"restore & reboot immediately"
"Restore"
"Dump"
and on tools
"wipe,copy & delete"
"Delete registry Key"
"Kernel Mode callbacks"
what do i do next
after the Root repeal scan i got this warning
warning - the number of SSDT entries from the kernel & the number on-disk are different (297 and 284).
and i did not get option "all drives showing"
Malwarebytes' Anti-Malware 1.41
Database version: 2932
Windows 5.1.2600 Service Pack 3
09/10/2009 20:34:27
mbam-log-2009-10-09 (20-34-27).txt
Scan type: Quick Scan
Objects scanned: 103220
Time elapsed: 11 minute(s), 49 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/10/09 20:35
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xACC5B000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79AB000 Size: 8192 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA4315000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xacebb8b0
#: 047 Function Name: NtCreateProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd15930
#: 048 Function Name: NtCreateProcessEx
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd15aa0
#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd16540
#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd16190
#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd16e20
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd15d60
#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd142a0
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xacebb8e0
#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd16370
#: 173 Function Name: NtQuerySystemInformation
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd16ad0
#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd16dd0
#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd17150
#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd17770
#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd1b160
#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd12ec0
#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd16d80
#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\System32\DRIVERS\klif.sys" at address 0xacd14600
#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xacebb990
#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xacebba30
#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Driver\platform_XP\SafeConnectShim.sys" at address 0xacebbad0
==EOF==
OTL logfile created on: 09/10/2009 19:26:31 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Paul\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 72.08% Memory free
4.00 Gb Paging File | 3.33 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 114.48 Gb Total Space | 92.93 Gb Free Space | 81.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 146.42 Gb Total Space | 26.89 Gb Free Space | 18.36% Space Free | Partition Type: FAT32
Drive F: | 48.83 Gb Total Space | 18.33 Gb Free Space | 37.54% Space Free | Partition Type: NTFS
Drive G: | 102.77 Gb Total Space | 61.61 Gb Free Space | 59.95% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAUL-AE3E030687
Current User Name: Paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2008/08/08 09:36:14 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/08/08 09:36:14 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/05/27 13:10:02 | 00,371,440 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Broadband\PCguard\Fws.exe
PRC - [2008/07/29 17:20:54 | 00,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
PRC - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe
PRC - [2008/09/22 16:58:44 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
PRC - [2008/11/14 18:28:10 | 04,937,752 | R--- | M] (Sana Security) -- C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/05/27 13:10:54 | 00,388,336 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Broadband\PCguard\rps.exe
PRC - [2009/05/27 12:20:32 | 00,308,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Virgin Broadband\advisor\BroadbandadvisorComHandler.exe
PRC - [2006/12/06 18:10:16 | 00,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/11/22 17:55:38 | 00,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2006/08/11 18:56:02 | 00,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2008/07/29 17:20:58 | 00,380,928 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
PRC - [2007/07/17 11:13:56 | 00,049,152 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/05/27 12:20:30 | 02,303,216 | ---- | M] (Virgin Broadband) -- C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe
PRC - [2006/10/27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/03/20 20:23:22 | 00,083,240 | ---- | M] (Cyberlink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/02/14 03:57:02 | 00,091,432 | R--- | M] (cyberlink) -- C:\Program Files\Cyberlink\Shared Files\brs.exe
PRC - [2005/10/21 18:12:22 | 00,040,960 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Entertainment Center\EAXLoadr.exe
PRC - [2008/05/26 22:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2007/07/17 11:13:34 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
PRC - [2009/05/27 13:10:56 | 00,170,736 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe
PRC - [2009/04/03 14:51:32 | 00,143,360 | ---- | M] (Kaspersky Lab.) -- C:\Program Files\Virgin Broadband\PCguard\Kav\Bin\ScanningProcess.exe
PRC - [2009/10/09 13:34:20 | 04,368,952 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009/10/09 13:34:20 | 04,368,952 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe
PRC - [2009/08/24 21:17:45 | 00,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/09 19:24:35 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\My Documents\Downloads\OTL.exe
========== Win32 Services (SafeList) ==========
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/08 09:36:14 | 00,573,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2008/07/29 17:20:54 | 00,262,144 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [1999/12/13 01:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\System32\CTsvcCDA.exe -- (Creative Service for CDROM Access [Auto | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/14 01:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/09/22 16:58:44 | 00,693,512 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe -- (PD91Agent [Auto | Running])
