> "%1" %* -> .reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/13 18:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation) .scr [@ = scrfile] -> "%1" /S -> .txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 05:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 05:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 05:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 05:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> 6to4 -> [] -> AppMgmt -> C:\WINDOWS\System32\appmgmts.dll [C:\WINDOWS\System32\appmgmts.dll] -> File not found HidServ -> C:\WINDOWS\System32\hidserv.dll [C:\WINDOWS\System32\hidserv.dll] -> File not found Ias -> [] -> Iprip -> [] -> Irmon -> [] -> NWCWorkstation -> [] -> Nwsapagent -> [] -> Wmi -> [] -> WmdmPmSp -> [] -> helpsvc -> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll] -> [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bw+0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw+0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw-0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw00:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw00s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw-0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw10:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw10s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw20:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw20s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw30:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw30s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw40:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw40s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw50:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw50s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw60:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw60s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw70:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw70s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw80:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw80s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw90:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bw90s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwa0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwa0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwb0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwb0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwc0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwc0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwd0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwd0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwe0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwe0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwf0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwf0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwg0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwg0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwh0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwh0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwi0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwi0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwj0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwj0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwk0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwk0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwl0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwl0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwm0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwm0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwn0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwn0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwo0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwo0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwp0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwp0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwq0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwq0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwr0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwr0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bws0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bws0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwt0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwt0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwu0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwu0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwv0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwv0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bww0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bww0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwx0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwx0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwy0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwy0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwz0:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) bwz0s:{7f754244-e7a6-428d-9787-bb841a1fa23e} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) cdo:{CD00020A-8B95-11D1-82DB-00C04FB1625D} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\PKMCDO.DLL[Microsoft PKM KnowledgePluggable Class] -> [2001/01/22 03:25:24 | 00,872,448 | ---- | M] (Microsoft Corporation) intu-qt2007:{026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} [HKLM] -> %ProgramFiles%\QuickTax 2007\ic2007pp.dll[qt2007 Pluggable Protocol Handler Class] -> [2008/01/03 13:29:18 | 00,069,632 | ---- | M] (Intuit Canada, a general partnership/une société en nom collectif.) ipp: [HKLM] -> No CLSID value ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) livecall:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> [2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) msdaipp: [HKLM] -> No CLSID value msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2001/02/12 03:25:24 | 01,187,840 | ---- | M] (Microsoft Corporation) msnim:{828030A1-22C1-4009-854F-8E305202313F} [HKLM] -> %ProgramFiles%\MSN Messenger\msgrapp.8.1.0178.00.dll[Reg Error: Value does not exist or could not be read.] -> [2007/01/19 11:53:24 | 00,063,344 | ---- | M] (Microsoft Corporation) mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\10\OWC10.DLL[Data Page Pluggable Protocol mso-offdap Handler] -> [2001/02/23 18:36:24 | 07,436,272 | ---- | M] (Microsoft Corporation) offline-8876480:{7F754244-E7A6-428D-9787-BB841A1FA23E} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll[BackWeb Proactive Portal Pluggable Protocol] -> [2007/02/21 13:49:18 | 00,040,999 | ---- | M] (BackWeb Technologies Inc. ) < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) PCI Configuration -> Driver Group PNP Filter -> Driver Group Primary disk -> Driver Group SCSI Class -> Driver Group sermouse.sys -> Driver System Bus Extender -> Driver Group vds -> Service vga.sys -> Driver < SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E972-E325-11CE-BFC1-08002BE10318} -> Net {4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient {4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService {4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) NDIS Wrapper -> Driver Group NetBIOSGroup -> Driver Group NetDDEGroup -> Driver Group Network -> Driver Group NetworkProvider -> Driver Group PCI Configuration -> Driver Group PNP Filter -> Driver Group PNP_TDI -> Driver Group Primary disk -> Driver Group rdpdd.sys -> %SystemRoot%\System32\rdpdd.dll -> [2008/04/13 18:13:22 | 00,092,424 | ---- | M] (Microsoft Corporation) SCSI Class -> Driver Group sermouse.sys -> Driver Streams Drivers -> Driver Group System Bus Extender -> Driver Group TDI -> Driver Group vga.sys -> Driver vsmon -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> [2008/10/09 13:25:32 | 02,405,776 | ---- | M] (Check Point Software Technologies LTD) < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> "BootExecute" -> autocheck autochk *; -> "ExcludeFromKnownDlls" -> -> *ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> \Windows -> -> File not found \RPC Control -> -> File not found *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> "ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2008/04/13 18:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) "TEMP" -> %SystemRoot%\TEMP -> "TMP" -> %SystemRoot%\TEMP -> "windir" -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %SystemRoot%\system32 -> %SystemRoot%\system32 -> [2008/12/07 08:18:53 | 00,000,000 | ---D | M] %SystemRoot% -> %SystemRoot% -> [2008/12/05 23:39:39 | 00,000,000 | ---D | M] %SystemRoot%\System32\Wbem -> %SystemRoot%\system32\wbem -> [2008/09/13 09:13:06 | 00,000,000 | ---D | M] C:\Program Files\Common Files\Adaptec Shared\System -> %CommonProgramFiles%\Adaptec Shared\System -> [2007/02/21 13:57:05 | 00,000,000 | ---D | M] -> -> File not found "C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier" -> %ProgramFiles%\Zone Labs\ZoneAlarm\MailFrontier -> [2008/10/16 07:42:13 | 00,000,000 | ---D | M] C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [2008/10/02 19:11:55 | 00,000,000 | ---D | M] *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> File not found .EXE -> -> File not found .BAT -> -> File not found .CMD -> -> File not found .VBS -> -> File not found .VBE -> -> File not found .JS -> -> File not found .JSE -> -> File not found .WSF -> -> File not found .WSH -> -> File not found *MultiFile Done* -> -> < Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> < Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> "advapi32" -> C:\WINDOWS\system32\advapi32.dll -> [2008/04/13 18:11:48 | 00,617,472 | ---- | M] (Microsoft Corporation) "comdlg32" -> C:\WINDOWS\system32\comdlg32.dll -> [2008/04/13 18:11:51 | 00,276,992 | ---- | M] (Microsoft Corporation) "DllDirectory" -> C:\WINDOWS\system32 -> [2008/12/07 08:18:53 | 00,000,000 | ---D | M] "gdi32" -> C:\WINDOWS\system32\gdi32.dll -> [2008/04/13 18:11:54 | 00,285,184 | ---- | M] (Microsoft Corporation) "imagehlp" -> C:\WINDOWS\system32\imagehlp.dll -> [2008/04/13 18:11:54 | 00,144,384 | ---- | M] (Microsoft Corporation) "kernel32" -> C:\WINDOWS\system32\kernel32.dll -> [2008/04/13 18:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) "lz32" -> C:\WINDOWS\system32\lz32.dll -> [2004/08/04 06:00:00 | 00,002,560 | ---- | M] (Microsoft Corporation) "ole32" -> C:\WINDOWS\system32\ole32.dll -> [2008/04/13 18:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation) "oleaut32" -> C:\WINDOWS\system32\oleaut32.dll -> [2008/04/13 18:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation) "olecli32" -> C:\WINDOWS\system32\olecli32.dll -> [2008/04/13 18:12:02 | 00,074,752 | ---- | M] (Microsoft Corporation) "olecnv32" -> C:\WINDOWS\system32\olecnv32.dll -> [2008/04/13 18:12:02 | 00,037,376 | ---- | M] (Microsoft Corporation) "olesvr32" -> C:\WINDOWS\system32\olesvr32.dll -> [2004/08/04 06:00:00 | 00,022,016 | ---- | M] (Microsoft Corporation) "olethk32" -> C:\WINDOWS\system32\olethk32.dll -> [2004/08/04 06:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) "rpcrt4" -> C:\WINDOWS\system32\rpcrt4.dll -> [2008/04/13 18:12:04 | 00,584,704 | ---- | M] (Microsoft Corporation) "shell32" -> C:\WINDOWS\system32\shell32.dll -> [2008/04/13 18:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation) "url" -> C:\WINDOWS\system32\url.dll -> [2008/08/22 02:07:58 | 00,105,984 | ---- | M] (Microsoft Corporation) "urlmon" -> C:\WINDOWS\system32\urlmon.dll -> [2008/08/22 02:08:22 | 01,206,784 | ---- | M] (Microsoft Corporation) "user32" -> C:\WINDOWS\system32\user32.dll -> [2008/04/13 18:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation) "version" -> C:\WINDOWS\system32\version.dll -> [2008/04/13 18:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation) "wininet" -> C:\WINDOWS\system32\wininet.dll -> [2008/08/22 02:08:06 | 00,878,592 | ---- | M] (Microsoft Corporation) "wldap32" -> C:\WINDOWS\system32\wldap32.dll -> [2008/04/13 18:12:09 | 00,172,032 | ---- | M] (Microsoft Corporation) < Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC -> "CommonFilesDir" -> C:\Program Files\Common Files -> [2008/12/02 23:58:19 | 00,000,000 | ---D | M] "ProgramFilesDir" -> C:\Program Files -> [2008/12/07 07:51:58 | 00,000,000 | ---D | M] < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> [2008/08/29 08:53:50 | 00,147,456 | ---- | M] (Apple Inc.) