Here you go. I think I got it right.
Deckard's System Scanner v20071014.68
Run by Captain Kool on 2008-05-25 18:01:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 5 Restore Point(s) --
16: 2008-05-25 21:00:50 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2008-05-25 18:08:09 UTC - RP15 - System Checkpoint
14: 2008-05-24 15:55:28 UTC - RP14 - Removed Project64 1.6
13: 2008-05-24 00:45:37 UTC - RP13 - Installed Project64 1.6
12: 2008-05-23 01:53:27 UTC - RP12 - System Checkpoint
-- First Restore Point --
1: 2008-05-14 20:13:17 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Captain Kool.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:06 PM, on 25/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\iolo\common\lib\ioloServiceManager.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\Captain Kool\Desktop\dss.exe
D:\DOCUME~1\CAPTAI~1\Desktop\Captain Kool.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [LClock] D:\Program Files\LClock\LClock.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\Program Files\MagicDisc\MagicDisc.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{B53923D9-9D1E-44F7-8BB4-97F035D5AFC5}: NameServer = 24.222.0.94,24.222.0.95
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - D:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - D:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
--
End of file - 5729 bytes
-- File Associations -----------------------------------------------------------
.bat - batfile - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 56.ico,0.chm - chm.file - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 60.ico,0.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*.hlp - hlpfile - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 15.ico,0.inf - inffile - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 46.ico,0.ini - inifile - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 46.ico,0.js - JSFile - shell\open\command - NOTEPAD.EXE %1.reg - regfile - DefaultIcon - D:\WINDOWS\regedit.exe,1.reg - regfile - shell\open\command - regedit.exe "%1" %*.scr - scrfile - shell\open\command - "%1" %*.txt - txtfile - DefaultIcon - D:\Program Files\Stardock\Object Desktop\IconPackager\Themes\Vious\Vious Icon 58.ico,0.vbs - VBSFile - DefaultIcon - D:\WINDOWS\system32\WScript.exe,2.vbs - VBSFile - shell\open\command - NOTEPAD.EXE %1-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 FileDisk - d:\windows\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
R3 mcdbus (Driver for MagicISO SCSI Host Controller) - d:\windows\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ekrn (Eset Service) - "d:\program files\eset\eset smart security\ekrn.exe" <Not Verified; ESET; ESET Smart Security>
S2 PinnacleUpdateSvc (PinnacleUpdate Service) - d:\program files\kalinkosoft\pinnacle game profiler\pinnacle_updater.exe <Not Verified; KALiNKOsoft; pinnacle_updater.exe>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2008-04-25 and 2008-05-25 -----------------------------
2008-05-25 00:41:25 0 d-------- D:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-25 00:41:21 0 d-------- D:\WINDOWS\system32\Kaspersky Lab
2008-05-25 00:03:22 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Malwarebytes
2008-05-25 00:03:10 0 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-25 00:03:07 0 d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-05-24 22:33:46 0 d-------- D:\Documents and Settings\Captain Kool\Interstate.2007.NTSC.DVDR-DPiMP
2008-05-24 00:02:55 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\vlc
2008-05-23 22:23:45 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\dvdcss
2008-05-23 22:22:59 0 d-------- D:\Program Files\VideoLAN
2008-05-23 21:45:38 0 d-------- D:\Program Files\Project64 1.6
2008-05-23 19:08:30 96256 --a------ D:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller>
2008-05-23 19:08:25 0 d-------- D:\Program Files\MagicDisc
2008-05-23 19:03:41 0 d-------- D:\Program Files\MagicISO
2008-05-22 20:20:15 0 d-------- D:\Documents and Settings\Captain Kool\Indiana.Jones.And.The.Kingdom.Of.The.Crystal.Skull.TS.XviD-KAMERA
2008-05-20 18:02:58 619 --a------ D:\WINDOWS\eReg.dat
2008-05-20 17:05:14 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Ashampoo
