Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.2 Ran by SYSTEM at 2012-01-07 02:26:05 Running from F:\ Windows Vista (TM) Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup [15851040 2008-05-22] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit [82464 2008-05-22] (NVIDIA Corporation) HKLM\...\Run: [SymLnch] "C:\Program Files (x86)\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_5_0_23\Support\SymLnch\SymLnch.exe" "C:\PROGRA~2\COMMON~1\SYMANT~1\SymSetup\{C1C18~1\Setup.exe" " /X" [x] HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" [3453440 2010-07-27] (Alcatel-Lucent) HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [54867776 2011-12-15] (Microsoft Corporation) HKLM-x32\...\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe [65536 2007-04-18] (Hewlett-Packard Company) HKLM-x32\...\Run: [KBD] C:\HP\KBD\KbdStub.EXE [65536 2006-12-08] () HKLM-x32\...\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-06-02] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49152 2008-03-25] (Hewlett-Packard) HKLM-x32\...\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [1836328 2007-09-20] (Nero AG) HKLM-x32\...\Run: [hpqSRMon] [x] HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [ReminderApp] C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe [156160 2006-11-02] () HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2009-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot [296056 2011-11-26] (RealNetworks, Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKU\cnmmam\...\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972344 2009-01-12] (Hewlett-Packard) HKU\cnmmam\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation) HKU\cnmmam\...\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000 [67456 2011-01-21] (Uniblue Systems Limited) HKU\cnmmam\...\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [x] HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation) HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972344 2009-01-12] (Hewlett-Packard) HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem [1555968 2008-01-20] (Microsoft Corporation) HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [972344 2009-01-12] (Hewlett-Packard) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.1.254 SubSystems: [Windows] ==> ZeroAccess ==================== Services (Whitelisted) ====== 2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-30] (Apple Inc.) 3 GameConsoleService; "C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe" [165416 2008-03-28] (WildTangent, Inc.) 2 gupdate1ca77e1c8a584b0; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc [133104 2009-12-08] (Google Inc.) 2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [319488 2010-05-04] (Alcatel-Lucent) 2 McciCMService64; "C:\Program Files\Common Files\Motive\McciCMService.exe" [517632 2010-05-04] (Alcatel-Lucent) 2 NAV; "C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\19.1.1.3\ccSvcHst.exe" /s "NAV" /m "C:\Program Files (x86)\Norton AntiVirus\Norton AntiVirus\Engine\19.1.1.3\diMaster.dll" /prefetch:1 [303544 2011-08-24] (Symantec Corporation) 2 Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [853288 2007-09-20] (Nero AG) 3 NMIndexingService; "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe" [382248 2007-10-23] (Nero AG) 3 Symantec Core LC; C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [1245064 2008-08-28] () 2 HP Health Check Service; "c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x] 2 HPBtnSrv; c:\hp\HPEZBTN\HPBtnSrv.exe [x] ========================== Drivers (Whitelisted) ============= 1 ccSet_NAV; C:\Windows\System32\drivers\NAVx64\1301010.003\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation) 3 COH_Mon; \??