SRV - [2008/09/22 16:58:48 | 00,910,600 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe -- (PD91Engine [On_Demand | Stopped])
SRV - [2009/05/27 13:10:56 | 00,170,736 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Broadband\PCguard\RpsSecurityAwareR.exe -- (Radialpoint Security Services [On_Demand | Running])
SRV - [2008/11/14 18:28:10 | 04,937,752 | R--- | M] (Sana Security) -- C:\Program Files\Virgin Broadband\PCguard\SafeConnect\Bin\SanaAgent.exe -- (RadialpointSafeConnectAgent [Auto | Running])
SRV - [2009/05/27 13:10:02 | 00,371,440 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Broadband\PCguard\Fws.exe -- (RP_FWS [Auto | Running])
SRV - [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009/10/09 13:34:20 | 04,368,952 | ---- | M] (Prevx) -- C:\Program Files\Prevx\prevx.exe -- (CSIScanner [Auto | Running])
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.virginmedia.com/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.2
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/10/03 01:26:36 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/03 11:29:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/03 11:29:45 | 00,000,000 | ---D | M]
[2009/10/03 11:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Extensions
[2009/10/03 11:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/08 22:32:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Firefox\Profiles\c6fzdhsv.default\extensions
[2009/10/03 15:15:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Firefox\Profiles\c6fzdhsv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/04 23:59:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Firefox\Profiles\c6fzdhsv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/10/04 23:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\mozilla\Firefox\Profiles\c6fzdhsv.default\extensions\netvideohunter@netvideohunter.com
[2009/10/03 11:29:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/03 11:29:46 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/08/24 21:17:45 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/24 21:17:45 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/08/24 21:17:45 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/08/24 20:10:36 | 00,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2009/08/24 20:10:36 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/08/24 20:10:36 | 00,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2009/08/24 20:10:36 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/08/24 20:10:36 | 00,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2009/08/24 20:10:36 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/08/24 20:10:36 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/08/24 20:10:36 | 00,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Virgin Broadband\PCguard\pkR.dll (Virgin Media)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Broadbandadvisor.exe] C:\Program Files\Virgin Broadband\advisor\Broadbandadvisor.exe (Virgin Broadband)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RCSystem] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe (ASUSTeK Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1254529370687 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/02 21:53:09 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found
NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/02 22:39:52 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/10/03 18:31:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/10/02 22:43:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/10/08 21:20:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/10/06 20:32:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/10/09 13:46:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/02 22:39:52 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/10/03 20:06:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/10/06 21:57:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/10/09 01:01:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/10/02 23:03:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Raxco
[2009/10/08 21:25:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/10/02 22:54:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/10/02 23:40:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/02 21:58:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Paul\Application Data
[2009/10/03 11:37:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Adobe
[2009/10/03 18:31:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Ashampoo
[2009/10/02 22:43:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\ATI
[2009/10/03 15:20:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2009/10/02 22:05:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Creative
[2009/10/08 21:22:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\CyberLink
[2009/10/02 21:59:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Identities
[2009/10/03 11:37:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Macromedia
[2009/10/09 13:46:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2009/10/02 21:58:57 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Paul\Application Data\Microsoft
[2009/10/03 11:29:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Mozilla
[2009/10/06 21:57:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Office Genuine Advantage
[2009/10/04 21:44:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Smart Recorder
[2009/10/02 22:54:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Virgin Broadband
[2009/10/04 17:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Vso
[2009/10/06 22:02:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Windows Desktop Search