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 10/31/2008 10:09:36 PM Computer Name = HOME-12D01BC88C | Source = MsiInstaller | ID = 11706 -> Description = Product: Microsoft Calculator Plus -- Error 1706. An installation package for the product Microsoft Calculator Plus cannot be found. Try the installation again using a valid copy of the installation package 'CalcPlus[1].msi'. Application [ Error ] 11/12/2008 11:33:30 AM Computer Name = HOME-12D01BC88C | Source = MsiInstaller | ID = 11706 -> Description = Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. Application [ Error ] 11/26/2008 7:13:49 PM Computer Name = HOME-12D01BC88C | Source = MsiInstaller | ID = 11706 -> Description = Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. Application [ Error ] 11/26/2008 7:13:55 PM Computer Name = HOME-12D01BC88C | Source = MsiInstaller | ID = 1024 -> Description = Product: Microsoft Office XP Professional with FrontPage - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Application [ Error ] 11/26/2008 9:01:16 PM Computer Name = HOME-12D01BC88C | Source = MsiInstaller | ID = 11706 -> Description = Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. Application [ Error ] 11/26/2008 9:01:23 PM Computer Name = HOME-12D01BC88C | Source = MsiInstaller | ID = 1024 -> Description = Product: Microsoft Office XP Professional with FrontPage - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Application [ Error ] 11/26/2008 9:59:08 PM Computer Name = HOME-12D01BC88C | Source = MsiInstaller | ID = 11706 -> Description = Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. Application [ Error ] 11/26/2008 9:59:13 PM Computer Name = HOME-12D01BC88C | Source = MsiInstaller | ID = 1024 -> Description = Product: Microsoft Office XP Professional with FrontPage - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Application [ Error ] 11/26/2008 10:43:10 PM Computer Name = HOME-12D01BC88C | Source = MsiInstaller | ID = 11706 -> Description = Product: Microsoft Office XP Professional with FrontPage -- Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem, see C:\Program Files\Microsoft Office\Office10\1033\SETUP.HLP. Application [ Error ] 11/26/2008 10:43:17 PM Computer Name = HOME-12D01BC88C | Source = MsiInstaller | ID = 1024 -> Description = Product: Microsoft Office XP Professional with FrontPage - Update '{DA256408-A2E7-41A5-8AD6-62ACB86A0FD7}' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 System [ Error ] 12/6/2008 5:32:03 PM Computer Name = HOME-12D01BC88C | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AVG Anti-Spyware Driver PCIIde System [ Error ] 12/7/2008 9:22:54 AM Computer Name = HOME-12D01BC88C | Source = Service Control Manager | ID = 7000 -> Description = The AVG Anti-Spyware Guard service failed to start due to the following error: %%2 System [ Error ] 12/7/2008 9:22:54 AM Computer Name = HOME-12D01BC88C | Source = Service Control Manager | ID = 7026 -> Description = The following boot-start or system-start driver(s) failed to load: AVG Anti-Spyware Driver System [ Error ] 12/7/2008 9:24:24 AM Computer Name = HOME-12D01BC88C | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} System [ Error ] 12/7/2008 9:25:46 AM Computer Name = HOME-12D01BC88C | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} System [ Error ] 12/7/2008 9:26:43 AM Computer Name = HOME-12D01BC88C | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} System [ Error ] 12/7/2008 9:27:03 AM Computer Name = HOME-12D01BC88C | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} System [ Error ] 12/7/2008 9:27:06 AM Computer Name = HOME-12D01BC88C | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} System [ Error ] 12/7/2008 9:27:08 AM Computer Name = HOME-12D01BC88C | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} System [ Error ] 12/7/2008 9:32:46 AM Computer Name = HOME-12D01BC88C | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334} [Files/Folders - Created Within 90 Days] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/07 09:11:31 | 00,000,000 | ---D | C] ~.exe -> %SystemRoot%\System32\~.exe -> [2008/12/07 08:18:15 | 00,063,488 | ---- | C] () Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk -> [2008/12/07 07:52:00 | 00,000,650 | ---- | C] () Hijackthis -> %ProgramFiles%\Hijackthis -> [2008/12/07 07:51:58 | 00,000,000 | ---D | C] omorazel.ini -> %SystemRoot%\System32\omorazel.ini -> [2008/12/07 07:23:29 | 01,430,425 | -HS- | C] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/06 11:21:28 | 10,727,66976 | -HS- | C] () etuhimow.ini -> %SystemRoot%\System32\etuhimow.ini -> [2008/12/05 23:23:51 | 01,430,425 | -HS- | C] () Malwarebytes -> %AppData%\Malwarebytes -> [2008/12/03 17:17:27 | 00,000,000 | ---D | C] mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 17:17:15 | 00,015,504 | ---- | C] (Malwarebytes Corporation) mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 17:17:13 | 00,038,496 | ---- | C] (Malwarebytes Corporation) Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2008/12/03 17:17:11 | 00,000,000 | ---D | C] Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2008/12/03 17:17:11 | 00,000,000 | ---D | C] Microsoft Windows OneCare Live -> %ProgramFiles%\Microsoft Windows OneCare Live -> [2008/12/02 23:43:17 | 00,000,000 | ---D | C] Lavasoft -> %AllUsersProfile%\Application Data\Lavasoft -> [2008/12/02 20:35:23 | 00,000,000 | ---D | C] Downloads -> %UserProfile%\My Documents\Downloads -> [2008/11/30 13:28:12 | 00,000,000 | ---D | C] mucltui.dll -> %SystemRoot%\System32\mucltui.dll -> [2008/11/26 16:42:59 | 00,268,648 | ---- | C] (Microsoft Corporation) muweb.dll -> %SystemRoot%\System32\muweb.dll -> [2008/11/26 16:42:59 | 00,208,744 | ---- | C] (Microsoft Corporation) mucltui.dll.mui -> %SystemRoot%\System32\mucltui.dll.mui -> [2008/11/26 16:42:59 | 00,027,496 | ---- | C] (Microsoft Corporation) microsoft -> %AllUsersProfile%\Documents\microsoft -> [2008/11/26 01:02:11 | 00,000,000 | ---D | C] Config.Msi -> %SystemDrive%\Config.Msi -> [2008/11/26 00:38:16 | 00,000,000 | -H-D | C] Trymedia -> %AllUsersProfile%\Application Data\Trymedia -> [2008/11/19 21:21:10 | 00,000,000 | ---D | C] mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/12 07:01:17 | 00,455,296 | ---- | C] (Microsoft Corporation) msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/12 07:00:54 | 01,106,944 | ---- | C] (Microsoft Corporation) LimeWire -> %UserProfile%\My Documents\LimeWire -> [2008/10/24 11:24:30 | 00,000,000 | ---D | C] netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/24 02:51:01 | 00,337,408 | ---- | C] (Microsoft Corporation) MailFrontier -> %AppData%\MailFrontier -> [2008/10/16 07:42:10 | 00,000,000 | ---D | C] klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> [2008/10/16 07:37:19 | 00,148,496 | ---- | C] (Kaspersky Lab) srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/16 06:22:59 | 00,333,824 | ---- | C] (Microsoft Corporation) win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/16 06:22:56 | 01,846,400 | ---- | C] (Microsoft Corporation) ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/16 06:22:53 | 02,145,280 | ---- | C] (Microsoft Corporation) ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/16 06:22:52 | 02,189,184 | ---- | C] (Microsoft Corporation) ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/16 06:22:51 | 02,023,936 | ---- | C] (Microsoft Corporation) ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/16 06:22:50 | 02,066,048 | ---- | C] (Microsoft Corporation) hw.doc -> %UserProfile%\My Documents\hw.doc -> [2008/10/10 08:45:46 | 00,023,552 | ---- | C] () New Folder -> %AllUsersProfile%\Documents\New Folder -> [2008/10/08 11:08:19 | 00,000,000 | ---D | C] iPod -> %ProgramFiles%\iPod -> [2008/10/02 19:15:07 | 00,000,000 | ---D | C] iTunes -> %ProgramFiles%\iTunes -> [2008/10/02 19:14:03 | 00,000,000 | ---D | C] {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/10/02 19:14:03 | 00,000,000 | ---D | C] Bonjour -> %ProgramFiles%\Bonjour -> [2008/10/02 19:13:08 | 00,000,000 | ---D | C] QuickTime -> %ProgramFiles%\QuickTime -> [2008/10/02 19:11:07 | 00,000,000 | ---D | C] AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/10/02 19:04:53 | 00,000,284 | ---- | C] () Apple Software Update -> %ProgramFiles%\Apple Software Update -> [2008/10/02 19:04:47 | 00,000,000 | ---D | C] msxml4.dll -> %SystemRoot%\System32\msxml4.dll -> [2008/09/30 16:43:34 | 01,286,152 | ---- | C] (Microsoft Corporation) Microsoft Silverlight -> %ProgramFiles%\Microsoft Silverlight -> [2008/09/26 19:46:42 | 00,000,000 | ---D | C] jj..doc -> %UserProfile%\My Documents\jj..doc -> [2008/09/23 07:46:10 | 00,027,648 | ---- | C] () nsreg.dat -> %SystemRoot%\nsreg.dat -> [2008/09/22 21:43:55 | 00,000,000 | ---- | C] () Mozilla -> %UserProfile%\Local Settings\Application Data\Mozilla -> [2008/09/22 21:43:31 | 00,000,000 | ---D | C] Mozilla -> %AppData%\Mozilla -> [2008/09/22 21:43:30 | 00,000,000 | ---D | C] Mozilla Firefox -> %ProgramFiles%\Mozilla Firefox -> [2008/09/22 21:43:06 | 00,000,000 | ---D | C] ie8 -> %SystemRoot%\ie8 -> [2008/09/13 13:52:21 | 00,000,000 | -H-D | C] Prefetch -> %SystemRoot%\Prefetch -> [2008/09/13 09:14:35 | 00,000,000 | ---D | C] Messenger -> %ProgramFiles%\Messenger -> [2008/09/13 08:56:45 | 00,000,000 | ---D | C] scripting -> %SystemRoot%\System32\scripting -> [2008/09/13 08:56:16 | 00,000,000 | ---D | C] l2schemas -> %SystemRoot%\l2schemas -> [2008/09/13 08:56:15 | 00,000,000 | ---D | C] en -> %SystemRoot%\System32\en -> [2008/09/13 08:56:14 | 00,000,000 | ---D | C] bits -> %SystemRoot%\System32\bits -> [2008/09/13 08:56:14 | 00,000,000 | ---D | C] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2008/09/13 08:51:29 | 00,000,000 | ---D | C] ReinstallBackups -> %SystemRoot%\System32\ReinstallBackups -> [2008/09/13 08:43:56 | 00,000,000 | ---D | C] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2008/09/13 08:38:57 | 00,000,000 | -H-D | C] EHome -> %SystemRoot%\EHome -> [2008/09/13 08:38:46 | 00,000,000 | ---D | C] wlanapi.dll -> %SystemRoot%\System32\wlanapi.dll -> [2008/09/13 07:20:35 | 00,069,120 | ---- | C] (Microsoft Corporation) wacompen.sys -> %SystemRoot%\System32\drivers\wacompen.sys -> [2008/09/13 07:20:21 | 00,014,208 | ---- | C] (Microsoft Corporation) vidcap.ax -> %SystemRoot%\System32\vidcap.ax -> [2008/09/13 07:20:15 | 00,028,672 | ---- | C] (Microsoft Corporation) viaagp.sys -> %SystemRoot%\System32\drivers\viaagp.sys -> [2008/09/13 07:20:14 | 00,042,240 | ---- | C] (Microsoft Corporation) usbvideo.sys -> %SystemRoot%\System32\drivers\usbvideo.sys -> [2008/09/13 07:20:06 | 00,121,984 | ---- | C] (Microsoft Corporation) usb8023x.sys -> %SystemRoot%\System32\drivers\usb8023x.sys -> [2008/09/13 07:20:03 | 00,012,800 | ---- | C] (Microsoft Corporation) uagp35.sys -> %SystemRoot%\System32\drivers\uagp35.sys -> [2008/09/13 07:19:51 | 00,044,672 | ---- | C] (Microsoft Corporation) tspkg.dll -> %SystemRoot%\System32\tspkg.dll -> [2008/09/13 07:19:47 | 00,050,688 | ---- | C] (Microsoft Corporation) spupdwxp.exe -> %SystemRoot%\System32\spupdwxp.exe -> [2008/09/13 07:19:21 | 00,020,992 | ---- | C] (Microsoft Corporation) spdwnwxp.exe -> %SystemRoot%\System32\spdwnwxp.exe -> [2008/09/13 07:19:18 | 00,007,680 | ---- | C] (Microsoft Corporation) smbali.sys -> %SystemRoot%\System32\drivers\smbali.sys -> [2008/09/13 07:19:11 | 00,005,888 | ---- | C] (Microsoft Corporation) sffp_mmc.sys -> %SystemRoot%\System32\drivers\sffp_mmc.sys -> [2008/09/13 07:18:51 | 00,010,240 | ---- | C] (Microsoft Corporation) setupn.exe -> %SystemRoot%\System32\setupn.exe -> [2008/09/13 07:18:47 | 00,032,768 | ---- | C] (Microsoft Corporation) rndismpx.sys -> %SystemRoot%\System32\drivers\rndismpx.sys -> [2008/09/13 07:18:14 | 00,030,592 | ---- | C] (Microsoft Corporation) rfcomm.sys -> %SystemRoot%\System32\drivers\rfcomm.sys -> [2008/09/13 07:18:10 | 00,059,136 | ---- | C] (Microsoft Corporation) rasqec.dll -> %SystemRoot%\System32\rasqec.dll -> [2008/09/13 07:17:54 | 00,061,952 | ---- | C] (Microsoft Corporation) qutil.dll -> %SystemRoot%\System32\qutil.dll -> [2008/09/13 07:17:43 | 00,076,800 | ---- | C] (Microsoft Corporation) qcliprov.dll -> %SystemRoot%\System32\qcliprov.dll -> [2008/09/13 07:17:36 | 00,062,464 | ---- | C] (Microsoft Corporation) qagentrt.dll -> %SystemRoot%\System32\qagentrt.dll -> [2008/09/13 07:17:34 | 00,291,328 | ---- | C] (Microsoft Corporation) qagent.dll -> %SystemRoot%\System32\qagent.dll -> [2008/09/13 07:17:34 | 00,150,528 | ---- | C] (Microsoft Corporation) onex.dll -> %SystemRoot%\System32\onex.dll -> [2008/09/13 07:17:01 | 00,144,384 | ---- | C] (Microsoft Corporation) netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [2008/09/13 07:16:29 | 00,067,866 | ---- | C] () napstat.exe -> %SystemRoot%\System32\napstat.exe -> [2008/09/13 07:16:13 | 00,176,640 | ---- | C] (Microsoft Corporation) napmontr.dll -> %SystemRoot%\System32\napmontr.dll -> [2008/09/13 07:16:12 | 00,193,024 | ---- | C] (Microsoft Corporation) napipsec.dll -> %SystemRoot%\System32\napipsec.dll -> [2008/09/13 07:16:12 | 00,030,208 | ---- | C] (Microsoft Corporation) mutohpen.sys -> %SystemRoot%\System32\drivers\mutohpen.sys -> [2008/09/13 07:16:11 | 00,012,672 | ---- | C] (Microsoft Corporation) msxml6.dll -> %SystemRoot%\System32\dllcache\msxml6.dll -> [2008/09/13 07:16:06 | 01,307,648 | ---- | C] (Microsoft Corporation) msxml6r.dll -> %SystemRoot%\System32\msxml6r.dll -> [2008/09/13 07:16:06 | 00,079,872 | ---- | C] (Microsoft Corporation) msxml6r.dll -> %SystemRoot%\System32\dllcache\msxml6r.dll -> [2008/09/13 07:16:06 | 00,079,872 | ---- | C] (Microsoft Corporation) mssha.dll -> %SystemRoot%\System32\mssha.dll -> [2008/09/13 07:15:58 | 00,155,136 | ---- | C] (Microsoft Corporation) msshavmsg.dll -> %SystemRoot%\System32\msshavmsg.dll -> [2008/09/13 07:15:58 | 00,076,800 | ---- | C] (Microsoft Corporation) mmcex.dll -> %SystemRoot%\System32\mmcex.dll -> [2008/09/13 07:15:26 | 00,397,312 | ---- | C] (Microsoft Corporation) mmcfxcommon.dll -> %SystemRoot%\System32\mmcfxcommon.dll -> [2008/09/13 07:15:26 | 00,106,496 | ---- | C] (Microsoft Corporation) mmcperf.exe -> %SystemRoot%\System32\mmcperf.exe -> [2008/09/13 07:15:26 | 00,033,792 | ---- | C] (Microsoft Corporation) microsoft.managementconsole.dll -> %SystemRoot%\System32\microsoft.managementconsole.dll -> [2008/09/13 07:15:25 | 00,184,320 | ---- | C] (Microsoft Corporation) l2gpstore.dll -> %SystemRoot%\System32\l2gpstore.dll -> [2008/09/13 07:15:05 | 00,037,376 | ---- | C] (Microsoft Corporation) kmsvc.dll -> %SystemRoot%\System32\kmsvc.dll -> [2008/09/13 07:15:01 | 00,061,440 | ---- | C] (Microsoft Corporation) kbdpash.dll -> %SystemRoot%\System32\kbdpash.dll -> [2008/09/13 07:14:59 | 00,006,144 | ---- | C] (Microsoft Corporation) kbdnepr.dll -> %SystemRoot%\System32\kbdnepr.dll -> [2008/09/13 07:14:59 | 00,006,144 | ---- | C] (Microsoft Corporation) kbdiultn.dll -> %SystemRoot%\System32\kbdiultn.dll -> [2008/09/13 07:14:58 | 00,006,144 | ---- | C] (Microsoft Corporation) kbdbhc.dll -> %SystemRoot%\System32\kbdbhc.dll -> [2008/09/13 07:14:57 | 00,006,144 | ---- | C] (Microsoft Corporation) pid.inf -> %SystemRoot%\System32\pid.inf -> [2008/09/13 07:14:22 | 00,001,261 | ---- | C] () hidir.sys -> %SystemRoot%\System32\drivers\hidir.sys -> [2008/09/13 07:13:57 | 00,019,200 | ---- | C] (Microsoft Corporation) hidbth.sys -> %SystemRoot%\System32\drivers\hidbth.sys -> [2008/09/13 07:13:56 | 00,025,600 | ---- | C] (Microsoft Corporation) gagp30kx.sys -> %SystemRoot%\System32\drivers\gagp30kx.sys -> [2008/09/13 07:13:52 | 00,046,464 | ---- | C] (Microsoft Corporation) faxpatch.exe -> %SystemRoot%\System32\faxpatch.exe -> [2008/09/13 07:13:16 | 00,020,992 | ---- | C] (Microsoft Corporation) eapphost.dll -> %SystemRoot%\System32\eapphost.dll -> [2008/09/13 07:13:11 | 00,180,224 | ---- | C] (Microsoft Corporation) eapqec.dll -> %SystemRoot%\System32\eapqec.dll -> [2008/09/13 07:13:11 | 00,059,392 | ---- | C] (Microsoft Corporation) eappprxy.dll -> %SystemRoot%\System32\eappprxy.dll -> [2008/09/13 07:13:11 | 00,040,960 | ---- | C] (Microsoft Corporation) eapsvc.dll -> %SystemRoot%\System32\eapsvc.dll -> [2008/09/13 07:13:11 | 00,033,792 | ---- | C] (Microsoft Corporation) eapp3hst.dll -> %SystemRoot%\System32\eapp3hst.dll -> [2008/09/13 07:13:10 | 00,184,832 | ---- | C] (Microsoft Corporation) eappcfg.dll -> %SystemRoot%\System32\eappcfg.dll -> [2008/09/13 07:13:10 | 00,126,976 | ---- | C] (Microsoft Corporation) eappgnui.dll -> %SystemRoot%\System32\eappgnui.dll -> [2008/09/13 07:13:10 | 00,094,208 | ---- | C] (Microsoft Corporation) eapolqec.dll -> %SystemRoot%\System32\eapolqec.dll -> [2008/09/13 07:13:10 | 00,030,720 | ---- | C] (Microsoft Corporation) dot3ui.dll -> %SystemRoot%\System32\dot3ui.dll -> [2008/09/13 07:13:03 | 00,650,752 | ---- | C] (Microsoft Corporation) dot3svc.dll -> %SystemRoot%\System32\dot3svc.dll -> [2008/09/13 07:13:03 | 00,132,096 | ---- | C] (Microsoft Corporation) dot3cfg.dll -> %SystemRoot%\System32\dot3cfg.dll -> [2008/09/13 07:13:03 | 00,057,856 | ---- | C] (Microsoft Corporation) dot3msm.dll -> %SystemRoot%\System32\dot3msm.dll -> [2008/09/13 07:13:03 | 00,056,320 | ---- | C] (Microsoft Corporation) dot3gpclnt.dll -> %SystemRoot%\System32\dot3gpclnt.dll -> [2008/09/13 07:13:03 | 00,039,936 | ---- | C] (Microsoft Corporation) dot3api.dll -> %SystemRoot%\System32\dot3api.dll -> [2008/09/13 07:13:03 | 00,026,112 | ---- | C] (Microsoft Corporation) dot3dlg.dll -> %SystemRoot%\System32\dot3dlg.dll -> [2008/09/13 07:13:03 | 00,009,216 | ---- | C] (Microsoft Corporation) dimsroam.dll -> %SystemRoot%\System32\dimsroam.dll -> [2008/09/13 07:12:59 | 00,039,936 | ---- | C] (Microsoft Corporation) dimsntfy.dll -> %SystemRoot%\System32\dimsntfy.dll -> [2008/09/13 07:12:59 | 00,019,456 | ---- | C] (Microsoft Corporation) dhcpqec.dll -> %SystemRoot%\System32\dhcpqec.dll -> [2008/09/13 07:12:58 | 00,048,640 | ---- | C] (Microsoft Corporation) credssp.dll -> %SystemRoot%\System32\credssp.dll -> [2008/09/13 07:12:51 | 00,012,800 | ---- | C] (Microsoft Corporation) bthprint.sys -> %SystemRoot%\System32\drivers\bthprint.sys -> [2008/09/13 07:12:40 | 00,036,480 | ---- | C] (Microsoft Corporation) bthusb.sys -> %SystemRoot%\System32\drivers\bthusb.sys -> [2008/09/13 07:12:40 | 00,018,944 | ---- | C] (Microsoft Corporation) bthpan.sys -> %SystemRoot%\System32\drivers\bthpan.sys -> [2008/09/13 07:12:39 | 00,101,120 | ---- | C] (Microsoft Corporation) bthmodem.sys -> %SystemRoot%\System32\drivers\bthmodem.sys -> [2008/09/13 07:12:39 | 00,037,888 | ---- | C] (Microsoft Corporation) bthenum.sys -> %SystemRoot%\System32\drivers\bthenum.sys -> [2008/09/13 07:12:39 | 00,017,024 | ---- | C] (Microsoft Corporation) bitsprx4.dll -> %SystemRoot%\System32\bitsprx4.dll -> [2008/09/13 07:12:38 | 00,007,168 | ---- | C] (Microsoft Corporation) azroles.dll -> %SystemRoot%\System32\azroles.dll -> [2008/09/13 07:12:36 | 00,233,472 | ---- | C] (Microsoft Corporation) ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [2008/09/13 07:12:33 | 00,064,352 | ---- | C] () alim1541.sys -> %SystemRoot%\System32\drivers\alim1541.sys -> [2008/09/13 07:12:25 | 00,042,752 | ---- | C] (Microsoft Corporation) agpcpq.sys -> %SystemRoot%\System32\drivers\agpcpq.sys -> [2008/09/13 07:12:16 | 00,044,928 | ---- | C] (Microsoft Corporation) Unit 1.doc -> %UserProfile%\My Documents\Unit 1.doc -> [2008/09/12 11:56:16 | 00,036,864 | ---- | C] () Melting Point Lab.doc -> %UserProfile%\My Documents\Melting Point Lab.doc -> [2008/09/10 11:39:18 | 00,025,600 | ---- | C] () Wearing No Socks can actually cause severer athletes foot that could kill you.doc -> %UserProfile%\My Documents\Wearing No Socks can actually cause severer athletes foot that could kill you.doc -> [2008/09/09 11:59:52 | 00,022,016 | ---- | C] () [Files/Folders - Modified Within 90 Days] 5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help -> [2007/10/21 22:56:13 | 00,000,000 | ---D | M] hhcolreg.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2007/10/21 22:56:13 | 00,008,124 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2007/02/20 14:18:28 | 00,000,000 | ---D | M] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/03 00:14:26 | 00,004,232 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/03 00:14:26 | 00,005,537 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data -> [2007/02/26 21:48:23 | 00,000,000 | ---D | M] data.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Office\Data\data.dat -> [2007/03/03 02:58:51 | 00,001,388 | ---- | M] () C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [2008/12/07 09:11:54 | 00,000,000 | ---D | M] zuhrn0.cmd -> C:\Documents and Settings\Owner\Local Settings\Temp\zuhrn0.cmd -> [2008/11/25 21:24:12 | 00,000,211 | ---- | M] () 2089 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [2008/12/07 09:11:54 | 00,000,000 | ---D | M] AutoRun.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\AutoRun.exe -> [2007/01/26 02:15:30 | 00,700,416 | ---- | M] (Electronic Arts Inc.) carpetSTAIRS.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\carpetSTAIRS.exe -> [2008/11/30 14:03:21 | 52,675,735 | ---- | M] (tester, tester@test.com) eauninstall.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\eauninstall.exe -> [2005/09/28 02:55:17 | 00,352,256 | ---- | M] (Electronic Arts Inc.) First15.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\First15.exe -> [2005/09/27 22:09:12 | 01,453,843 | R--- | M] (Macromedia, Inc.) Install_WLMessenger.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Install_WLMessenger.exe -> [2007/10/27 22:46:44 | 20,222,992 | ---- | M] (Microsoft Corporation) msnsearch.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\msnsearch.exe -> [2005/06/13 13:46:24 | 00,228,824 | ---- | M] (Microsoft Corporation) RhapInstTemp.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\RhapInstTemp.exe -> [2007/07/24 09:55:53 | 13,209,856 | ---- | M] () The Sims 2_uninst.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\The Sims 2_uninst.exe -> [2005/09/27 22:09:04 | 00,073,728 | ---- | M] (Electronic Arts Inc.) VP6Install.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\VP6Install.exe -> [2005/09/27 22:11:23 | 00,023,040 | R--- | M] () WiseUpdX.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\WiseUpdX.exe -> [2007/06/22 06:57:00 | 00,188,681 | ---- | M] () wmpinstaller.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\wmpinstaller.exe -> [2008/11/30 14:03:01 | 00,131,072 | ---- | M] () 2089 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\03210773616\ -> C:\Documents and Settings\Owner\Local Settings\Temp\03210773616 -> [2007/03/21 06:41:49 | 00,000,000 | ---D | M] zlunwise.