2008-05-20 17:03:25 0 d-------- D:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-20 17:03:10 0 d-------- D:\Program Files\Ashampoo
2008-05-20 07:04:35 0 d-------- D:\WINDOWS\system32\Adobe
2008-05-19 23:05:24 0 d-------- D:\Documents and Settings\Captain Kool\Metal_Gear_Solid_3_Snake_Eater_USA_PS2DVD-STRiKE
2008-05-19 21:32:57 516096 -----n--- D:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2008-05-19 21:32:05 0 d-------- D:\Program Files\ATI Technologies
2008-05-19 21:12:14 0 d-------- D:\WINDOWS\system32\DirectX
2008-05-19 21:02:06 0 d-------- D:\Program Files\EA GAMES
2008-05-19 13:15:58 0 d-------- D:\Program Files\illiminable
2008-05-18 22:32:39 0 d-------- D:\Program Files\Trend Micro
2008-05-18 18:50:40 0 d-------- D:\Program Files\Can You See What I See
2008-05-18 18:33:09 0 d-------- D:\WINDOWS\Sun
2008-05-18 18:33:09 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Sun
2008-05-18 17:26:40 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\KALiNKOsoft
2008-05-18 16:48:36 53248 -----n--- D:\WINDOWS\system32\zlib.dll <Not Verified; ; ZLib.DLL>
2008-05-18 16:48:36 40960 --a------ D:\WINDOWS\system32\SSubTmr6.dll <Not Verified; vbAccelerator; SSubTmr6>
2008-05-18 16:48:36 94208 -r--s---- D:\WINDOWS\system32\msstkprp.dll <Not Verified; Microsoft Corporation; msprop32>
2008-05-18 16:48:36 57344 -----n--- D:\WINDOWS\system32\ADsSecurity.dll <Not Verified; ; ADsSecurity Module>
2008-05-18 16:48:35 36864 --a------ D:\WINDOWS\system32\dxinputdll.dll
2008-05-18 16:48:34 0 d-------- D:\Program Files\KALiNKOsoft
2008-05-18 16:48:34 0 d--h----- D:\Program Files\InstallShield Installation Information
2008-05-18 16:47:52 0 d-------- D:\Program Files\Common Files\InstallShield
2008-05-18 13:31:17 0 d-------- D:\Documents and Settings\All Users\Application Data\Trymedia
2008-05-17 21:44:14 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Friday's games
2008-05-17 19:34:07 0 d-------- D:\Documents and Settings\All Users\Application Data\Gogii
2008-05-17 19:29:29 0 d-------- D:\Program Files\ReflexiveArcade
2008-05-17 16:24:21 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\UseNeXT
2008-05-17 01:01:55 0 d-------- D:\Documents and Settings\LocalService\Application Data\iolo
2008-05-17 01:01:22 9341 --a------ D:\WINDOWS\system32\drivers\filedisk.sys <Not Verified; iolo technologies, LLC (based on original work by Bo Brantén); filedisk (based on original work by Bo Brantén)>
2008-05-17 01:00:12 22528 --a------ D:\WINDOWS\system32\smrgdf.exe
2008-05-17 01:00:12 34304 --a------ D:\WINDOWS\system32\iolobtdfg.exe
2008-05-17 00:59:37 0 d-------- D:\Program Files\iolo
2008-05-17 00:53:29 74703 --a------ D:\WINDOWS\system32\mfc45.dll
2008-05-17 00:52:04 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\iolo
2008-05-17 00:52:04 0 d-------- D:\Documents and Settings\All Users\Application Data\iolo
2008-05-16 22:29:34 0 d-------- D:\Program Files\Collectorz.com
2008-05-15 22:31:39 0 d-------- D:\Program Files\YourWare Solutions
2008-05-15 22:27:11 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\GetRightToGo
2008-05-15 18:39:58 0 d-------- D:\Documents and Settings\All Users\Application Data\Adobe
2008-05-15 18:39:43 0 d-------- D:\Program Files\Common Files\Adobe
2008-05-15 18:38:37 1244 --a------ D:\WINDOWS\mozver.dat
2008-05-14 19:57:36 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Help
2008-05-14 19:46:39 0 d-------- D:\WAR2
2008-05-14 17:13:14 2359296 --a------ D:\Documents and Settings\Captain Kool\ntuser.dat
2008-05-14 16:48:38 0 d--h----- D:\WINDOWS\$hf_mig$
2008-05-13 18:21:51 0 d-------- D:\WINDOWS\system32\appmgmt
2008-05-12 19:13:49 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Vista Start Menu
2008-05-12 18:48:28 0 d-------- D:\Program Files\Vista Start Menu
2008-05-12 18:39:32 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Media Player Classic
2008-05-11 23:28:43 0 d-------- D:\WINDOWS\system32\ReinstallBackups
2008-05-11 21:21:11 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\ESET
2008-05-11 21:16:50 0 d-------- D:\Documents and Settings\All Users\Application Data\ESET
2008-05-11 20:16:21 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Macromedia
2008-05-11 20:16:21 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Adobe