[2009/10/07 21:10:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Windows Search
[2009/10/02 21:58:57 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data
[2009/10/03 18:31:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\ashampoo
[2009/10/02 22:43:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\ATI
[2009/10/06 22:02:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Identities
[2009/10/02 21:58:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft
[2009/10/03 20:06:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Microsoft Help
[2009/10/03 11:29:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Mozilla
[2009/10/02 22:42:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/10/02 22:39:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2009/10/02 22:08:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Creative
[2009/10/08 21:20:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CyberLink
[2009/10/03 20:14:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/10/02 22:02:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/10/02 22:42:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/10/02 21:50:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/10/02 22:42:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/10/02 21:50:53 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/10/02 22:42:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/10/02 21:50:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/10/02 22:42:19 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/10/03 18:31:22 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009/10/02 22:44:55 | 00,000,000 | ---D | C] -- C:\Program Files\ASUS
[2009/10/02 22:34:46 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/10/03 15:20:00 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/10/03 21:35:48 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/02 22:42:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/10/02 21:49:37 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/10/02 22:03:18 | 00,000,000 | ---D | C] -- C:\Program Files\Creative
[2009/10/02 22:08:48 | 00,000,000 | -H-D | C] -- C:\Program Files\Creative Installation Information
[2009/10/08 21:19:12 | 00,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2009/10/08 21:11:55 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Audio Extractor
[2009/10/06 20:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/10/08 21:29:31 | 00,000,000 | ---D | C] -- C:\Program Files\DVDFab 5
[2009/10/06 20:12:34 | 00,000,000 | ---D | C] -- C:\Program Files\DVDFab Decrypter
[2009/10/02 22:02:32 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/02 21:50:15 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/10/09 13:46:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/02 21:49:15 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/10/03 20:44:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression
[2009/10/02 21:53:36 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/10/03 20:06:44 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/10/03 20:14:26 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/10/03 20:08:57 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009/10/03 20:15:53 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/10/03 20:12:18 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009/10/02 21:50:38 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/10/03 11:29:44 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/03 00:59:32 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/10/02 21:48:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/10/02 21:49:11 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/10/02 23:02:59 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/10/02 22:42:10 | 00,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2009/10/02 21:50:26 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/10/02 21:49:23 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/10/02 21:50:23 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/10/09 13:34:20 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/10/02 23:03:12 | 00,000,000 | ---D | C] -- C:\Program Files\Raxco
[2009/10/03 00:59:23 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/10/08 21:31:48 | 00,000,000 | ---D | C] -- C:\Program Files\Sony
[2009/10/08 21:31:19 | 00,000,000 | ---D | C] -- C:\Program Files\Sony Setup
[2009/10/03 19:28:45 | 00,000,000 | ---D | C] -- C:\Program Files\Soulseek
[2009/10/02 21:59:09 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/10/02 22:54:07 | 00,000,000 | ---D | C] -- C:\Program Files\Virgin Broadband
[2009/10/04 17:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\VSO
[2009/10/08 21:32:04 | 00,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2009/10/06 22:01:30 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2009/10/03 01:21:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2009/10/02 21:49:23 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/10/02 21:48:33 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/10/02 21:51:46 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/10/03 19:15:55 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009/10/02 21:53:36 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/10/09 13:46:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/09 13:46:38 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/09 13:34:21 | 00,022,024 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/10/09 13:34:20 | 00,027,656 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2009/10/09 09:39:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/10/09 01:23:27 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Paul\Desktop\RootRepeal.exe
[2009/10/08 21:30:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\DVDFab
[2009/10/08 21:20:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\CyberLink
[2009/10/06 22:01:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/10/06 20:14:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\DVD