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\03210773616\zlunwise.exe -> [2003/09/15 10:43:54 | 00,162,304 | ---- | M] () 3 C:\Documents and Settings\Owner\Local Settings\Temp\03210773616\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\03210773616\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe_Downloads\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe_Downloads -> [2007/06/14 05:52:09 | 00,000,000 | ---D | M] pase320_en_US.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe_Downloads\pase320_en_US.exe -> [2007/06/14 05:51:49 | 08,823,576 | ---- | M] (Adobe Systems, Inc. ) sgc15.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe_Downloads\sgc15.exe -> [2007/06/14 05:51:18 | 00,075,376 | ---- | M] () C:\Documents and Settings\Owner\Local Settings\Temp\Div11.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Div11.tmp\ -> [2008/02/14 06:29:21 | 00,000,000 | ---D | M] DivXInstaller.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Div11.tmp\DivXInstaller.exe -> [2008/02/14 06:29:21 | 16,887,272 | ---- | M] (DivX, Inc.) C:\Documents and Settings\Owner\Local Settings\Temp\Div5B.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Div5B.tmp\ -> [2007/10/25 07:01:40 | 00,000,000 | ---D | M] DivXInstaller.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Div5B.tmp\DivXInstaller.exe -> [2007/10/25 07:01:40 | 23,770,568 | ---- | M] (DivX, Inc.) C:\Documents and Settings\Owner\Local Settings\Temp\Div82.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Div82.tmp\ -> [2008/11/24 00:04:28 | 00,000,000 | ---D | M] DivXInstaller.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Div82.tmp\DivXInstaller.exe -> [2008/11/24 00:04:28 | 20,721,912 | ---- | M] (DivX, Inc.) C:\Documents and Settings\Owner\Local Settings\Temp\DivE.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\DivE.tmp\ -> [2007/12/07 09:49:19 | 00,000,000 | ---D | M] DivXInstaller.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\DivE.tmp\DivXInstaller.exe -> [2007/12/07 09:49:19 | 17,759,360 | ---- | M] (DivX, Inc.) C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\ -> [2007/02/22 08:54:56 | 00,000,000 | ---D | M] jinstall.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\ICD1.tmp\jinstall.exe -> [2007/01/30 16:28:04 | 00,245,873 | ---- | M] (Sun Microsystems, Inc.) C:\Documents and Settings\Owner\Local Settings\Temp\ins1.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\ins1.tmp\ -> [2007/02/21 13:49:26 | 00,000,000 | ---D | M] LDMClient.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\ins1.tmp\LDMClient.exe -> [2004/12/08 13:35:54 | 06,527,199 | R--- | M] (BackWeb) C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KWP2DA2X\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KWP2DA2X -> [2008/12/07 09:10:08 | 00,000,000 | -HSD | M] HJTsetup[1].exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\KWP2DA2X\HJTsetup[1].exe -> [2008/12/07 07:51:24 | 00,488,144 | ---- | M] (Soeperman Enterprises Ltd ) C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\PNARPT5G\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\PNARPT5G -> [2008/12/07 09:08:17 | 00,000,000 | -HSD | M] KillBox[1].exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\PNARPT5G\KillBox[1].exe -> [2008/12/07 07:46:01 | 00,071,680 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) windows-kb890830-v2.4[1].exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\PNARPT5G\windows-kb890830-v2.4[1].exe -> [2008/12/07 07:29:51 | 07,645,120 | ---- | M] (Microsoft Corporation) C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WSO5SZ3D\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WSO5SZ3D -> [2008/12/07 09:10:43 | 00,000,000 | -HSD | M] OTScanIt2[1].exe -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WSO5SZ3D\OTScanIt2[1].exe -> [2008/12/07 09:10:59 | 00,647,651 | ---- | M] () C:\Documents and Settings\Owner\Local Settings\Temp\usmt\ -> C:\Documents and Settings\Owner\Local Settings\Temp\usmt -> [2007/02/25 10:25:25 | 00,000,000 | ---D | M] migload.exe -> C:\Documents and Settings\Owner\Local Settings\Temp\usmt\migload.exe -> [2001/08/17 22:36:48 | 00,098,816 | ---- | M] (Microsoft Corporation) C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [2008/12/07 09:11:54 | 00,000,000 | ---D | M] 7.2.20.2-EasyShrx.Dll -> C:\Documents and Settings\Owner\Local Settings\Temp\7.2.20.2-EasyShrx.Dll -> [2008/08/15 15:56:09 | 01,167,360 | ---- | M] (Eastman Kodak Company) AutoRunGUI.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\AutoRunGUI.dll -> [2007/01/26 01:06:20 | 00,651,264 | ---- | M] (Electronic Arts Inc.) au_res.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\au_res.dll -> [2007/03/13 07:47:06 | 00,009,920 | ---- | M] (Microsoft Corporation) au_setuph.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\au_setuph.dll -> [2007/03/13 07:47:06 | 00,092,864 | ---- | M] (Microsoft Corporation) IadHide5.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll -> [2004/02/11 15:58:16 | 00,024,613 | ---- | M] (BackWeb) mpengine.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\mpengine.dll -> [2008/12/07 07:30:00 | 00,000,000 | ---- | M] () UninstallRC-3875767.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\UninstallRC-3875767.dll -> [2007/02/22 09:33:15 | 00,065,536 | ---- | M] () VP6VFW.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\VP6VFW.dll -> [2005/09/27 22:11:24 | 00,442,368 | R--- | M] (On2.com) 2089 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\~CL4C.tmp\ -> C:\Documents and Settings\Owner\Local Settings\Temp\~CL4C.tmp\ -> [2007/02/22 09:30:21 | 00,000,000 | ---D | M] g2a_hook.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\~CL4C.tmp\g2a_hook.dll -> [2007/02/22 09:24:54 | 00,010,752 | ---- | M] (Citrix Online) C:\Documents and Settings\Owner\Local Settings\Temp\032107165612\ -> C:\Documents and Settings\Owner\Local Settings\Temp\032107165612 -> [2007/03/21 15:59:35 | 00,000,000 | ---D | M] vsinit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\032107165612\vsinit.dll -> [2007/03/08 23:01:24 | 00,157,424 | ---- | M] (Zone Labs, LLC) vsutil.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\032107165612\vsutil.dll -> [2007/03/08 23:01:28 | 00,472,816 | ---- | M] (Zone Labs, LLC) 3 C:\Documents and Settings\Owner\Local Settings\Temp\032107165612\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\032107165612\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\03260882724\ -> C:\Documents and Settings\Owner\Local Settings\Temp\03260882724 -> [2008/03/26 07:33:12 | 00,000,000 | ---D | M] fbl.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\03260882724\fbl.dll -> [2008/03/13 22:10:46 | 00,128,480 | ---- | M] (Zone Labs, LLC) featuremap.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\03260882724\featuremap.dll -> [2008/03/13 22:10:46 | 00,038,376 | ---- | M] (Zone Labs, LLC) vsavpro.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\03260882724\vsavpro.dll -> [2008/03/13 22:10:52 | 00,108,008 | ---- | M] (Zone Labs, LLC) vsdata.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\03260882724\vsdata.dll -> [2008/03/13 22:10:52 | 00,083,432 | ---- | M] (Zone Labs, LLC) vsdb.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\03260882724\vsdb.dll -> [2008/03/13 22:10:52 | 00,083,432 | ---- | M] (Zone Labs, LLC) vsinit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\03260882724\vsinit.dll -> [2008/03/13 22:10:52 | 00,161,256 | ---- | M] (Zone Labs, LLC) vsutil.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\03260882724\vsutil.dll -> [2008/03/13 22:10:54 | 00,472,552 | ---- | M] (Zone Labs, LLC) 3 C:\Documents and Settings\Owner\Local Settings\Temp\03260882724\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\03260882724\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\07120854656\ -> C:\Documents and Settings\Owner\Local Settings\Temp\07120854656 -> [2008/07/12 04:50:44 | 00,000,000 | ---D | M] fbl.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\07120854656\fbl.dll -> [2008/07/09 08:05:08 | 00,128,480 | ---- | M] (Zone Labs, LLC) featuremap.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\07120854656\featuremap.dll -> [2008/07/09 08:05:08 | 00,038,376 | ---- | M] (Zone Labs, LLC) vsavpro.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\07120854656\vsavpro.dll -> [2008/07/09 08:05:10 | 00,108,008 | ---- | M] (Zone Labs, LLC) vsdata.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\07120854656\vsdata.dll -> [2008/07/09 08:05:10 | 00,083,432 | ---- | M] (Zone Labs, LLC) vsdb.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\07120854656\vsdb.dll -> [2008/07/09 08:05:10 | 00,083,432 | ---- | M] (Zone Labs, LLC) vsinit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\07120854656\vsinit.dll -> [2008/07/09 08:05:10 | 00,157,160 | ---- | M] (Zone Labs, LLC) vsutil.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\07120854656\vsutil.dll -> [2008/07/09 08:05:12 | 00,472,552 | ---- | M] (Zone Labs, LLC) 3 C:\Documents and Settings\Owner\Local Settings\Temp\07120854656\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\07120854656\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\09040875659\ -> C:\Documents and Settings\Owner\Local Settings\Temp\09040875659 -> [2008/09/04 07:04:23 | 00,000,000 | ---D | M] vsxml.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\09040875659\vsxml.dll -> [2008/08/21 19:41:12 | 00,110,480 | ---- | M] (Check Point Software Technologies LTD) 3 C:\Documents and Settings\Owner\Local Settings\Temp\09040875659\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\09040875659\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\10160883220\ -> C:\Documents and Settings\Owner\Local Settings\Temp\10160883220 -> [2008/10/16 07:40:14 | 00,000,000 | ---D | M] vsxml.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\10160883220\vsxml.dll -> [2008/10/09 13:25:24 | 00,110,480 | ---- | M] (Check Point Software Technologies LTD) 3 C:\Documents and Settings\Owner\Local Settings\Temp\10160883220\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\10160883220\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\11290783646\ -> C:\Documents and Settings\Owner\Local Settings\Temp\11290783646 -> [2007/11/29 08:41:22 | 00,000,000 | ---D | M] fbl.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\11290783646\fbl.dll -> [2007/11/14 16:04:46 | 00,128,480 | ---- | M] (Zone Labs, LLC) featuremap.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\11290783646\featuremap.dll -> [2007/11/14 16:04:46 | 00,038,376 | ---- | M] (Zone Labs, LLC) vsavpro.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\11290783646\vsavpro.dll -> [2007/11/14 16:04:52 | 00,108,008 | ---- | M] (Zone Labs, LLC) vsdata.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\11290783646\vsdata.dll -> [2007/11/14 16:04:52 | 00,083,432 | ---- | M] (Zone Labs, LLC) vsdb.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\11290783646\vsdb.dll -> [2007/11/14 16:04:52 | 00,083,432 | ---- | M] (Zone Labs, LLC) vsinit.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\11290783646\vsinit.dll -> [2007/11/14 16:04:52 | 00,157,160 | ---- | M] (Zone Labs, LLC) vsutil.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\11290783646\vsutil.dll -> [2007/11/14 16:04:54 | 00,472,552 | ---- | M] (Zone Labs, LLC) 3 C:\Documents and Settings\Owner\Local Settings\Temp\11290783646\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\11290783646\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\Rhapsody\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Rhapsody -> [2007/11/29 08:41:22 | 00,000,000 | ---D | M] rnlog.dll -> C:\Documents and Settings\Owner\Local Settings\Temp\Rhapsody\rnlog.dll -> [2007/06/02 01:00:56 | 00,053,248 | ---- | M] (RealNetworks, Inc.) C:\Documents and Settings\Owner\Local Settings\Temp\ -> C:\Documents and Settings\Owner\Local Settings\Temp -> [2008/12/07 09:11:54 | 00,000,000 | ---D | M] AVRES_OPTRF_LiveUpdate.