2008-05-11 20:15:43 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Talkback
2008-05-11 20:15:36 0 --a------ D:\WINDOWS\nsreg.dat
2008-05-11 20:15:31 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Mozilla
2008-05-11 20:14:20 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Styler
2008-05-11 20:13:53 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Identities
2008-05-11 20:12:59 0 d--h----- D:\Documents and Settings\Captain Kool\Templates
2008-05-11 20:12:59 0 dr------- D:\Documents and Settings\Captain Kool\Start Menu
2008-05-11 20:12:59 0 dr-h----- D:\Documents and Settings\Captain Kool\SendTo
2008-05-11 20:12:59 0 d---s---- D:\Documents and Settings\Captain Kool\Recent
2008-05-11 20:12:59 0 d--h----- D:\Documents and Settings\Captain Kool\PrintHood
2008-05-11 20:12:59 0 d--h----- D:\Documents and Settings\Captain Kool\NetHood
2008-05-11 20:12:59 0 dr------- D:\Documents and Settings\Captain Kool\My Documents
2008-05-11 20:12:59 0 d--h----- D:\Documents and Settings\Captain Kool\Local Settings
2008-05-11 20:12:59 0 d---s---- D:\Documents and Settings\Captain Kool\Favorites
2008-05-11 20:12:59 0 d-------- D:\Documents and Settings\Captain Kool\Desktop
2008-05-11 20:12:59 0 d--hs---- D:\Documents and Settings\Captain Kool\Cookies
2008-05-11 20:12:59 0 dr-h----- D:\Documents and Settings\Captain Kool\Application Data
2008-05-11 20:12:59 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\WinRAR
2008-05-11 20:12:59 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\uTorrent
2008-05-11 20:12:59 0 d-------- D:\Documents and Settings\Captain Kool\Application Data\Desktopicon
2008-05-11 20:10:51 0 d---s---- D:\WINDOWS\system32\Microsoft
2008-05-11 20:10:51 0 d-------- D:\WINDOWS\Prefetch
2008-05-11 20:10:38 0 d--h----- D:\Documents and Settings\NetworkService\Local Settings
2008-05-11 20:10:38 0 d--hs---- D:\Documents and Settings\NetworkService\Cookies
2008-05-11 20:10:38 0 d-------- D:\Documents and Settings\NetworkService\Application Data
2008-05-11 20:10:38 0 d---s---- D:\Documents and Settings\NetworkService\Application Data\Microsoft
2008-05-11 20:10:37 643072 --a------ D:\Documents and Settings\NetworkService\NTUSER.DAT
2008-05-11 20:08:27 503808 ---h----- D:\Documents and Settings\Default User\NTUSER.DAT
2008-05-11 20:08:04 20120 --a------ D:\WINDOWS\sKzVistaUltimateSound(Loud).reg
2008-05-11 20:08:00 0 d-------- D:\Documents and Settings\Default User\Application Data\Desktopicon
2008-05-11 20:07:53 0 d-------- D:\Program Files\RocketDock
2008-05-11 20:07:45 0 d-------- D:\Program Files\LClock
2008-05-11 20:07:40 164352 --a------ D:\WINDOWS\system32\unrar.dll
2008-05-11 20:07:37 0 d-------- D:\Program Files\K-Lite Codec Pack
2008-05-11 20:07:16 0 d-------- D:\Program Files\Common Files\Stardock
2008-05-11 20:07:15 0 d-------- D:\Program Files\Stardock
2008-05-11 20:06:57 0 d-------- D:\Program Files\HashTab Shell Extension
2008-05-11 20:06:53 0 d-------- D:\Program Files\Alky for Applications
2008-05-11 20:06:42 0 d-------- D:\Program Files\Sysinternals
2008-05-11 20:06:37 0 d-------- D:\Program Files\IZArc
2008-05-11 20:05:47 0 d-------- D:\Program Files\Java
2008-05-11 20:05:45 0 d-------- D:\Program Files\Common Files\Java
2008-05-11 20:00:18 0 d-------- D:\Documents and Settings\LocalService\Start Menu
2008-05-11 20:00:17 53248 --a------ D:\Documents and Settings\LocalService\ntuser.dat
2008-05-11 20:00:17 0 d-------- D:\Documents and Settings\LocalService\Local Settings
2008-05-11 20:00:17 0 d--hs---- D:\Documents and Settings\LocalService\Cookies
2008-05-11 20:00:17 0 d-------- D:\Documents and Settings\LocalService\Application Data
2008-05-11 20:00:17 0 d---s---- D:\Documents and Settings\LocalService\Application Data\Microsoft
2008-05-11 19:59:49 0 d-------- D:\WINDOWS\system32\XPSViewer
2008-05-11 19:59:49 0 d-------- D:\Program Files\MSBuild
2008-05-11 19:59:38 0 d-------- D:\Program Files\Reference Assemblies
2008-05-11 19:55:30 0 d-------- D:\WINDOWS\system32\URTTemp
2008-05-11 19:55:04 124928 -----n--- D:\WINDOWS\system32\prntvpt.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 19:53:36 0 d-------- D:\WINDOWS\system32\dllcache
2008-05-11 19:52:23 0 d--hs---- D:\Documents and Settings\All Users\DRM
2008-05-11 19:51:47 0 d--h----- D:\Program Files\WindowsUpdate