[2009/10/06 20:13:28 | 00,000,000 | ---D | C] -- C:\DVDFabDecrypter_Temp
[2009/10/05 00:46:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\reg back up
[2009/10/04 17:08:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\ConvertXtoDVD
[2009/10/04 17:05:45 | 00,047,360 | ---- | C] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/10/04 17:05:45 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Paul\Application Data\pcouffin.sys
[2009/10/04 17:05:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\PcSetup
[2009/10/04 17:05:25 | 00,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2009/10/03 21:08:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\The Residents - See My Aroma
[2009/10/03 20:07:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/10/03 20:06:05 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2009/10/03 19:59:03 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Paul\My Documents\My Videos
[2009/10/03 11:58:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\Downloads
[2009/10/03 01:31:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2009/10/03 01:31:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/10/03 01:29:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2009/10/03 01:29:31 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2009/10/03 01:29:17 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2009/10/03 01:19:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/10/03 01:19:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/10/03 01:17:54 | 00,084,992 | ---- | C] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys
[2009/10/03 00:59:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2009/10/03 00:58:49 | 00,000,000 | ---D | C] -- C:\61bf4180cc26eab6f3c7
[2009/10/03 00:37:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/10/03 00:17:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/10/03 00:17:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/10/03 00:16:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/10/03 00:16:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/10/03 00:08:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/10/02 23:58:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/10/02 23:51:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/02 23:47:22 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/10/02 23:05:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/10/02 23:04:33 | 00,179,984 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/10/02 23:04:08 | 00,053,192 | ---- | C] (Radialpoint Inc.) -- C:\WINDOWS\System32\drivers\rp_skt32.sys
[2009/10/02 23:03:51 | 00,048,384 | ---- | C] (Radialpoint, Inc.) -- C:\WINDOWS\System32\drivers\rp_pkt32.sys
[2009/10/02 23:03:14 | 00,071,184 | ---- | C] (Raxco Software, Inc.) -- C:\WINDOWS\System32\drivers\DefragFS.sys
[2009/10/02 22:56:59 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2009/10/02 22:56:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/10/02 22:56:38 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/10/02 22:49:41 | 00,012,288 | R--- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO_XP.sys
[2009/10/02 22:49:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Paul\My Documents\ASUS
[2009/10/02 22:46:27 | 00,012,288 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO64_xp.sys
[2009/10/02 22:44:57 | 00,102,400 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\NetVideo_SBS.ax
[2009/10/02 22:44:56 | 00,262,144 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe
[2009/10/02 22:44:55 | 00,011,264 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2009/10/02 22:44:55 | 00,011,136 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\drivers\atkkbnt.sys
[2009/10/02 22:44:55 | 00,010,752 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\drivers\Video3D32.sys
[2009/10/02 22:44:55 | 00,008,704 | ---- | C] (ASMT) -- C:\WINDOWS\System32\drivers\Bravo.sys
[2009/10/02 22:44:54 | 02,093,056 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\ATKDispCPL.dll
[2009/10/02 22:44:54 | 00,195,072 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\ATKDISP.dll
[2009/10/02 22:44:53 | 05,424,640 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\ATKOSDX32.dll
[2009/10/02 22:44:53 | 00,036,352 | ---- | C] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\System32\ATKOGL32.dll
[2009/10/02 22:44:53 | 00,012,416 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\asusgsb.sys
[2009/10/02 22:44:53 | 00,012,416 | ---- | C] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\asusgsb.sys
[2009/10/02 22:44:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/10/02 22:42:23 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/10/02 22:42:19 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/10/02 22:39:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/10/02 22:39:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/10/02 22:39:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/10/02 22:39:28 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/10/02 22:36:54 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/10/02 22:36:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/10/02 22:32:43 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/10/02 22:32:43 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/10/02 22:32:43 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/10/02 22:32:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/10/02 22:32:43 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/10/02 22:07:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Defaults
[2009/10/02 22:06:45 | 00,409,600 | ---- | C] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/10/02 22:06:45 | 00,086,016 | ---- | C] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/10/02 22:05:57 | 00,011,776 | ---- | C] (Creative Technology Limited) -- C:\WINDOWS\INRES.DLL
[2009/10/02 22:05:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Data
[2009/10/02 22:03:33 | 00,034,304 | ---- | C] (Daniel Kawakami) -- C:\WINDOWS\System32\CTAudCS.cpl