\C:\Windows\system32\Drivers\COH_Mon.sys [25424 2008-07-30] (Symantec Corporation) 1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2011-12-23] (Symantec Corporation) 3 EraserUtilRebootDrv; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2011-12-23] (Symantec Corporation) 1 IDSvia64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\IPSDefs\20110726.001\IDSVia64.sys [488568 2011-07-20] (Symantec Corporation) 3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [19456 2008-08-21] (Motorola) 3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [9216 2008-08-21] (Motorola) 3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [29184 2007-06-20] (Motorola) 3 motport; C:\Windows\System32\DRIVERS\motport.sys [29184 2007-06-20] (Motorola) 3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) 3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) 3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) 3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2010-07-27] (Printing Communications Assoc., Inc. (PCAUSA)) 3 NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20111224.017\ENG64.SYS [117880 2011-12-23] (Symantec Corporation) 3 NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\VirusDefs\20111224.017\EX64.SYS [2048632 2011-12-23] (Symantec Corporation) 3 NVENETFD; C:\Windows\System32\DRIVERS\nvmfdx64.sys [1494560 2008-05-21] (NVIDIA Corporation) 4 nvrd64; C:\Windows\System32\drivers\nvrd64.sys [166944 2008-06-06] (NVIDIA Corporation) 4 nvsmu; C:\Windows\System32\drivers\nvsmu.sys [27168 2008-05-22] (NVIDIA Corporation) 0 nvstor64; C:\Windows\System32\drivers\nvstor64.sys [169504 2008-06-06] (NVIDIA Corporation) 3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] () 3 SRTSP; C:\Windows\System32\drivers\NAVx64\1301010.003\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation) 1 SRTSPX; C:\Windows\System32\drivers\NAVx64\1301010.003\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation) 0 SymDS; C:\Windows\System32\drivers\NAVx64\1301010.003\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation) 0 SymEFA; C:\Windows\System32\drivers\NAVx64\1301010.003\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation) 3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-12-24] (Symantec Corporation) 1 SymIRON; C:\Windows\System32\drivers\NAVx64\1301010.003\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation) 1 SYMTDIv; C:\Windows\System32\drivers\NAVx64\1301010.003\SYMTDIV.SYS [445560 2011-07-25] (Symantec Corporation) 1 BHDrvx64; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.1.3\Definitions\BASHDefs\20110901.001\BHDrvx64.sys [x] 3 EraserUtilDrvI13; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [x] 1 fuvxxduw; \??