2008-05-11 19:51:39 0 d-------- D:\Program Files\Online Services
2008-05-11 19:51:08 0 d---s---- D:\WINDOWS\Tasks
2008-05-11 19:51:07 0 d-------- D:\Program Files\Common Files\MSSoap
2008-05-11 19:51:03 0 d-------- D:\WINDOWS\srchasst
2008-05-11 19:50:54 0 d-------- D:\Program Files\Movie Maker
2008-05-11 19:50:25 0 d-------- D:\WINDOWS\system32\Restore
2008-05-11 19:49:16 21640 --a------ D:\WINDOWS\system32\emptyregdb.dat
2008-05-11 19:48:53 0 d-------- D:\WINDOWS\Registration
2008-05-11 19:48:25 0 dr------- D:\WINDOWS\Offline Web Pages
2008-05-11 19:48:25 0 d---s---- D:\WINDOWS\Downloaded Program Files
2008-05-11 19:47:23 0 d-------- D:\Documents and Settings\Default User\Application Data\WinRAR
2008-05-11 19:47:06 0 d-------- D:\Program Files\uTorrent
2008-05-11 19:47:00 0 d-------- D:\Documents and Settings\Default User\Application Data\uTorrent
2008-05-11 19:44:30 0 d-------- D:\Program Files\VistaExperience.org
2008-05-11 19:41:47 498176 --a------ D:\WINDOWS\system32\vLogon.scr <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-05-11 19:41:47 382976 --a------ D:\WINDOWS\system32\Vista.scr <Not Verified; Microsoft Corporation; Microsoft? Windows? Operating System>
2008-05-11 19:41:47 117248 --a------ D:\WINDOWS\system32\Ribbons.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 19:41:47 117248 --a------ D:\WINDOWS\system32\Mystify.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 19:41:47 720412 --a------ D:\WINDOWS\system32\MGB_ScreenSaver.scr <Not Verified; Tenmiles Corporation; ScreenSwift Screen Saver>
2008-05-11 19:41:47 773120 --a------ D:\WINDOWS\system32\Bubbles.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 19:41:47 0 d-------- D:\Program Files\Windows Sidebar
2008-05-11 19:41:46 1263616 --a------ D:\WINDOWS\system32\Aurora.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-05-11 19:41:36 0 d-------- D:\Program Files\Styler
2008-05-11 19:41:34 0 d-------- D:\Program Files\CCleaner
2008-05-11 19:41:09 20992 --a------ D:\WINDOWS\system32\CabTool.exe <Not Verified; ; CAB Tool>
2008-05-11 19:41:09 0 d-------- D:\Program Files\Desktop
2008-05-11 19:40:58 0 d-------- D:\Program Files\Utilities
2008-05-11 19:40:48 0 d-------- D:\Program Files\Windows Media Connect 2
2008-05-11 19:40:32 0 d-------- D:\Program Files\Windows NT
2008-05-11 19:40:28 0 d-------- D:\WINDOWS\system32\MsDtc
2008-05-11 19:40:26 0 d-------- D:\WINDOWS\system32\Com
2008-05-11 16:28:48 0 d--hs---- D:\WINDOWS\Installer
2008-05-11 16:28:47 0 d-------- D:\Program Files\Common Files\ODBC
2008-05-11 16:28:43 0 d-------- D:\Program Files\Common Files\SpeechEngines
2008-05-11 16:28:42 0 d-------- D:\Program Files
2008-05-11 16:28:42 0 d-------- D:\Program Files\Common Files
2008-05-11 16:28:07 0 d--h----- D:\Documents and Settings\Default User\Templates
2008-05-11 16:28:07 0 dr------- D:\Documents and Settings\Default User\Start Menu
2008-05-11 16:28:07 0 dr-h----- D:\Documents and Settings\Default User\SendTo
2008-05-11 16:28:07 0 d--h----- D:\Documents and Settings\Default User\Recent
2008-05-11 16:28:07 0 d--h----- D:\Documents and Settings\Default User\PrintHood
2008-05-11 16:28:07 0 d--h----- D:\Documents and Settings\Default User\NetHood
2008-05-11 16:28:07 0 d-------- D:\Documents and Settings\Default User\My Documents
2008-05-11 16:28:07 0 dr-h----- D:\Documents and Settings\Default User\Local Settings
2008-05-11 16:28:07 0 d-------- D:\Documents and Settings\Default User\Favorites
2008-05-11 16:28:07 0 d-------- D:\Documents and Settings\Default User\Desktop
2008-05-11 16:28:07 0 d--hs---- D:\Documents and Settings\Default User\Cookies
2008-05-11 16:28:07 0 d--h----- D:\Documents and Settings\All Users\Templates
2008-05-11 16:28:07 0 dr------- D:\Documents and Settings\All Users\Start Menu
2008-05-11 16:28:07 0 d-------- D:\Documents and Settings\All Users\Favorites
2008-05-11 16:28:07 0 dr------- D:\Documents and Settings\All Users\Documents
2008-05-11 16:28:07 0 d-------- D:\Documents and Settings\All Users\Desktop
2008-05-11 16:27:49 0 d-------- D:\WINDOWS\system32\CatRoot2
2008-05-11 16:27:49 0 d-------- D:\WINDOWS\system32\CatRoot
2008-05-11 16:27:43 0 dr-h----- D:\Documents and Settings\Default User\Application Data
2008-05-11 16:27:43 0 d---s---- D:\Documents and Settings\Default User\Application Data\Microsoft