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\AVRES_OPTRF_LiveUpdate.dat -> [2007/03/21 16:02:09 | 00,000,172 | ---- | M] () AVSTELiveUpdate.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\AVSTELiveUpdate.dat -> [2007/03/21 16:05:30 | 00,000,172 | ---- | M] () SSALiveUpdate.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\SSALiveUpdate.dat -> [2007/03/21 16:02:46 | 00,000,172 | ---- | M] () symcprop.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\symcprop.dat -> [2007/03/21 16:05:31 | 00,008,700 | ---- | M] () 2089 C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\03210773616\ -> C:\Documents and Settings\Owner\Local Settings\Temp\03210773616 -> [2007/03/21 06:41:49 | 00,000,000 | ---D | M] spyware.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\03210773616\spyware.dat -> [2007/03/20 10:00:44 | 03,154,215 | ---- | M] () 3 C:\Documents and Settings\Owner\Local Settings\Temp\03210773616\*.tmp files -> C:\Documents and Settings\Owner\Local Settings\Temp\03210773616\*.tmp -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe_Downloads\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe_Downloads -> [2007/06/14 05:52:09 | 00,000,000 | ---D | M] nos_16266.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Adobe_Downloads\nos_16266.dat -> [2007/06/25 18:55:56 | 76,399,460 | ---- | M] ( ) C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Cookies -> [2008/12/07 09:10:08 | 00,000,000 | -HSD | M] index.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Cookies\index.dat -> [2008/12/07 09:12:33 | 00,049,152 | -HS- | M] () C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\ -> C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\ -> [2008/12/07 07:26:25 | 00,000,000 | -HSD | M] index.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\index.dat -> [2008/12/07 09:12:33 | 00,114,688 | -HS- | M] () C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\MSHist012008120720081208\ -> C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\MSHist012008120720081208 -> [2008/12/07 07:26:25 | 00,000,000 | -HSD | M] index.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\History\History.IE5\MSHist012008120720081208\index.dat -> [2008/12/07 07:26:00 | 00,049,152 | -HS- | M] () C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [2008/12/05 10:24:04 | 00,000,000 | -HSD | M] index.dat -> C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/12/07 09:12:33 | 00,638,976 | -HS- | M] () C:\WINDOWS\Temp\ -> C:\WINDOWS\Temp -> [2008/12/07 08:59:34 | 00,000,000 | ---D | M] Perflib_Perfdata_5c8.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat -> [2008/12/07 07:22:40 | 00,016,384 | ---- | M] () Perflib_Perfdata_b38.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_b38.dat -> [2007/07/11 04:23:23 | 00,016,384 | ---- | M] () Perflib_Perfdata_cc.dat -> C:\WINDOWS\Temp\Perflib_Perfdata_cc.dat -> [2008/04/09 21:05:06 | 00,016,384 | ---- | M] () 716 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> C:\WINDOWS\Temp\Cookies\ -> C:\WINDOWS\Temp\Cookies -> [2007/12/01 21:53:04 | 00,000,000 | -HSD | M] index.dat -> C:\WINDOWS\Temp\Cookies\index.dat -> [2008/12/07 08:59:33 | 00,016,384 | -HS- | M] () C:\WINDOWS\Temp\History\History.IE5\ -> C:\WINDOWS\Temp\History\History.IE5\ -> [2007/12/01 21:53:04 | 00,000,000 | -HSD | M] index.dat -> C:\WINDOWS\Temp\History\History.IE5\index.dat -> [2008/12/07 08:59:33 | 00,016,384 | -HS- | M] () C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\ -> [2007/12/01 21:53:04 | 00,000,000 | -HSD | M] index.dat -> C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/12/07 08:59:33 | 00,049,152 | -HS- | M] () puyibomo -> %SystemRoot%\System32\puyibomo -> [2008/12/07 09:20:35 | 00,006,456 | -H-- | M] () fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [2008/12/07 09:12:25 | 51,884,8544 | -HS- | M] () ~.exe -> %SystemRoot%\System32\~.exe -> [2008/12/07 08:18:53 | 00,063,488 | ---- | M] () Hijackthis.lnk -> %UserProfile%\Desktop\Hijackthis.lnk -> [2008/12/07 07:52:00 | 00,000,650 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/07 07:37:17 | 00,013,646 | ---- | M] () rollback.ini -> %SystemDrive%\rollback.ini -> [2008/12/07 07:29:12 | 00,001,282 | ---- | M] () omorazel.ini -> %SystemRoot%\System32\omorazel.ini -> [2008/12/07 07:23:34 | 01,430,425 | -HS- | M] () feyujafi.dll -> %SystemRoot%\System32\feyujafi.dll -> [2008/12/07 07:23:13 | 00,093,293 | -HS- | M] () lezaromo.dll -> %SystemRoot%\System32\lezaromo.dll -> [2008/12/07 07:23:13 | 00,088,854 | -HS- | M] () vsconfig.xml -> %SystemRoot%\System32\vsconfig.xml -> [2008/12/07 07:22:56 | 00,349,226 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/07 07:22:30 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/07 07:22:13 | 00,002,048 | --S- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/07 07:22:09 | 10,727,66976 | -HS- | M] () fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [2008/12/06 20:11:50 | 06,942,740 | -HS- | M] () IconCache.db -> %UserProfile%\Local Settings\Application Data\IconCache.db -> [2008/12/06 20:11:15 | 04,311,850 | -H-- | M] () etuhimow.ini -> %SystemRoot%\System32\etuhimow.ini -> [2008/12/05 23:23:55 | 01,430,425 | -HS- | M] () jiyayuda.dll -> %SystemRoot%\System32\jiyayuda.dll -> [2008/12/05 10:23:27 | 00,064,281 | -HS- | M] () buzimebu.dll -> %SystemRoot%\System32\buzimebu.dll -> [2008/12/04 14:06:11 | 00,063,029 | -HS- | M] () AdobeFnt.lst -> %SystemRoot%\System32\AdobeFnt.lst -> [2008/12/04 12:56:23 | 00,138,582 | ---- | M] () Disk Cleanup.job -> %SystemRoot%\tasks\Disk Cleanup.job -> [2008/12/04 06:44:00 | 00,000,260 | ---- | M] () mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2008/12/03 19:52:38 | 00,038,496 | ---- | M] (Malwarebytes Corporation) mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2008/12/03 19:52:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) zllictbl.dat -> %SystemRoot%\System32\zllictbl.dat -> [2008/12/02 10:07:40 | 00,004,212 | -H-- | M] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/11/30 16:34:28 | 00,087,552 | ---- | M] () AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/11/29 21:17:06 | 00,000,284 | ---- | M] () My Sharing Folders.lnk -> %UserProfile%\My Documents\My Sharing Folders.lnk -> [2008/11/29 18:43:32 | 00,000,583 | ---- | M] () sqmnoopt08.sqm -> %SystemDrive%\sqmnoopt08.sqm -> [2008/11/29 16:17:27 | 00,000,244 | -H-- | M] () sqmdata08.sqm -> %SystemDrive%\sqmdata08.sqm -> [2008/11/29 16:17:27 | 00,000,232 | -H-- | M] () sqmnoopt07.sqm -> %SystemDrive%\sqmnoopt07.sqm -> [2008/11/29 15:01:18 | 00,000,244 | -H-- | M] () sqmdata07.sqm -> %SystemDrive%\sqmdata07.sqm -> [2008/11/29 15:01:18 | 00,000,232 | -H-- | M] () sqmnoopt06.sqm -> %SystemDrive%\sqmnoopt06.sqm -> [2008/11/29 13:04:53 | 00,000,244 | -H-- | M] () sqmdata06.sqm -> %SystemDrive%\sqmdata06.sqm -> [2008/11/29 13:04:53 | 00,000,232 | -H-- | M] () sqmnoopt05.sqm -> %SystemDrive%\sqmnoopt05.sqm -> [2008/11/28 13:07:08 | 00,000,244 | -H-- | M] () sqmdata05.sqm -> %SystemDrive%\sqmdata05.sqm -> [2008/11/28 13:07:08 | 00,000,232 | -H-- | M] () sqmnoopt04.sqm -> %SystemDrive%\sqmnoopt04.sqm -> [2008/11/27 19:03:22 | 00,000,244 | -H-- | M] () sqmdata04.sqm -> %SystemDrive%\sqmdata04.sqm -> [2008/11/27 19:03:22 | 00,000,232 | -H-- | M] () sqmnoopt03.sqm -> %SystemDrive%\sqmnoopt03.sqm -> [2008/11/26 18:48:19 | 00,000,244 | -H-- | M] () sqmdata03.sqm -> %SystemDrive%\sqmdata03.sqm -> [2008/11/26 18:48:19 | 00,000,232 | -H-- | M] () sqmdata02.sqm -> %SystemDrive%\sqmdata02.sqm -> [2008/11/25 19:17:37 | 00,000,232 | -H-- | M] () sqmnoopt02.sqm -> %SystemDrive%\sqmnoopt02.sqm -> [2008/11/25 19:17:36 | 00,000,244 | -H-- | M] () sqmnoopt01.sqm -> %SystemDrive%\sqmnoopt01.sqm -> [2008/11/24 19:05:39 | 00,000,244 | -H-- | M] () sqmdata01.sqm -> %SystemDrive%\sqmdata01.sqm -> [2008/11/24 19:05:39 | 00,000,232 | -H-- | M] () sqmnoopt00.sqm -> %SystemDrive%\sqmnoopt00.sqm -> [2008/11/23 16:52:01 | 00,000,244 | -H-- | M] () sqmdata00.sqm -> %SystemDrive%\sqmdata00.sqm -> [2008/11/23 16:52:01 | 00,000,232 | -H-- | M] () sqmnoopt19.sqm -> %SystemDrive%\sqmnoopt19.sqm -> [2008/11/23 15:20:32 | 00,000,244 | -H-- | M] () sqmdata19.sqm -> %SystemDrive%\sqmdata19.sqm -> [2008/11/23 15:20:32 | 00,000,232 | -H-- | M] () sqmnoopt18.sqm -> %SystemDrive%\sqmnoopt18.sqm -> [2008/11/23 14:59:23 | 00,000,244 | -H-- | M] () sqmdata18.sqm -> %SystemDrive%\sqmdata18.sqm -> [2008/11/23 14:59:23 | 00,000,232 | -H-- | M] () sqmnoopt17.sqm -> %SystemDrive%\sqmnoopt17.sqm -> [2008/11/23 12:45:14 | 00,000,244 | -H-- | M] () sqmdata17.sqm -> %SystemDrive%\sqmdata17.sqm -> [2008/11/23 12:45:14 | 00,000,232 | -H-- | M] () sqmnoopt16.sqm -> %SystemDrive%\sqmnoopt16.sqm -> [2008/11/23 12:41:52 | 00,000,244 | -H-- | M] () sqmdata16.sqm -> %SystemDrive%\sqmdata16.sqm -> [2008/11/23 12:41:52 | 00,000,232 | -H-- | M] () sqmdata15.sqm -> %SystemDrive%\sqmdata15.sqm -> [2008/11/23 10:39:07 | 00,000,232 | -H-- | M] () sqmnoopt15.sqm -> %SystemDrive%\sqmnoopt15.sqm -> [2008/11/23 10:39:06 | 00,000,244 | -H-- | M] () sqmnoopt14.sqm -> %SystemDrive%\sqmnoopt14.sqm -> [2008/11/22 16:27:24 | 00,000,244 | -H-- | M] () sqmdata14.sqm -> %SystemDrive%\sqmdata14.sqm -> [2008/11/22 16:27:24 | 00,000,232 | -H-- | M] () sqmnoopt13.sqm -> %SystemDrive%\sqmnoopt13.sqm -> [2008/11/22 15:54:18 | 00,000,244 | -H-- | M] () sqmdata13.sqm -> %SystemDrive%\sqmdata13.sqm -> [2008/11/22 15:54:18 | 00,000,232 | -H-- | M] () sqmnoopt12.sqm -> %SystemDrive%\sqmnoopt12.sqm -> [2008/11/22 09:46:48 | 00,000,244 | -H-- | M] () sqmdata12.sqm -> %SystemDrive%\sqmdata12.sqm -> [2008/11/22 09:46:48 | 00,000,232 | -H-- | M] () sqmnoopt11.sqm -> %SystemDrive%\sqmnoopt11.sqm -> [2008/11/21 20:24:53 | 00,000,244 | -H-- | M] () sqmdata11.sqm -> %SystemDrive%\sqmdata11.sqm -> [2008/11/21 20:24:53 | 00,000,232 | -H-- | M] () sqmnoopt10.sqm -> %SystemDrive%\sqmnoopt10.sqm -> [2008/11/21 20:11:14 | 00,000,244 | -H-- | M] () sqmdata10.sqm -> %SystemDrive%\sqmdata10.sqm -> [2008/11/21 20:11:14 | 00,000,232 | -H-- | M] () sqmnoopt09.sqm -> %SystemDrive%\sqmnoopt09.sqm -> [2008/11/21 19:29:59 | 00,000,244 | -H-- | M] () sqmdata09.sqm -> %SystemDrive%\sqmdata09.sqm -> [2008/11/21 19:29:59 | 00,000,232 | -H-- | M] () imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/12 07:22:53 | 00,001,393 | ---- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/11/02 07:14:16 | 00,441,624 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/11/02 07:14:16 | 00,071,308 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/11/02 07:14:15 | 00,522,706 | ---- | M] () mrxsmb.sys -> %SystemRoot%\System32\drivers\mrxsmb.sys -> [2008/10/24 05:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/10/24 05:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) AUTOLNCH.REG -> %SystemRoot%\AUTOLNCH.REG -> [2008/10/16 18:23:05 | 00,001,080 | ---- | M] () wuaueng.dll -> %SystemRoot%\System32\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) wuaueng.dll -> %SystemRoot%\System32\dllcache\wuaueng.dll -> [2008/10/16 14:13:40 | 01,809,944 | ---- | M] (Microsoft Corporation) wuweb.dll -> %SystemRoot%\System32\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) wuweb.dll -> %SystemRoot%\System32\dllcache\wuweb.dll -> [2008/10/16 14:13:40 | 00,202,776 | ---- | M] (Microsoft Corporation) wucltui.dll -> %SystemRoot%\System32\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) wucltui.dll -> %SystemRoot%\System32\dllcache\wucltui.dll -> [2008/10/16 14:12:22 | 00,323,608 | ---- | M] (Microsoft Corporation) wuapi.dll -> %SystemRoot%\System32\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) wuapi.dll -> %SystemRoot%\System32\dllcache\wuapi.dll -> [2008/10/16 14:12:20 | 00,561,688 | ---- | M] (Microsoft Corporation) wuaucpl.cpl -> %SystemRoot%\System32\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) wuaucpl.cpl -> %SystemRoot%\System32\dllcache\wuaucpl.cpl -> [2008/10/16 14:12:20 | 00,213,528 | ---- | M] (Microsoft Corporation) cdm.dll -> %SystemRoot%\System32\dllcache\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) cdm.dll -> %SystemRoot%\System32\cdm.dll -> [2008/10/16 14:09:44 | 00,092,696 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\System32\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\System32\dllcache\wuauclt.exe -> [2008/10/16 14:09:44 | 00,051,224 | ---- | M] (Microsoft Corporation) wups2.dll -> %SystemRoot%\System32\wups2.dll -> [2008/10/16 14:09:44 | 00,043,544 | ---- | M] (Microsoft Corporation) wucltui.dll.mui -> %SystemRoot%\System32\wucltui.dll.mui -> [2008/10/16 14:09:40 | 00,031,768 | ---- | M] (Microsoft Corporation) wups.dll -> %SystemRoot%\System32\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) wups.dll -> %SystemRoot%\System32\dllcache\wups.dll -> [2008/10/16 14:08:58 | 00,034,328 | ---- | M] (Microsoft Corporation) wuaucpl.cpl.mui -> %SystemRoot%\System32\wuaucpl.cpl.mui -> [2008/10/16 14:07:46 | 00,023,576 | ---- | M] (Microsoft Corporation) wuapi.dll.mui -> %SystemRoot%\System32\wuapi.dll.mui -> [2008/10/16 14:07:44 | 00,023,576 | ---- | M] (Microsoft Corporation) wuaueng.dll.mui -> %SystemRoot%\System32\wuaueng.dll.mui -> [2008/10/16 14:07:14 | 00,018,456 | ---- | M] (Microsoft Corporation) mucltui.dll -> %SystemRoot%\System32\mucltui.dll -> [2008/10/16 14:06:48 | 00,268,648 | ---- | M] (Microsoft Corporation) muweb.dll -> %SystemRoot%\System32\muweb.dll -> [2008/10/16 14:06:48 | 00,208,744 | ---- | M] (Microsoft Corporation) mucltui.dll.mui -> %SystemRoot%\System32\mucltui.dll.mui -> [2008/10/16 14:06:48 | 00,027,496 | ---- | M] (Microsoft Corporation) FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/16 06:34:50 | 00,265,416 | ---- | M] () netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 10:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 10:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) hw.doc -> %UserProfile%\My Documents\hw.doc -> [2008/10/10 08:45:47 | 00,023,552 | ---- | M] () jj..doc -> %UserProfile%\My Documents\jj..doc -> [2008/10/08 07:59:11 | 00,027,648 | ---- | M] () SkyCaddie Desktop.lnk -> %UserProfile%\Desktop\SkyCaddie Desktop.lnk -> [2008/10/02 19:57:48 | 00,000,885 | ---- | M] () QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/10/02 05:21:12 | 00,054,156 | -H-- | M] () msxml4.dll -> %SystemRoot%\System32\msxml4.dll -> [2008/09/30 16:43:34 | 01,286,152 | ---- | M] (Microsoft Corporation) logfile -> %SystemDrive%\logfile -> [2008/09/29 05:58:23 | 00,047,998 | ---- | M] () nsreg.dat -> %SystemRoot%\nsreg.dat -> [2008/09/22 21:43:55 | 00,000,000 | ---- | M] () klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> [2008/09/18 17:15:14 | 00,148,496 | ---- | M] (Kaspersky Lab) win32k.sys -> %SystemRoot%\System32\win32k.sys -> [2008/09/15 06:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation) win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/09/15 06:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation) GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/09/14 22:46:16 | 00,078,272 | ---- | M] () Windows Live Messenger.lnk -> %AllUsersProfile%\Desktop\Windows Live Messenger.lnk -> [2008/09/14 15:38:49 | 00,001,736 | ---- | M] () desktop.ini -> %UserProfile%\My Documents\desktop.ini -> [2008/09/13 13:59:47 | 00,000,076 | -HS- | M] () ntldr -> %SystemDrive%\ntldr -> [2008/09/13 08:46:25 | 00,250,048 | RHS- | M] () Unit 1.doc -> %UserProfile%\My Documents\Unit 1.doc -> [2008/09/12 11:56:17 | 00,036,864 | ---- | M] () win.ini -> %SystemRoot%\win.ini -> [2008/09/11 19:59:17 | 00,001,754 | ---- | M] () Wearing No Socks can actually cause severer athletes foot that could kill you.doc -> %UserProfile%\My Documents\Wearing No Socks can actually cause severer athletes foot that could kill you.doc -> [2008/09/10 19:37:42 | 00,022,016 | ---- | M] () Melting Point Lab.doc -> %UserProfile%\My Documents\Melting Point Lab.doc -> [2008/09/10 11:39:18 | 00,025,600 | ---- | M] () msxml6.dll -> %SystemRoot%\System32\msxml6.dll -> [2008/09/09 19:14:56 | 01,307,648 | ---- | M] (Microsoft Corporation) msxml6.dll -> %SystemRoot%\System32\dllcache\msxml6.dll -> [2008/09/09 19:14:56 | 01,307,648 | ---- | M] (Microsoft Corporation) [File - Lop Check] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/12/03 17:17:11 | 00,000,000 | RH-D | M] {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/10/02 19:15:37 | 00,000,000 | ---D | M] Intuit -> C:\Documents and Settings\All Users\Application Data\Intuit -> [2007/02/21 17:44:06 | 00,000,000 | ---D | M] Intuit Canada -> C:\Documents and Settings\All Users\Application Data\Intuit Canada -> [2008/03/17 14:48:23 | 00,000,000 | ---D | M] MailFrontier -> C:\Documents and Settings\All Users\Application Data\MailFrontier -> [2007/11/29 08:39:27 | 00,000,000 | ---D | M] Napster -> C:\Documents and Settings\All Users\Application Data\Napster -> [2007/07/24 08:37:20 | 00,000,000 | ---D | M] Pure Networks -> C:\Documents and Settings\All Users\Application Data\Pure Networks -> [2007/02/21 17:20:46 | 00,000,000 | ---D | M] SkyGolf -> C:\Documents and Settings\All Users\Application Data\SkyGolf -> [2007/07/17 04:54:19 | 00,000,000 | ---D | M] Trymedia -> C:\Documents and Settings\All Users\Application Data\Trymedia -> [2008/11/19 21:21:10 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\Owner\Application Data -> [2008/12/03 17:17:27 | 00,000,000 | -H-D | M] Ahead -> C:\Documents and Settings\Owner\Application Data\Ahead -> [2007/02/25 08:53:13 | 00,000,000 | ---D | M] Corel -> C:\Documents and Settings\Owner\Application Data\Corel -> [2008/04/27 06:31:11 | 00,000,000 | ---D | M] F-Secure -> C:\Documents and Settings\Owner\Application Data\F-Secure -> [2007/02/24 07:01:00 | 00,000,000 | ---D | M] Intuit -> C:\Documents and Settings\Owner\Application Data\Intuit -> [2007/02/21 17:44:12 | 00,000,000 | ---D | M] Intuit Canada -> C:\Documents and Settings\Owner\Application Data\Intuit Canada -> [2008/03/17 14:49:46 | 00,000,000 | ---D | M] ispnews -> C:\Documents and Settings\Owner\Application Data\ispnews -> [2007/02/22 09:49:17 | 00,000,000 | ---D | M] LimeWire -> C:\Documents and Settings\Owner\Application Data\LimeWire -> [2008/10/25 02:42:50 | 00,000,000 | ---D | M] MailFrontier -> C:\Documents and Settings\Owner\Application Data\MailFrontier -> [2008/10/16 07:45:21 | 00,000,000 | ---D | M] OpenOffice.org2 -> C:\Documents and Settings\Owner\Application Data\OpenOffice.org2 -> [2008/11/12 09:38:33 | 00,000,000 | ---D | M] Roxio -> C:\Documents and Settings\Owner\Application Data\Roxio -> [2007/07/24 07:15:07 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/10/02 19:04:53 | 00,000,000 | --SD | M] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/11/29 21:17:06 | 00,000,284 | ---- | M] () desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () Disk Cleanup.job -> C:\WINDOWS\Tasks\Disk Cleanup.job -> [2008/12/04 06:44:00 | 00,000,260 | ---- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/07 07:22:30 | 00,000,006 | -H-- | M] () [File - Purity Scan] [File - Signature Check] < Cached Copy > -> < OS Copy > -> < MD5's > C:\WINDOWS\servicepackfiles\i386\explorer.exe [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> Cached Copy = 12896823FB95BFB3DC9B46BCAEDC9923 \ OS Copy = 12896823FB95BFB3DC9B46BCAEDC9923 C:\WINDOWS\servicepackfiles\i386\csrss.exe [2008/04/13 18:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe [2008/04/13 18:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = 44F275C64738EA2056E3D9580C23B60F \ OS Copy = 44F275C64738EA2056E3D9580C23B60F C:\WINDOWS\servicepackfiles\i386\lsass.exe [2008/04/13 18:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe [2008/04/13 18:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = BF2466B3E18E970D8A976FB95FC1CA85 \ OS Copy = BF2466B3E18E970D8A976FB95FC1CA85 C:\WINDOWS\servicepackfiles\i386\rundll32.exe [2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\rundll32.exe [2008/04/13 18:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy = 037B1E7798960E0420003D05BB577EE6 \ OS Copy = 037B1E7798960E0420003D05BB577EE6 C:\WINDOWS\servicepackfiles\i386\services.exe [2008/04/13 18:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\services.exe [2008/04/13 18:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> Cached Copy = 0E776ED5F7CC9F94299E70461B7B8185 \ OS Copy = 0E776ED5F7CC9F94299E70461B7B8185 C:\WINDOWS\servicepackfiles\i386\smss.exe [2008/04/13 18:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe [2008/04/13 18:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = 5F816C1F539266D2D4C78694239DA0B5 \ OS Copy = 5F816C1F539266D2D4C78694239DA0B5 C:\WINDOWS\servicepackfiles\i386\spoolsv.exe [2008/04/13 18:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\spoolsv.exe [2008/04/13 18:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B \ OS Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B C:\WINDOWS\servicepackfiles\i386\svchost.exe [2008/04/13 18:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\svchost.exe [2008/04/13 18:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18 \ OS Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18 C:\WINDOWS\servicepackfiles\i386\taskmgr.exe [2008/04/13 18:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\taskmgr.exe [2008/04/13 18:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy = 2CD1C3506A85B38E2D17E61ADED175C4 \ OS Copy = 2CD1C3506A85B38E2D17E61ADED175C4 C:\WINDOWS\servicepackfiles\i386\userinit.exe [2008/04/13 18:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\userinit.exe [2008/04/13 18:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> Cached Copy = A93AEE1928A9D7CE3E16D24EC7380F89 \ OS Copy = A93AEE1928A9D7CE3E16D24EC7380F89 C:\WINDOWS\servicepackfiles\i386\winlogon.exe [2008/04/13 18:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\winlogon.exe [2008/04/13 18:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> Cached Copy = ED0EF0A136DEC83DF69F04118870003E \ OS Copy = ED0EF0A136DEC83DF69F04118870003E [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\All Users\Start Menu\Programs\SceneSaver\JerMar Software Corp..url:favicon 1406 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\ Pinnacle Digest.url:favicon 3638 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\Canadian Insider.url:favicon 1150 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\Dynamic Prices and Charts for Molybdenum - InvestmentMine InfoMine.URL:favicon 1406 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\ETRADE Canada - Online Trading and Investing - Extraordinary Price, Products and Services.url:favicon 2238 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\globeandmail..url:favicon 2862 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\globeinvestor.com.url:favicon 318 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\Mackenzie - Account Access.url:favicon 894 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\Major World Indices - Yahoo! Finance.url:favicon 6598 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\Marketwire .url:favicon 894 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\StockHouse Canada.url:favicon 1406 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\Tsx Quotes.url:favicon 22486 bytes C:\Documents and Settings\Owner\Desktop\Claude\Business tools\Kitco - Gold & Precious Metals - Buy Gold & Sell Gold, Silver, Platinum - Charts, Graphs, Prices, Quotes, Gold Stocks, Mining Stocks, bullion dealers.url:favicon 894 bytes C:\Documents and Settings\Owner\Desktop\ewido anti spyand adaware\Windows Live OneCare safety scanner Free online tool for PC health