\C:\Windows\system32\drivers\fuvxxduw.sys [x] 3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x] 3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x] 3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x] 3 msiserver; C:\Windows\System32\msiexec /V [x] 3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x] 3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-01-07 02:26 - 2012-01-07 02:26 - 0000000 ____D C:\FRST 2012-01-06 12:43 - 2012-01-06 12:43 - 0000000 ____D C:\Windows\sandbox 2012-01-04 04:21 - 2012-01-04 05:31 - 0000000 ___AD C:\Kaspersky Rescue Disk 10.0 2011-12-31 16:16 - 2012-01-06 12:22 - 18087936 ____A C:\Windows\System32\config\SYSTEM.ol1 2011-12-31 16:16 - 2012-01-06 10:09 - 0020480 ____A C:\Windows\System32\config\SECURITY.ol1 2011-12-31 16:16 - 2012-01-01 20:10 - 0057344 ____A C:\Windows\System32\config\SAM.ol1 2011-12-31 16:16 - 2011-12-24 23:20 - 51687424 ____A C:\Windows\System32\config\COMPONENTS.OLD 2011-12-31 16:16 - 2011-12-24 23:05 - 0192512 ____A C:\Windows\System32\config\DEFAULT.OLD 2011-12-31 16:16 - 2011-12-24 22:56 - 79249408 ____A C:\Windows\System32\config\SOFTWARE.OLD 2011-12-30 23:53 - 2011-12-30 23:53 - 0012288 ____A C:\BCD_Backup 2011-12-30 23:53 - 2011-12-30 23:53 - 0009216 ___AH C:\BCD_Backup.LOG 2011-12-30 23:53 - 2011-12-30 23:53 - 0000000 ___AH C:\BCD_Backup.LOG2 2011-12-30 23:53 - 2011-12-30 23:53 - 0000000 ___AH C:\BCD_Backup.LOG1 2011-12-26 14:12 - 2012-01-06 23:34 - 0778132 ____A C:\Windows\ntbtlog.txt 2011-12-24 23:09 - 2011-11-10 03:54 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2011-12-24 23:09 - 2011-11-10 03:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2011-12-24 23:09 - 2011-11-10 03:54 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2011-12-24 23:07 - 2011-12-24 23:08 - 0004532 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log 2011-12-24 22:35 - 2011-12-25 01:48 - 0000000 ____D C:\Windows\System32\Drivers\NAVx64 2011-12-24 22:35 - 2011-12-24 22:35 - 0002447 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk 2011-12-24 22:20 - 2011-12-24 22:41 - 0000826 ____A C:\Users\cnmmam\Desktop\Norton Installation Files.lnk 2011-12-24 16:40 - 2011-12-24 16:40 - 0000000 ____A C:\Users\All Users\Qe86M21.dat 2011-12-24 16:40 - 2011-12-24 16:40 - 0000000 ____A C:\ProgramData\Qe86M21.dat 2011-12-24 16:37 - 2011-12-24 16:37 - 0000000 ____D C:\Users\cnmmam\Documents\Symantec 2011-12-24 16:22 - 2011-12-24 22:35 - 0000000 ____D C:\Program Files\Symantec 2011-12-24 16:22 - 2011-12-24 22:35 - 0000000 ____D C:\Program Files (x86)\Norton AntiVirus 2011-12-24 16:21 - 2011-12-24 16:21 - 0000000 ____D C:\Users\All Users\NortonInstaller 2011-12-24 16:21 - 2011-12-24 16:21 - 0000000 ____D C:\ProgramData\NortonInstaller 2011-12-24 16:21 - 2011-12-24 16:21 - 0000000 ____D C:\Program Files (x86)\NortonInstaller 2011-12-24 15:37 - 2011-12-24 22:41 - 0000000 ____D C:\Users\All Users\Norton 2011-12-24 15:37 - 2011-12-24 22:41 - 0000000 ____D C:\ProgramData\Norton 2011-12-24 15:37 - 2011-12-24 15:37 - 0000000 ____D C:\Users\Public\Downloads\Norton 2011-12-24 13:06 - 2011-12-24 13:06 - 0000000 ____D C:\Windows\system64 2011-12-24 11:25 - 2011-12-25 05:33 - 0009230 __ASH C:\Users\cnmmam\AppData\Local\gvextw6g8lpw1ewy4vnx0n142a7r 2011-12-24 11:25 - 2011-12-25 05:33 - 0009230 __ASH C:\Users\All Users\gvextw6g8lpw1ewy4vnx0n142a7r 2011-12-24 11:25 - 2011-12-25 05:33 - 0009230 __ASH C:\ProgramData\gvextw6g8lpw1ewy4vnx0n142a7r 2011-12-24 11:25 - 2011-12-24 11:25 - 0330752 ____A (Microsoft Corporation) C:\Users\cnmmam\AppData\Local\qhl.exe 2011-12-24 07:28 - 2011-12-24 07:28 - 0001696 ____A C:\Users\Public\Desktop\iTunes.lnk 2011-12-24 07:27 - 2011-12-24 07:28 - 0000000 ____D C:\Program Files\iTunes 2011-12-24 07:27 - 2011-12-24 07:28 - 0000000 ____D C:\Program Files (x86)\iTunes 2011-12-24 07:27 - 2011-12-24 07:27 - 0000000 ____D C:\Program Files\iPod 2011-12-15 