2008-05-11 16:27:43 0 dr-h----- D:\Documents and Settings\All Users\Application Data
2008-05-11 16:27:43 0 d---s---- D:\Documents and Settings\All Users\Application Data\Microsoft
2008-05-11 16:25:36 0 d--hs---- D:\System Volume Information
2008-05-11 16:25:36 0 d-------- D:\Documents and Settings
2008-05-11 16:21:04 0 d-------- D:\WINDOWS
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\WinSxS
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Web
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\twain_32
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\wins
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\wbem
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\usmt
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\spool
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\ShellExt
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\Setup
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\scripting
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\ras
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\oobe
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\npp
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\mui
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\Macromed
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\inetsrv
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\IME
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\icsxml
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\ias
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\export
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\en
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\drivers
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\drivers\UMDF
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\drivers\etc
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\drivers\disdn
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\dhcp
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\config
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\3com_dmi
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\3076
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\2052
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1054
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1042
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1041
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1037
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1033
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1031
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1028
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system32\1025
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\system
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\SoftwareDistribution
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\security
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Resources
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\repair
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Provisioning
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\PeerNet
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\pchealth
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Network Diagnostic
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\mui
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\msapps
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\msagent
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Media
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\L2Schemas
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\java
2008-05-11 16:21:04 0 d--h----- D:\WINDOWS\inf
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\ime
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Help
2008-05-11 16:21:04 0 dr--s---- D:\WINDOWS\Fonts
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\ehome
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Driver Cache
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Debug
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Cursors
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Connection Wizard
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\Config
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\AppPatch