and safety.url:favicon 10134 bytes C:\Documents and Settings\Owner\Favorites\AM640.url:favicon 1406 bytes C:\Documents and Settings\Owner\Favorites\BigCharts .url:favicon 318 bytes C:\Documents and Settings\Owner\Favorites\Blue and Gold.ca.url:favicon 3262 bytes C:\Documents and Settings\Owner\Favorites\Canada411.url:favicon 3638 bytes C:\Documents and Settings\Owner\Favorites\CANOE.url:favicon 1406 bytes C:\Documents and Settings\Owner\Favorites\Catholic Answers .url:favicon 5430 bytes C:\Documents and Settings\Owner\Favorites\CBS Sports.url:favicon 1406 bytes C:\Documents and Settings\Owner\Favorites\Christmas.url:favicon 1406 bytes C:\Documents and Settings\Owner\Favorites\GolfChannel .url:favicon 1150 bytes C:\Documents and Settings\Owner\Favorites\Italy vs. Cyprus World Cup Qualifier pre-dur-post match [R] 9-6-08 - Page 35 - BigSoccer.url:favicon 1406 bytes C:\Documents and Settings\Owner\Favorites\Justin.tv.url:favicon 3638 bytes C:\Documents and Settings\Owner\Favorites\Rankmark Golf .url:favicon 10134 bytes C:\Documents and Settings\Owner\Favorites\Saint Pio.url:favicon 894 bytes C:\Documents and Settings\Owner\Favorites\seria A Metacafe.url:favicon 1150 bytes C:\Documents and Settings\Owner\Favorites\Serie A VideosLive Stream,Goals Clip,Highlights.url:favicon 3638 bytes C:\Documents and Settings\Owner\Favorites\the Bible on the Internet.url:favicon 766 bytes C:\Documents and Settings\Owner\Favorites\Toronto Maple Leafs.url:favicon 4710 bytes C:\Documents and Settings\Owner\Favorites\Currency Converter(tm).url:favicon 7406 bytes C:\Documents and Settings\Owner\Favorites\dictionary.url:favicon 1150 bytes C:\Documents and Settings\Owner\Favorites\eBay.url:favicon 1406 bytes C:\Documents and Settings\Owner\Favorites\FIFA.com.url:favicon 894 bytes C:\Documents and Settings\Owner\Favorites\Football Italia.url:favicon 1078 bytes C:\Documents and Settings\Owner\Favorites\TSN .url:favicon 894 bytes C:\Documents and Settings\Owner\Favorites\UsedWinnipeg.url:favicon 318 bytes C:\Documents and Settings\Owner\Favorites\Watch4Free Live Football Online Streaming.url:favicon 3638 bytes C:\Documents and Settings\Owner\Favorites\Weather Network.url:favicon 1150 bytes C:\Documents and Settings\Owner\Favorites\Windows Live OneCare safety.url:favicon 10134 bytes C:\Documents and Settings\Owner\Favorites\CJOB News First.url:favicon 2550 bytes C:\Documents and Settings\Owner\Favorites\Mosquito Consolidated Gold .url:favicon 2294 bytes C:\Documents and Settings\Owner\Favorites\MTS Internet.url:favicon 824 bytes C:\Documents and Settings\Owner\Favorites\Online Sports Games at Candystand.com.url:favicon 1150 bytes C:\Documents and Settings\Owner\Favorites\OurBombers.com.url:favicon 1150 bytes C:\Documents and Settings\Owner\Favorites\PC World .url:favicon 3638 bytes scan completed successfully hidden files: 71 [Custom Scans] Error: Unable to interpret < > in the current context! < %systemroot%\Prefetch\*.* /s > C:\WINDOWS\Prefetch\ -> C:\WINDOWS\Prefetch -> [2008/12/07 09:25:00 | 00,000,000 | ---D | M] ACRORD32.EXE-13285B88.pf -> C:\WINDOWS\Prefetch\ACRORD32.EXE -> [2008/12/07 08:17:11 | 00,077,076 | ---- | M] () AHUI.EXE-10CE5D84.pf -> C:\WINDOWS\Prefetch\AHUI.EXE -> [2008/12/04 12:56:23 | 00,014,544 | ---- | M] () ALG.EXE-0F138680.pf -> C:\WINDOWS\Prefetch\ALG.EXE -> [2008/12/03 15:48:40 | 00,017,274 | ---- | M] () BAGENT.EXE-088FA74B.pf -> C:\WINDOWS\Prefetch\BAGENT.EXE -> [2008/12/07 07:24:19 | 00,028,122 | ---- | M] () CATCHME.EXE-0B1F9107.pf -> C:\WINDOWS\Prefetch\CATCHME.EXE -> [2008/12/07 09:27:51 | 00,012,822 | ---- | M] () CTFMON.EXE-0E17969B.pf -> C:\WINDOWS\Prefetch\CTFMON.EXE -> [2008/12/06 15:34:03 | 00,016,412 | ---- | M] () DEFRAG.EXE-273F131E.pf -> C:\WINDOWS\Prefetch\DEFRAG.EXE -> [2008/12/04 13:12:24 | 00,016,972 | ---- | M] () DFRGNTFS.EXE-269967DF.pf -> C:\WINDOWS\Prefetch\DFRGNTFS.EXE -> [2008/12/04 13:12:26 | 00,042,660 | ---- | M] () DIRECTCD.EXE-0A60B47C.pf -> C:\WINDOWS\Prefetch\DIRECTCD.EXE -> [2008/12/06 15:33:59 | 00,025,562 | ---- | M] () DIVXCODECVERSIONCHECKER.EXE-06B73480.pf -> C:\WINDOWS\Prefetch\DIVXCODECVERSIONCHECKER.EXE -> [2008/12/07 08:44:41 | 00,022,064 | ---- | M] () DIVXSM.EXE-3407AB62.pf -> C:\WINDOWS\Prefetch\DIVXSM.EXE -> [2008/12/07 08:46:57 | 00,032,442 | ---- | M] () DRWTSN32.EXE-2B4B52AC.pf -> C:\WINDOWS\Prefetch\DRWTSN32.EXE -> [2008/12/03 08:31:36 | 00,018,060 | ---- | M] () FIREFOX.EXE-28641590.pf -> C:\WINDOWS\Prefetch\FIREFOX.EXE -> [2008/12/03 11:17:00 | 00,080,550 | ---- | M] () FMNOT32.EXE-2CD66187.pf -> C:\WINDOWS\Prefetch\FMNOT32.EXE -> [2008/12/06 15:41:19 | 00,021,320 | ---- | M] () FMRMD32.EXE-089788CB.pf -> C:\WINDOWS\Prefetch\FMRMD32.EXE -> [2008/12/06 15:41:09 | 00,012,422 | ---- | M] () HELPSVC.EXE-2878DDA2.pf -> C:\WINDOWS\Prefetch\HELPSVC.EXE -> [2008/12/04 22:25:17 | 00,059,792 | ---- | M] () HIJACKTHIS.EXE-2AF68D7A.pf -> C:\WINDOWS\Prefetch\HIJACKTHIS.EXE -> [2008/12/07 07:52:14 | 00,017,806 | ---- | M] () HJTSETUP[1].EXE-2D0A81B6.pf -> C:\WINDOWS\Prefetch\HJTSETUP[1].EXE -> [2008/12/07 07:51:34 | 00,018,372 | ---- | M] () HPLAMP.EXE-290093F6.pf -> C:\WINDOWS\Prefetch\HPLAMP.EXE -> [2008/12/06 15:33:59 | 00,016,606 | ---- | M] () IEXPLORE.EXE-27122324.pf -> C:\WINDOWS\Prefetch\IEXPLORE.EXE -> [2008/12/07 09:08:14 | 00,032,484 | ---- | M] () IMAPI.EXE-0BF740A4.pf -> C:\WINDOWS\Prefetch\IMAPI.EXE -> [2008/12/07 08:59:16 | 00,023,160 | ---- | M] () INFOCARD.EXE-14622E55.pf -> C:\WINDOWS\Prefetch\INFOCARD.EXE -> [2008/12/06 12:35:25 | 00,047,298 | ---- | M] () IPODSERVICE.EXE-3192DE38.pf -> C:\WINDOWS\Prefetch\IPODSERVICE.EXE -> [2008/12/06 15:34:11 | 00,022,214 | ---- | M] () ITUNESHELPER.EXE-15823303.pf -> C:\WINDOWS\Prefetch\ITUNESHELPER.EXE -> [2008/12/06 15:34:05 | 00,018,228 | ---- | M] () JAVA.EXE-0C263507.pf -> C:\WINDOWS\Prefetch\JAVA.EXE -> [2008/12/07 08:59:00 | 00,084,902 | ---- | M] () JUSCHED.EXE-25206883.pf -> C:\WINDOWS\Prefetch\JUSCHED.EXE -> [2008/12/06 15:34:00 | 00,014,400 | ---- | M] () Layout.ini -> C:\WINDOWS\Prefetch\Layout.ini -> [2008/12/06 20:10:18 | 00,400,092 | ---- | M] () LDMCONF.EXE-2E2A6E1D.pf -> C:\WINDOWS\Prefetch\LDMCONF.EXE -> [2008/12/05 10:24:28 | 00,015,974 | ---- | M] () LOGITECHDESKTOPMESSENGER.EXE-1F2075EE.pf -> C:\WINDOWS\Prefetch\LOGITECHDESKTOPMESSENGER.EXE -> [2008/12/06 15:34:03 | 00,025,970 | ---- | M] () LOGONUI.EXE-0AF22957.pf -> C:\WINDOWS\Prefetch\LOGONUI.EXE -> [2008/12/06 20:11:25 | 00,023,404 | ---- | M] () MANTISPM.EXE-0BA234B4.pf -> C:\WINDOWS\Prefetch\MANTISPM.EXE -> [2008/12/07 07:24:20 | 00,037,212 | ---- | M] () MBAM-DOR.EXE-203884D2.pf -> C:\WINDOWS\Prefetch\MBAM-DOR.EXE -> [2008/12/06 15:29:48 | 00,015,368 | ---- | M] () MBAM-SETUP.EXE-07BB094E.pf -> C:\WINDOWS\Prefetch\MBAM-SETUP.EXE -> [2008/12/05 21:41:55 | 00,014,388 | ---- | M] () MBAM-SETUP[1].EXE-301975CE.pf -> C:\WINDOWS\Prefetch\MBAM-SETUP[1].EXE -> [2008/12/03 16:30:49 | 00,022,986 | ---- | M] () MBAM.EXE-0BEE0439.pf -> C:\WINDOWS\Prefetch\MBAM.EXE -> [2008/12/07 07:46:29 | 00,019,302 | ---- | M] () MBAMGUI.EXE-1286D63B.pf -> C:\WINDOWS\Prefetch\MBAMGUI.EXE -> [2008/12/05 21:42:04 | 00,011,614 | ---- | M] () MMC.EXE-04EF131A.pf -> C:\WINDOWS\Prefetch\MMC.EXE -> [2008/12/07 07:33:29 | 00,069,570 | ---- | M] () MRT.EXE-1B4A8D49.pf -> C:\WINDOWS\Prefetch\MRT.EXE -> [2008/12/07 07:30:01 | 00,019,140 | ---- | M] () MRTSTUB.EXE-2E0D8E98.pf -> C:\WINDOWS\Prefetch\MRTSTUB.EXE -> [2008/12/07 07:29:57 | 00,053,252 | ---- | M] () MSIEXEC.EXE-2F8A8CAE.pf -> C:\WINDOWS\Prefetch\MSIEXEC.EXE -> [2008/12/03 02:28:18 | 00,062,910 | ---- | M] () MSIMN.EXE-38BA891D.pf -> C:\WINDOWS\Prefetch\MSIMN.EXE -> [2008/12/06 15:44:06 | 00,097,374 | ---- | M] () MSNMSGR.EXE-366A1A81.pf -> C:\WINDOWS\Prefetch\MSNMSGR.EXE -> [2008/12/05 21:33:00 | 00,069,564 | ---- | M] () NOTEPAD.EXE-336351A9.pf -> C:\WINDOWS\Prefetch\NOTEPAD.EXE -> [2008/12/07 08:22:03 | 00,022,578 | ---- | M] () NTOSBOOT-B00DFAAD.pf -> C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf -> [2008/12/07 07:24:19 | 01,165,428 | ---- | M] () OCBROWSE.EXE-01A06E32.pf -> C:\WINDOWS\Prefetch\OCBROWSE.EXE -> [2008/12/03 02:28:02 | 00,066,110 | ---- | M] () ONECARESCANNER.EXE-1C22FC97.pf -> C:\WINDOWS\Prefetch\ONECARESCANNER.EXE -> [2008/12/03 02:03:27 | 00,018,226 | ---- | M] () OSA.EXE-2CD63980.pf -> C:\WINDOWS\Prefetch\OSA.EXE -> [2008/12/05 10:24:28 | 00,023,560 | ---- | M] () OTSCANIT2.EXE-193E1650.pf -> C:\WINDOWS\Prefetch\OTSCANIT2.EXE -> [2008/12/07 09:12:40 | 00,008,920 | ---- | M] () OTSCANIT2[1].EXE-20158D7F.pf -> C:\WINDOWS\Prefetch\OTSCANIT2[1].EXE -> [2008/12/07 09:11:10 | 00,007,988 | ---- | M] () PBE.EXE-1A9D4888.pf -> C:\WINDOWS\Prefetch\PBE.EXE -> [2008/12/04 12:56:33 | 00,057,650 | ---- | M] () QTTASK.EXE-342507FB.pf -> C:\WINDOWS\Prefetch\QTTASK.EXE -> [2008/12/06 15:33:53 | 00,011,468 | ---- | M] () READER_SL.EXE-3614FA6E.pf -> C:\WINDOWS\Prefetch\READER_SL.EXE -> [2008/12/06 15:34:05 | 00,012,864 | ---- | M] () REGEDIT.EXE-1B606482.pf -> C:\WINDOWS\Prefetch\REGEDIT.EXE -> [2008/12/06 15:29:19 | 00,020,270 | ---- | M] () REGSVR32.EXE-25EEFE2F.pf -> C:\WINDOWS\Prefetch\REGSVR32.EXE -> [2008/12/05 21:42:09 | 00,025,666 | ---- | M] () RUNDLL32.EXE-12611944.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/03 14:05:56 | 00,012,760 | ---- | M] () RUNDLL32.EXE-130210A4.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/03 14:05:52 | 00,007,536 | ---- | M] () RUNDLL32.EXE-13C3750A.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/06 11:23:55 | 00,019,884 | ---- | M] () RUNDLL32.EXE-14286CD1.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/04 02:06:08 | 00,025,608 | ---- | M] () RUNDLL32.EXE-17704694.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/06 11:24:00 | 00,014,896 | ---- | M] () RUNDLL32.EXE-177FE687.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/05 23:23:37 | 00,020,320 | ---- | M] () RUNDLL32.EXE-1B7AE556.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/04 14:06:22 | 00,023,754 | ---- | M] () RUNDLL32.EXE-1C9AA047.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/05 01:10:29 | 00,055,026 | ---- | M] () RUNDLL32.EXE-2057CAE3.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/05 11:23:06 | 00,021,292 | ---- | M] () RUNDLL32.EXE-226E0E6D.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/05 23:03:17 | 00,106,266 | ---- | M] () RUNDLL32.EXE-268BFF96.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/03 16:20:17 | 00,023,096 | ---- | M] () RUNDLL32.EXE-28E78438.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/05 23:23:40 | 00,014,048 | ---- | M] () RUNDLL32.EXE-2B7EB2DC.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/04 19:42:37 | 00,015,056 | ---- | M] () RUNDLL32.EXE-2CD85FD3.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/03 02:25:09 | 00,039,202 | ---- | M] () RUNDLL32.EXE-2E9B25AA.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/04 14:06:28 | 00,012,500 | ---- | M] () RUNDLL32.EXE-35A58309.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/07 08:37:05 | 00,056,060 | ---- | M] () RUNDLL32.EXE-365598D1.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/07 07:25:44 | 00,083,060 | ---- | M] () RUNDLL32.EXE-44232A8C.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/04 02:06:12 | 00,014,448 | ---- | M] () RUNDLL32.EXE-451FC2C0.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/07 08:59:10 | 00,025,824 | ---- | M] () RUNDLL32.EXE-46032C13.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/05 11:23:11 | 00,021,782 | ---- | M] () RUNDLL32.EXE-47F9EB27.