01:06 - 2011-12-15 01:06 - 0000000 ____D C:\Windows\System32\MpEngineStore ============ 3 Months Modified Files and Folders ============= 2012-01-07 02:26 - 2012-01-07 02:26 - 0000000 ____D C:\FRST 2012-01-06 23:34 - 2011-12-26 14:12 - 0778132 ____A C:\Windows\ntbtlog.txt 2012-01-06 12:43 - 2012-01-06 12:43 - 0000000 ____D C:\Windows\sandbox 2012-01-06 12:22 - 2011-12-31 16:16 - 18087936 ____A C:\Windows\System32\config\SYSTEM.ol1 2012-01-06 10:09 - 2011-12-31 16:16 - 0020480 ____A C:\Windows\System32\config\SECURITY.ol1 2012-01-04 05:31 - 2012-01-04 04:21 - 0000000 ___AD C:\Kaspersky Rescue Disk 10.0 2012-01-01 20:10 - 2011-12-31 16:16 - 0057344 ____A C:\Windows\System32\config\SAM.ol1 2012-01-01 18:48 - 2011-02-09 10:15 - 4692368 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-01-01 18:48 - 2008-01-20 18:50 - 1540152 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2011-12-30 23:53 - 2011-12-30 23:53 - 0012288 ____A C:\BCD_Backup 2011-12-30 23:53 - 2011-12-30 23:53 - 0009216 ___AH C:\BCD_Backup.LOG 2011-12-30 23:53 - 2011-12-30 23:53 - 0000000 ___AH C:\BCD_Backup.LOG2 2011-12-30 23:53 - 2011-12-30 23:53 - 0000000 ___AH C:\BCD_Backup.LOG1 2011-12-25 06:15 - 2011-02-01 11:33 - 0000346 ____A C:\Windows\Tasks\RegistryBooster.job 2011-12-25 06:15 - 2008-10-21 14:32 - 1593750 ____A C:\Windows\WindowsUpdate.log 2011-12-25 06:15 - 2006-11-02 07:42 - 0032582 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2011-12-25 06:15 - 2006-11-02 07:42 - 0000006 ___AH C:\Windows\Tasks\SA.DAT 2011-12-25 06:15 - 2006-11-02 07:22 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2011-12-25 06:15 - 2006-11-02 07:22 - 0003744 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2011-12-25 05:40 - 2009-12-08 00:50 - 0000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2011-12-25 05:33 - 2011-12-24 11:25 - 0009230 __ASH C:\Users\cnmmam\AppData\Local\gvextw6g8lpw1ewy4vnx0n142a7r 2011-12-25 05:33 - 2011-12-24 11:25 - 0009230 __ASH C:\Users\All Users\gvextw6g8lpw1ewy4vnx0n142a7r 2011-12-25 05:33 - 2011-12-24 11:25 - 0009230 __ASH C:\ProgramData\gvextw6g8lpw1ewy4vnx0n142a7r 2011-12-25 04:10 - 2009-04-18 13:04 - 0000420 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{5DC861A4-0A43-44F7-8143-0F88A20CAF8C}.job 2011-12-25 03:40 - 2009-12-08 00:50 - 0000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2011-12-25 01:48 - 2011-12-24 22:35 - 0000000 ____D C:\Windows\System32\Drivers\NAVx64 2011-12-24 23:40 - 2006-11-02 04:46 - 0703388 ____A C:\Windows\System32\PerfStringBackup.INI 2011-12-24 23:28 - 2006-11-02 05:33 - 0000000 ___AD C:\Windows\System32\config_old 2011-12-24 23:27 - 2008-08-28 02:34 - 0000000 ____D C:\Program Files\Common Files\Symantec Shared 2011-12-24 23:27 - 2008-08-28 01:44 - 0000000 ____D C:\Windows\SysWOW64\RTCOM 2011-12-24 23:27 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\spool 2011-12-24 23:27 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\Msdtc 2011-12-24 23:27 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\rescache 2011-12-24 23:26 - 2009-11-18 18:57 - 0000000 ____D C:\Users\All Users\Real 2011-12-24 23:26 - 2009-11-18 18:57 - 0000000 ____D C:\ProgramData\Real 2011-12-24 23:26 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\SysWOW64\WCN 2011-12-24 23:26 - 2006-11-02 07:15 - 0000000 ____D C:\Windows\System32\WCN 2011-12-24 23:26 - 2006-11-02 07:07 - 0000000 ____D C:\Windows\SysWOW64\XPSViewer 2011-12-24 23:26 - 2006-11-02 07:07 - 0000000 ____D C:\Program Files (x86)\Windows Sidebar 2011-12-24 23:26 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\SysWOW64\migwiz 2011-12-24 23:26 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\oobe 2011-12-24 23:26 - 2006-11-02 05:34 - 0000000 ____D C:\Windows\System32\migwiz 2011-12-24 23:26 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\servicing 2011-12-24 23:26 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\registration 2011-12-24 23:26 - 2006-11-02 05:33 - 0000000 ____D C:\Windows\IME 2011-12-24 23:20 - 2011-12-31 16:16 - 51687424 ____A C:\Windows\System32\config\COMPONENTS.OLD 2011-12-24 23:08 - 2011-12-24 23:07 - 0004532 ____A C:\Windows\SysWOW64\jupdate-1.6.0_30-b12.log 2011-12-24 23:08 - 2008-08-28 02:18 - 0000000 ____D C:\Program Files (x86)\Java 2011-12-24 23:05 - 2011-12-31 16:16 - 0192512 ____A C:\Windows\System32\config\DEFAULT.OLD 2011-12-24 22:56 - 2011-12-31 16:16 - 79249408 ____A C:\Windows\System32\config\SOFTWARE.OLD 2011-12-24 22:41 - 2011-12-24 22:20 - 0000826 ____A C:\Users\cnmmam\Desktop\Norton Installation Files.lnk 2011-12-24 22:41 - 2011-12-24 15:37 - 0000000 ____D C:\Users\All Users\Norton 2011-12-24 22:41 - 2011-12-24 15:37 - 0000000 ____D C:\ProgramData\Norton 2011-12-24 22:35 - 2011-12-24 22:35 - 0002447 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk 2011-12-24 22:35 - 2011-12-24 16:22 - 0000000 ____D C:\Program Files\Symantec 2011-12-24 22:35 - 2011-12-24 16:22 - 0000000 ____D C:\Program Files (x86)\Norton AntiVirus 2011-12-24 22:35 - 2008-08-28 02:34 - 0174200 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS 2011-12-24 22:35 - 2008-08-28 02:34 - 0007530 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT 2011-12-24 22:35 - 2008-08-28 02:34 - 0000855 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.INF 2011-12-24 21:40 - 2008-12-05 17:28 - 0000000 ____D C:\users\cnmmam 2011-12-24 21:12 - 2008-01-20 19:26 - 0093442 ____A C:\Windows\PFRO.log 2011-12-24 20:56 - 2008-12-05 17:29 - 0000000 ____D C:\Users\cnmmam\AppData\LocalLow 2011-12-24 16:51 - 2009-05-13 20:57 - 0000000 ____D C:\Users\All Users\Yahoo! Companion 2011-12-24 16:51 - 2009-05-13 20:57 - 0000000 ____D C:\ProgramData\Yahoo! Companion 2011-12-24 16:40 - 2011-12-24 16:40 - 0000000 ____A C:\Users\All Users\Qe86M21.dat 2011-12-24 16:40 - 2011-12-24 16:40 - 0000000 ____A C:\ProgramData\Qe86M21.dat 2011-12-24 16:37 - 2011-12-24 16:37 - 0000000 ____D C:\Users\cnmmam\Documents\Symantec 2011-12-24 16:24 - 2008-08-28 02:00 - 0000000 ____D C:\Users\All Users\NVIDIA 2011-12-24 16:24 - 2008-08-28 02:00 - 0000000 ____D C:\ProgramData\NVIDIA 2011-12-24 16:24 - 2006-11-02 07:27 - 0609449 ____A C:\Windows\setupact.log 2011-12-24 16:21 - 2011-12-24 16:21 - 0000000 ____D C:\Users\All Users\NortonInstaller 2011-12-24 16:21 - 2011-12-24 16:21 - 0000000 ____D C:\ProgramData\NortonInstaller 2011-12-24 16:21 - 2011-12-24 16:21 - 0000000 ____D C:\Program Files (x86)\NortonInstaller 2011-12-24 15:37 - 2011-12-24 15:37 - 0000000 ____D C:\Users\Public\Downloads\Norton 2011-12-24 15:22 - 2008-12-05 17:31 - 0000000 ____D C:\Program Files (x86)\Microsoft Office 2011-12-24 14:24 - 2011-05-19 23:21 - 0000680 ____A C:\Users\cnmmam\AppData\Local\d3d9caps.dat 2011-12-24 13:06 - 2011-12-24 13:06 - 0000000 ____D C:\Windows\system64 2011-12-24 13:06 - 2011-07-20 07:54 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2011-12-24 11:25 - 2011-12-24 11:25 - 0330752 ____A (Microsoft