2008-05-11 16:21:04 0 d-------- D:\WINDOWS\addins
2008-04-27 05:20:49 28672 --a------ D:\WINDOWS\system32\setupold.exe <Not Verified; iLE d.o.p.; >
2008-04-27 05:20:49 3038 --a------ D:\WINDOWS\system32\presetup.cmd
2008-04-27 05:06:26 361344 --a------ D:\WINDOWS\system32\drivers\tcpip.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 05:06:25 140288 --a------ D:\WINDOWS\system32\sfc_os.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 05:05:28 36864 --a------ D:\WINDOWS\system32\qfecheck.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 05:05:28 524288 --a------ D:\WINDOWS\opuc.dll <Not Verified; Microsoft Corporation; 2007 Microsoft Office system>
2008-04-27 05:04:04 16384 --a------ D:\WINDOWS\system32\lcid.exe <Not Verified; Microsoft; lcid>
2008-04-27 05:03:18 98304 --a------ D:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 05:00:24 200 --a------ D:\WINDOWS\system32\nlite.cmd
2008-04-27 04:21:03 4096 --a------ D:\WINDOWS\system32\wmvdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:21:03 4096 --a------ D:\WINDOWS\system32\wmvdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:21:00 1329152 --a------ D:\WINDOWS\system32\wmspdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:59 603648 --a------ D:\WINDOWS\system32\wmspdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:58 4096 --a------ D:\WINDOWS\system32\wmsdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:58 4096 --a------ D:\WINDOWS\system32\wmsdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:58 99840 --a------ D:\WINDOWS\system32\wmpshell.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:58 8678912 --a------ D:\WINDOWS\system32\wmploc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:46 314880 --a------ D:\WINDOWS\system32\wmpdxm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:46 242688 --a------ D:\WINDOWS\system32\wmpasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:26 937984 --a------ D:\WINDOWS\system32\wmnetmgr.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:25 157184 --a------ D:\WINDOWS\system32\wmidx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:25 227328 --a------ D:\WINDOWS\system32\wmerror.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:24 37376 --a------ D:\WINDOWS\system32\wmdmps.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:24 33792 --a------ D:\WINDOWS\system32\wmdmlog.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:23 1117696 --a------ D:\WINDOWS\system32\wmadmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:22 757248 --a------ D:\WINDOWS\system32\wmadmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:20 211456 --a------ D:\WINDOWS\system32\qasf.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:19 321536 --a------ D:\WINDOWS\system32\mswmdm.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:19 414208 --a------ D:\WINDOWS\system32\msscp.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-27 04:20:18 175616 --a------ D:\WINDOWS\system32\mspmsp.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:18 27136 --a------ D:\WINDOWS\system32\mspmsnsv.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:18 179712 --a------ D:\WINDOWS\system32\msnetobj.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-27 04:20:17 4096 --a------ D:\WINDOWS\system32\mpg4dmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:17 4096 --a------ D:\WINDOWS\system32\mp4sdmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:17 4096 --a------ D:\WINDOWS\system32\mp43dmod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:17 100864 --a------ D:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:17 11264 --a------ D:\WINDOWS\system32\laprxy.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:17 991744 --a------ D:\WINDOWS\system32\drmv2clt.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-27 04:20:16 229376 --a------ D:\WINDOWS\system32\cewmdm.dll <Not Verified; Microsoft Corporation; Windows Media Device Manager>