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/04 19:42:34 | 00,014,640 | ---- | M] () SSMYPICS.SCR-01C62024.pf -> C:\WINDOWS\Prefetch\SSMYPICS.SCR -> [2008/12/06 20:07:13 | 00,039,304 | ---- | M] () SVCHOST.EXE-3530F672.pf -> C:\WINDOWS\Prefetch\SVCHOST.EXE -> [2008/12/03 15:48:40 | 00,015,852 | ---- | M] () UPDCLIENT.EXE-215FC96B.pf -> C:\WINDOWS\Prefetch\UPDCLIENT.EXE -> [2008/12/07 08:53:26 | 00,065,258 | ---- | M] () VERCLSID.EXE-3667BD89.pf -> C:\WINDOWS\Prefetch\VERCLSID.EXE -> [2008/12/07 08:42:49 | 00,027,786 | ---- | M] () WGATRAY.EXE-0ED38BED.pf -> C:\WINDOWS\Prefetch\WGATRAY.EXE -> [2008/12/05 23:41:54 | 00,050,344 | ---- | M] () WINDOWS-KB890830-V2.4[1].EXE-16EDB14B.pf -> C:\WINDOWS\Prefetch\WINDOWS-KB890830-V2.4[1 -> [2008/12/07 07:29:54 | 00,058,028 | ---- | M] () WINRAR.EXE-39C6DAD9.pf -> C:\WINDOWS\Prefetch\WINRAR.EXE -> [2008/12/07 08:47:12 | 00,062,576 | ---- | M] () WINSSINTRO.EXE-3A1C4AF1.pf -> C:\WINDOWS\Prefetch\WINSSINTRO.EXE -> [2008/12/03 01:34:47 | 00,019,564 | ---- | M] () WINSSUI.EXE-35DAC2CB.pf -> C:\WINDOWS\Prefetch\WINSSUI.EXE -> [2008/12/03 01:34:52 | 00,068,614 | ---- | M] () WLLOGINPROXY.EXE-1781D844.pf -> C:\WINDOWS\Prefetch\WLLOGINPROXY.EXE -> [2008/12/07 07:24:28 | 00,037,810 | ---- | M] () WMIPRVSE.EXE-28F301A9.pf -> C:\WINDOWS\Prefetch\WMIPRVSE.EXE -> [2008/12/07 07:35:01 | 00,066,566 | ---- | M] () WMPLAYER.EXE-18DDEFA4.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE -> [2008/12/07 08:46:50 | 00,056,084 | ---- | M] () WMPLAYER.EXE-18DDEFA5.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE -> [2008/12/05 01:54:20 | 00,055,576 | ---- | M] () WMPLAYER.EXE-18DDEFA6.pf -> C:\WINDOWS\Prefetch\WMPLAYER.EXE -> [2008/12/01 22:24:58 | 00,086,636 | ---- | M] () WUAUCLT.EXE-399A8E72.pf -> C:\WINDOWS\Prefetch\WUAUCLT.EXE -> [2008/12/07 07:34:59 | 00,025,818 | ---- | M] () WUPDMGR.EXE-2F30BEAB.pf -> C:\WINDOWS\Prefetch\WUPDMGR.EXE -> [2008/12/07 07:26:42 | 00,034,490 | ---- | M] () ZLCLIENT.EXE-1C550EB2.pf -> C:\WINDOWS\Prefetch\ZLCLIENT.EXE -> [2008/12/04 19:42:36 | 00,055,318 | ---- | M] () ~.EXE-3B3A448A.pf -> C:\WINDOWS\Prefetch\~.EXE -> [2008/12/07 08:19:03 | 00,069,858 | ---- | M] () < %systemroot%\system32\drivers\*.dat > C:\WINDOWS\system32\drivers\ -> C:\WINDOWS\system32\drivers -> [2008/12/06 15:30:53 | 00,000,000 | ---D | M] fidbox.dat -> C:\WINDOWS\system32\drivers\fidbox.dat -> [2008/12/07 09:12:25 | 51,884,8544 | -HS- | M] () < %systemroot%\Temp\bca4e2da.$$$ > < %systemroot%\Temp\ed47fa.$ > < %systemroot%\Temp\fa56d7ec.$$$ > < %systemroot%\System32\antiwpa.dll > < %PROGRAMFILES%\*crack*. > Program Files -> C:\Program Files -> [2008/12/07 07:51:58 | 00,000,000 | ---D | M] < %PROGRAMFILES%\*keygen*. > Program Files -> C:\Program Files -> [2008/12/07 07:51:58 | 00,000,000 | ---D | M] < %SYSTEMDRIVE%\*crack*. > OTScanIt2 -> C: -> [2008/12/07 09:27:55 | 00,000,000 | ---D | M] < %SYSTEMDRIVE%\*keygen*. > OTScanIt2 -> C: -> [2008/12/07 09:27:55 | 00,000,000 | ---D | M] < %SYSTEMDRIVE%\*.zip > < %SYSTEMDRIVE%\*.rar > < %SYSTEMDRIVE%\*.exe > < %systemroot%\*.zip > < %systemroot%\*.rar > < %systemroot%\system32\*.zip > < %systemroot%\system32\*.rar > < %PROGRAMFILES%\*.zip > < %PROGRAMFILES%\*.rar > < %PROGRAMFILES%\*.exe > Invalid Environment Variable: DESKTOP Invalid Environment Variable: DESKTOP Invalid Environment Variable: DESKTOP < %PROGRAMFILES%\Common Files\*bak*. > Common Files -> C:\Program Files\Common Files -> [2008/12/02 23:58:19 | 00,000,000 | ---D | M] < %systemroot%\SYSTEM32\*bak*. > 5 C:\WINDOWS\SYSTEM32\*.tmp files -> C:\WINDOWS\SYSTEM32\*.tmp -> system32 -> C:\WINDOWS\SYSTEM32 -> [2008/12/07 08:18:53 | 00,000,000 | ---D | M] < %PROGRAMFILES%\*bak*. > Program Files -> C:\Program Files -> [2008/12/07 07:51:58 | 00,000,000 | ---D | M] < %USERNAME%\*.zip > < %USERNAME%\*.rar > < %USERNAME%\*.exe > < %USERPROFILE%\*.zip > < %USERPROFILE%\*.rar > < %USERPROFILE%\*.exe > < %ALLUSERSPROFILE%\*.zip > < %ALLUSERSPROFILE%\*.rar > < %ALLUSERSPROFILE%\*.exe > < %APPDATA%\*.zip > < %APPDATA%\*.rar > < %APPDATA%\*.exe > Invalid Environment Variable: ALLUSERSSTARTMENU Invalid Environment Variable: ALLUSERSSTARTMENU Invalid Environment Variable: ALLUSERSSTARTMENU Invalid Environment Variable: ALLUSERSSTARTUP Invalid Environment Variable: ALLUSERSSTARTUP Invalid Environment Variable: ALLUSERSSTARTUP Invalid Environment Variable: ALLUSERSPROGRAMS Invalid Environment Variable: ALLUSERSPROGRAMS Invalid Environment Variable: ALLUSERSPROGRAMS Invalid Environment Variable: ALLUSERSAPPDATA Invalid Environment Variable: ALLUSERSAPPDATA Invalid Environment Variable: ALLUSERSAPPDATA < %APPDATA%\*.zip > < %APPDATA%\*.rar > < %APPDATA%\*.exe > Invalid Environment Variable: QUICKLAUNCH Invalid Environment Variable: QUICKLAUNCH Invalid Environment Variable: QUICKLAUNCH Invalid Environment Variable: STARTUP Invalid Environment Variable: STARTUP Invalid Environment Variable: STARTUP Invalid Environment Variable: STARTMENU Invalid Environment Variable: STARTMENU Invalid Environment Variable: STARTMENU Invalid Environment Variable: MYDOCUMENTS Invalid Environment Variable: MYDOCUMENTS Invalid Environment Variable: MYDOCUMENTS < %PROGRAMFILES%\Mozilla Firefox\plugins\*.* > C:\Program Files\Mozilla Firefox\plugins\ -> C:\Program Files\Mozilla Firefox\plugins -> [2008/11/27 09:29:53 | 00,000,000 | ---D | M] npdeploytk.dll -> C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll -> [2008/11/27 09:29:25 | 00,410,976 | ---- | M] (Sun Microsystems, Inc.) npnul32.dll -> C:\Program Files\Mozilla Firefox\plugins\npnul32.dll -> [2008/11/15 15:56:18 | 00,065,536 | ---- | M] (mozilla.org) npqtplugin.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll -> [2008/10/02 19:12:29 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin2.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll -> [2008/10/02 19:12:29 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin3.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll -> [2008/10/02 19:12:29 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin4.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll -> [2008/10/02 19:12:29 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin5.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll -> [2008/10/02 19:12:30 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin6.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll -> [2008/10/02 19:12:30 | 00,143,360 | ---- | M] (Apple Inc.) npqtplugin7.dll -> C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll -> [2008/10/02 19:12:30 | 00,143,360 | ---- | M] (Apple Inc.) QuickTimePlugin.class -> C:\Program Files\Mozilla Firefox\plugins\QuickTimePlugin.cla -> [2008/10/02 19:12:29 | 00,004,208 | ---- | M] () < %PROGRAMFILES%\Internet Explorer\*.* > C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2008/09/13 13:59:28 | 00,000,000 | ---D | M] custsat.dll -> C:\Program Files\Internet Explorer\custsat.dll -> [2006/11/07 21:03:36 | 00,033,792 | ---- | M] (Microsoft Corporation) ExtExport.exe -> C:\Program Files\Internet Explorer\ExtExport.exe -> [2008/08/22 02:08:34 | 00,015,360 | ---- | M] (Microsoft Corporation) hmmapi.dll -> C:\Program Files\Internet Explorer\hmmapi.dll -> [2008/08/22 02:00:28 | 00,068,608 | ---- | M] (Microsoft Corporation) iedvtool.dll -> C:\Program Files\Internet Explorer\iedvtool.dll -> [2008/08/22 02:08:56 | 00,658,944 | ---- | M] (Microsoft Corporation) iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2006/10/17 12:04:50 | 00,069,120 | ---- | M] (Microsoft Corporation) ieproxy.dll -> C:\Program Files\Internet Explorer\ieproxy.dll -> [2008/08/22 02:07:14 | 00,259,072 | ---- | M] (Microsoft Corporation) iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) jsdbgui.dll -> C:\Program Files\Internet Explorer\jsdbgui.dll -> [2008/08/22 02:08:28 | 00,382,976 | ---- | M] (Microsoft Corporation) jsdebuggeride.dll -> C:\Program Files\Internet Explorer\jsdebuggeride.dll -> [2008/08/22 02:08:22 | 00,120,832 | ---- | M] (Microsoft Corporation) JSProfilerCore.dll -> C:\Program Files\Internet Explorer\JSProfilerCore.dll -> [2008/08/22 02:08:32 | 00,118,272 | ---- | M] (Microsoft Corporation) jsprofilerui.dll -> C:\Program Files\Internet Explorer\jsprofilerui.dll -> [2008/08/22 02:08:40 | 00,217,088 | ---- | M] (Microsoft Corporation) pdm.dll -> C:\Program Files\Internet Explorer\pdm.dll -> [2008/08/05 16:55:38 | 00,355,832 | ---- | M] (Microsoft Corporation) sqmapi.dll -> C:\Program Files\Internet Explorer\sqmapi.dll -> [2008/06/12 10:27:56 | 00,134,144 | ---- | M] (Microsoft Corporation) < %PROGRAMFILES%\Mozilla Firefox\*.zip /s > < %PROGRAMFILES%\Mozilla Firefox\*.rar /s > < %PROGRAMFILES%\Mozilla Firefox\*.exe /s > C:\Program Files\Mozilla Firefox\ -> C:\Program Files\Mozilla Firefox -> [2008/12/03 08:18:16 | 00,000,000 | ---D | M] crashreporter.exe -> C:\Program Files\Mozilla Firefox\crashreporter.exe -> [2008/11/15 15:56:16 | 00,185,856 | ---- | M] (Mozilla Foundation) firefox.exe -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2008/11/15 15:56:16 | 00,307,712 | ---- | M] (Mozilla Corporation) updater.exe -> C:\Program Files\Mozilla Firefox\updater.exe -> [2008/11/15 15:56:19 | 00,242,176 | ---- | M] (Mozilla Foundation) C:\Program Files\Mozilla Firefox\uninstall\ -> C:\Program Files\Mozilla Firefox\uninstall -> [2008/11/15 15:56:28 | 00,000,000 | ---D | M] helper.exe -> C:\Program Files\Mozilla Firefox\uninstall\helper.exe -> [2008/11/15 15:56:18 | 00,509,544 | ---- | M] (Mozilla Corporation) < %PROGRAMFILES%\Internet Explorer\*.zip /s > < %PROGRAMFILES%\Internet Explorer\*.rar /s > < %PROGRAMFILES%\Internet Explorer\*.exe /s > C:\Program Files\Internet Explorer\ -> C:\Program Files\Internet Explorer -> [2008/09/13 13:59:28 | 00,000,000 | ---D | M] ExtExport.exe -> C:\Program Files\Internet Explorer\ExtExport.exe -> [2008/08/22 02:08:34 | 00,015,360 | ---- | M] (Microsoft Corporation) iedw.exe -> C:\Program Files\Internet Explorer\iedw.exe -> [2006/10/17 12:04:50 | 00,069,120 | ---- | M] (Microsoft Corporation) iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2008/08/22 02:16:40 | 00,637,984 | ---- | M] (Microsoft Corporation) C:\Program Files\Internet Explorer\Connection Wizard\ -> C:\Program Files\Internet Explorer\Connection Wizard -> [2008/09/13 08:51:05 | 00,000,000 | ---D | M] icwconn1.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe -> [2008/04/13 18:12:22 | 00,214,528 | ---- | M] (Microsoft Corporation) icwconn2.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe -> [2008/04/13 18:12:22 | 00,086,016 | ---- | M] (Microsoft Corporation) icwrmind.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe -> [2008/04/13 18:12:22 | 00,024,576 | ---- | M] (Microsoft Corporation) icwtutor.exe -> C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe -> [2004/08/04 06:00:00 | 00,073,728 | ---- | M] (Microsoft Corporation) inetwiz.exe -> C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe -> [2008/04/13 18:12:22 | 00,020,480 | ---- | M] (Microsoft Corporation) isignup.exe -> C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe -> [2004/08/04 06:00:00 | 00,016,384 | ---- | M] (Microsoft Corporation) < %SYSTEMDRIVE%\*.dat > C:\ -> -> [2008/12/07 09:27:55 | 00,000,000 | ---D | M] ScanSectorLog.dat -> C:\ScanSectorLog.dat -> [2007/11/28 12:01:13 | 00,000,512 | ---- | M] () < %SYSTEMROOT%\*.dat > C:\WINDOWS\ -> C:\WINDOWS -> [2008/12/05 23:39:39 | 00,000,000 | ---D | M] bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2008/12/07 07:22:13 | 00,002,048 | --S- | M] () nsreg.dat -> C:\WINDOWS\nsreg.dat -> [2008/09/22 21:43:55 | 00,000,000 | ---- | M] () 4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> < %SYSTEMROOT%\*.sys > < %systemroot%\system32\drivers\*.exe /s > < %systemroot%\system32\drivers\*.zip /s > < %systemroot%\system32\drivers\*.rar /s > < %APPDATA%\*.sys > < %systemroot%\system32\serauth1.dll > < %systemroot%\system32\serauth2.dll > < %systemroot%\system32\sysaudio.sys > < %PROGRAMFILES%\*TinyProxy*. > Program Files -> C:\Program Files -> [2008/12/07 07:51:58 | 00,000,000 | ---D | M] < End of report > [/code]