Corporation) C:\Users\cnmmam\AppData\Local\qhl.exe 2011-12-24 11:11 - 2010-04-12 17:39 - 0000880 ____A C:\Windows\Tasks\Google Software Updater.job 2011-12-24 09:52 - 2009-08-24 23:21 - 0000000 ____D C:\Users\cnmmam\AppData\Roaming\Apple Computer 2011-12-24 07:28 - 2011-12-24 07:28 - 0001696 ____A C:\Users\Public\Desktop\iTunes.lnk 2011-12-24 07:28 - 2011-12-24 07:27 - 0000000 ____D C:\Program Files\iTunes 2011-12-24 07:28 - 2011-12-24 07:27 - 0000000 ____D C:\Program Files (x86)\iTunes 2011-12-24 07:27 - 2011-12-24 07:27 - 0000000 ____D C:\Program Files\iPod 2011-12-15 17:16 - 2008-12-07 23:07 - 0029696 ____A C:\Users\cnmmam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2011-12-15 01:07 - 2008-12-18 22:03 - 0000000 ____D C:\Users\All Users\Microsoft Help 2011-12-15 01:07 - 2008-12-18 22:03 - 0000000 ____D C:\ProgramData\Microsoft Help 2011-12-15 01:06 - 2011-12-15 01:06 - 0000000 ____D C:\Windows\System32\MpEngineStore 2011-12-15 01:06 - 2011-09-16 00:03 - 0000127 ____A C:\Windows\System32\MRT.INI 2011-12-15 01:04 - 2006-11-02 04:35 - 54867776 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe 2011-12-13 06:50 - 2008-12-30 06:24 - 0000052 ____A C:\Windows\SysWOW64\DOErrors.log 2011-12-04 16:14 - 2008-12-09 08:59 - 0004752 ____A C:\Users\cnmmam\AppData\Roaming\wklnhst.dat 2011-12-03 10:24 - 2011-08-21 08:08 - 0000000 ____D C:\Users\cnmmam\Documents\MISC CLEAN UP FOLDER 2011-12-03 10:24 - 2009-08-30 15:57 - 0000000 ____D C:\Users\cnmmam\Documents\Misc 2011-12-03 10:21 - 2008-12-11 23:08 - 0000000 ____D C:\Users\cnmmam\Documents\Neal's Computer 2011-12-03 09:17 - 2011-12-03 09:17 - 0000057 ____A C:\Users\All Users\Ament.ini 2011-12-03 09:17 - 2011-12-03 09:17 - 0000057 ____A C:\ProgramData\Ament.ini 2011-12-03 09:02 - 2011-12-03 09:02 - 0019456 ____A C:\Users\cnmmam\Documents\Christmas Labels.wps 2011-12-03 09:02 - 2009-06-28 19:33 - 0000000 ____D C:\Users\cnmmam\AppData\Local\HP 2011-11-27 11:11 - 2011-11-27 11:11 - 0000000 ____D C:\Users\All Users\WindowsSearch 2011-11-27 11:11 - 2011-11-27 11:11 - 0000000 ____D C:\ProgramData\WindowsSearch 2011-11-27 11:11 - 2009-02-11 01:27 - 0000094 ____A C:\Users\cnmmam\AppData\default.pls 2011-11-27 11:09 - 2008-12-12 17:14 - 0000000 ____D C:\Users\cnmmam\Documents\NeroVision 2011-11-26 07:36 - 2008-12-20 18:02 - 0000000 ____D C:\Users\cnmmam\AppData\Roaming\Real 2011-11-26 07:35 - 2011-11-26 07:35 - 0000803 ____A C:\Users\Public\Desktop\RealPlayer.lnk 2011-11-26 07:35 - 2011-11-26 07:35 - 0000000 ____D C:\Program Files (x86)\Real 2011-11-26 07:34 - 2011-11-26 07:34 - 0198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2011-11-26 07:33 - 2011-11-26 07:33 - 0272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2011-11-26 07:33 - 2011-11-26 07:33 - 0006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll 2011-11-26 07:33 - 2011-11-26 07:33 - 0005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll 2011-11-21 06:29 - 2011-11-21 06:29 - 0013162 ____A C:\Users\cnmmam\Documents\stuffing.docx 2011-11-21 06:28 - 2009-08-20 06:31 - 0002651 ____A C:\Users\cnmmam\Desktop\Microsoft Office Word 2007.lnk 2011-11-17 23:43 - 2011-11-17 23:43 - 0002073 ____A C:\Users\Public\Desktop\Google Earth.lnk 2011-11-17 23:43 - 2008-12-13 19:46 - 0000000 ____D C:\Program Files (x86)\Google 2011-11-16 17:25 - 2011-11-16 17:10 - 0014522 ____A C:\Users\cnmmam\Documents\Greenville Public School District.docx 2011-11-10 03:54 - 2011-12-24 23:09 