2008-04-27 04:20:16 542720 --a------ D:\WINDOWS\system32\blackbox.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-27 04:20:15 316416 --a------ D:\WINDOWS\system32\wudfx.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:15 55808 --a------ D:\WINDOWS\system32\wudfsvc.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:15 82944 --a------ D:\WINDOWS\system32\drivers\wudfrd.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:15 7168 --a------ D:\WINDOWS\system32\asferror.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:14 146432 --a------ D:\WINDOWS\system32\wudfhost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:14 77568 --a------ D:\WINDOWS\system32\drivers\wudfpf.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:14 38528 --a------ D:\WINDOWS\system32\drivers\wpdusb.sys <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:13 356352 --a------ D:\WINDOWS\system32\WPDSp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:13 2603008 --a------ D:\WINDOWS\system32\wpdshext.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:10 63488 --a------ D:\WINDOWS\system32\wpdmtpus.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:08 154624 --a------ D:\WINDOWS\system32\wpdmtp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:08 35840 --a------ D:\WINDOWS\system32\wpdconns.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:08 629760 --a------ D:\WINDOWS\system32\wpd_ci.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:08 656896 --a------ D:\WINDOWS\system32\wmvxencd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:07 767488 --a------ D:\WINDOWS\system32\wmvsencd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:06 1382912 --a------ D:\WINDOWS\system32\wmvsdecd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:05 1574912 --a------ D:\WINDOWS\system32\wmvencod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:04 1543680 --a------ D:\WINDOWS\system32\wmvdecod.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:02 4096 --a------ D:\WINDOWS\system32\wmvadve.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:02 4096 --a------ D:\WINDOWS\system32\wmvadvd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:02 204288 --a------ D:\WINDOWS\system32\wmpsrcwp.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:02 130048 --a------ D:\WINDOWS\system32\wmpps.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:02 613376 --a------ D:\WINDOWS\system32\wmpmde.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:01 1661440 --a------ D:\WINDOWS\system32\WMPEncEn.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:59 535040 --a------ D:\WINDOWS\system32\wmdrmsdk.dll <Not Verified; Microsoft Corporation; Microsoft® DRM>
2008-04-27 04:19:58 348672 --a------ D:\WINDOWS\system32\wmdrmnet.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:58 429056 --a------ D:\WINDOWS\system32\wmdrmdev.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 8704 --a------ D:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 4096 --a------ D:\WINDOWS\system32\wdfapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 8704 --a------ D:\WINDOWS\system32\uWDF.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:55 259072 --a------ D:\WINDOWS\system32\mpg4decd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:55 317440 --a------ D:\WINDOWS\system32\mp4sdecd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:55 259072 --a------ D:\WINDOWS\system32\mp43decd.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:54 212992 --a------ D:\WINDOWS\system32\mfplat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:54 249856 --a------ D:\WINDOWS\system32\drmupgds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:53 276992 --a------ D:\WINDOWS\system32\audiodev.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 20:39:32 2746880 --a------ D:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-25 19:42:54 2710016 --a------ D:\WINDOWS\system32\winntbbu.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Find3M Report ---------------------------------------------------------------
2008-05-11 16:28:07 62 --ahs---- D:\Documents and Settings\Captain Kool\Application Data\desktop.ini