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe 2011-11-10 03:54 - 2011-12-24 23:09 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe 2011-11-10 03:54 - 2011-12-24 23:09 - 0149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe 2011-11-10 03:54 - 2010-05-31 17:46 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll 2011-10-29 11:16 - 2010-04-14 07:28 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2011-10-29 11:14 - 2011-10-29 11:13 - 0000000 ____D C:\Program Files (x86)\QuickTime 2011-10-29 11:13 - 2011-10-29 11:13 - 0001758 ____A C:\Users\Public\Desktop\QuickTime Player.lnk 2011-10-29 11:01 - 2011-10-29 11:01 - 0000000 ____D C:\Program Files\Bonjour 2011-10-29 11:01 - 2011-10-29 11:01 - 0000000 ____D C:\Program Files (x86)\Bonjour 2011-10-29 10:49 - 2011-10-29 10:49 - 0000000 ____D C:\Windows\Hewlett-Packard 2011-10-29 10:49 - 2011-10-29 10:49 - 0000000 ____D C:\Program Files (x86)\Apple Software Update 2011-10-24 11:29 - 2011-10-24 11:29 - 0094208 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx 2011-10-24 11:29 - 2011-10-24 11:29 - 0069632 ____A (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe [2008-01-20 18:49] - [2008-01-20 18:49] - 0406016 ____A (Microsoft Corporation) 856491FCED98093D824B9EB2892F564A C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ========================= Memory info ====================== Percentage of memory in use: 10% Total physical RAM: 7037.69 MB Available physical RAM: 6296.14 MB Total Pagefile: 6680.86 MB Available Pagefile: 6372.82 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ======================= Partitions ========================= 1 Drive c: (HP) (Fixed) (Total:583.05 GB) (Free:319.78 GB) NTFS ==>[Drive with boot components] 2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:13.12 GB) (Free:1.8 GB) NTFS 3 Drive e: (vista home premi) (CDROM) (Total:3.87 GB) (Free:0 GB) CDFS 4 Drive f: (PUBLIC) (Removable) (Total:1.8 GB) (Free:1.8 GB) FAT 9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 596 GB 1528 KB Disk 1 Online 1850 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 583 GB 32 KB Partition 2 Primary 13 GB 583 GB Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C HP NTFS Partition 583 GB Healthy Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D FACTORY_IMA NTFS Partition 13 GB Healthy Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1846 MB 4032 KB Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 7 F PUBLIC FAT Removable 1846 MB Healthy Partitions of Disk 2: =============== There are no partitions on this disk to show. Disk: 2 The arguments specified for this command are not valid. For more information on the command type: HELP SELECT PARTITION There is no partition selected. Partitions of Disk 3: =============== There are no partitions on this disk to show. Disk: 3 The arguments specified for this command are not valid. For more information on the command type: HELP SELECT PARTITION There is no partition selected. Partitions of Disk 4: =============== There are no partitions on this disk to show. Disk: 4 The arguments specified for this command are not valid. For more information on the command type: HELP SELECT PARTITION There is no partition selected. Partitions of Disk 5: =============== There are no partitions on this disk to show. Disk: 5 The arguments specified for this command are not valid. For more information on the command type: HELP SELECT PARTITION There is no partition selected.