2008-04-27 04:20:15 165376 --a------ D:\WINDOWS\system32\wudfplatform.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:13 133632 --a------ D:\WINDOWS\system32\wpdshserviceobj.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:13 38400 --a------ D:\WINDOWS\system32\wpdshextres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:20:13 17408 --a------ D:\WINDOWS\system32\wpdshextautoplay.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:59 295936 --a------ D:\WINDOWS\system32\wmpeffects.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 199168 --a------ D:\WINDOWS\system32\portabledevicewmdrm.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 166912 --a------ D:\WINDOWS\system32\portabledevicetypes.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:57 101888 --a------ D:\WINDOWS\system32\portabledeviceclassextension.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:56 132096 --a------ D:\WINDOWS\system32\portabledevicewiacompat.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-27 04:19:56 284160 --a------ D:\WINDOWS\system32\portabledeviceapi.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-24 06:45:21 218624 --a------ D:\WINDOWS\system32\uxtheme.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-04-23 17:32:39 1587712 --a------ D:\WINDOWS\system32\msgina.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-02-29 02:18:30 186880 --a------ D:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="D:\Program Files\Unlocker\UnlockerAssistant.exe" [01/03/2008 02:10 AM]
"egui"="D:\Program Files\ESET\ESET Smart Security\egui.exe" [01/03/2008 04:54 AM]
"SMSystemAnalyzer"="D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe" [06/05/2008 04:48 PM]
"KernelFaultCheck"="D:\WINDOWS\system32\dumprep 0 -k" []
"ATIPTA"="D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [25/08/2004 12:52 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:42 AM]
"True Transparency"="D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" [28/10/2007 04:44 PM]
"Sidebar"="D:\Program Files\Windows Sidebar\sidebar.exe" [02/12/2007 10:58 PM]
"VistaStartMenu"="D:\Program Files\Vista Start Menu\VistaStartMenu.exe" [12/11/2007 10:58 AM]
"RocketDock"="D:\Program Files\RocketDock\RocketDock.exe" [02/09/2007 01:58 PM]
"FreeRAM XP"="D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [23/03/2006 12:13 AM]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"nltide_3"=rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
"ShowDeskFix"=regsvr32 /s /n /i:u shell32
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"True Transparency"="D:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
"LClock"=D:\Program Files\LClock\LClock.exe
D:\Documents and Settings\Captain Kool\Start Menu\Programs\Startup\
MagicDisc.lnk - D:\Program Files\MagicDisc\MagicDisc.exe [5/23/2008 7:08:25 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
D:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
-- End of Deckard's System Scanner: finished at 2008-05-25 18:06:17 ------------
Deckard's System Scanner v20071014.68
Run by Captain Kool on 2008-05-25 18:01:38
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
-- Last 5 Restore Point(s) --
16: 2008-05-25 21:00:50 UTC - RP16 - Deckard's System Scanner Restore Point
15: 2008-05-25 18:08:09 UTC - RP15 - System Checkpoint
14: 2008-05-24 15:55:28 UTC - RP14 - Removed Project64 1.6
13: 2008-05-24 00:45:37 UTC - RP13 - Installed Project64 1.6
12: 2008-05-23 01:53:27 UTC - RP12 - System Checkpoint
-- First Restore Point --
1: 2008-05-14 20:13:17 UTC - RP1 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Captain Kool.exe) ----------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:02:06 PM, on 25/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20772)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\Program Files\iolo\common\lib\ioloServiceManager.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\uTorrent\uTorrent.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Documents and Settings\Captain Kool\Desktop\dss.exe
D:\DOCUME~1\CAPTAI~1\Desktop\Captain Kool.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.msn.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SMSystemAnalyzer] "D:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe"
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [VistaStartMenu] "D:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [FreeRAM XP] "D:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [True Transparency] "D:\Program Files\Utilities\True Transparency\TrueTransparency.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [LClock] D:\Program Files\LClock\LClock.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: MagicDisc.lnk = D:\P