[2009/10/02 22:01:20 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/02 21:59:06 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Paul\My Documents\My Pictures
[2009/10/02 21:59:06 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Paul\My Documents\My Music
[2009/10/02 21:57:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/10/02 21:57:01 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/10/02 21:55:21 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/10/02 21:55:21 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/10/02 21:54:23 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/10/02 21:54:23 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/10/02 21:54:23 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/10/02 21:54:11 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/10/02 21:53:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/10/02 21:51:57 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/10/02 21:51:56 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/10/02 21:51:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/10/02 21:50:50 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/10/02 21:50:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/10/02 21:50:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/10/02 21:50:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/10/02 21:50:14 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/10/02 21:49:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/10/02 21:49:23 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/10/02 21:48:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/10/02 21:48:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/10/02 21:48:16 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
========== Files - Modified Within 14 Days ==========
[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/10/09 19:30:14 | 00,005,464 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-00531102}.CDF
[2009/10/09 19:28:27 | 11,701,792 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/09 19:22:52 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\settings.dat
[2009/10/09 13:46:44 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/09 13:34:21 | 00,027,656 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxsec.sys
[2009/10/09 13:34:21 | 00,022,024 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxscan.sys
[2009/10/09 13:34:01 | 00,000,063 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/09 10:42:20 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/09 10:42:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/09 10:42:04 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/09 10:42:02 | 00,047,604 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/10/09 10:07:27 | 00,362,784 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/10/09 10:07:27 | 00,088,148 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/10/09 10:07:27 | 00,034,484 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/10/09 10:07:27 | 00,031,656 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000C-00001102-00000004-00531102}.rfx
[2009/10/09 10:07:27 | 00,031,656 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000C-00001102-00000004-00531102}.rfx
[2009/10/09 10:07:27 | 00,028,968 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000C-00001102-00000004-00531102}.rfx
[2009/10/09 10:07:27 | 00,028,968 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000C-00001102-00000004-00531102}.rfx
[2009/10/09 10:07:27 | 00,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000C-00001102-00000004-00531102}.rfx
[2009/10/09 10:07:27 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/10/09 10:07:27 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/10/09 10:06:58 | 04,958,588 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-00531102}.BAK
[2009/10/09 01:19:40 | 00,000,020 | ---- | M] () -- C:\WINDOWS\System32\SYSTEM
[2009/10/08 22:00:39 | 00,000,671 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\vso_ts_preview.xml
[2009/10/08 21:29:39 | 00,000,618 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\DVDFab 5.lnk
[2009/10/08 21:20:39 | 00,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD 8.lnk
[2009/10/08 20:44:39 | 08,355,840 | ---- | M] () -- C:\Documents and Settings\Paul\My Documents\The Residents Comprehensive.accdb
[2009/10/07 17:46:23 | 00,007,168 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/07 10:53:14 | 00,000,386 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Shortcut to Local Area Connection.lnk
[2009/10/07 00:12:36 | 06,417,058 | -H-- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\IconCache.db
[2009/10/06 22:01:49 | 00,001,787 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/06 22:01:49 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/06 22:01:43 | 00,534,308 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/06 22:01:43 | 00,456,304 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/06 22:01:43 | 00,075,210 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/04 17:05:45 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\inst.exe
[2009/10/04 17:05:45 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/10/04 17:05:45 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Paul\Application Data\pcouffin.sys
[2009/10/04 17:05:45 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\pcouffin.cat
[2009/10/04 17:05:45 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\pcouffin.inf
[2009/10/03 21:29:22 | 00,069,232 | ---- | M] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/03 21:28:14 | 00,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/03 20:38:04 | 00,000,063 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/10/03 20:35:54 | 00,000,162 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/10/03 20:08:06 | 00,000,582 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/03 15:20:08 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/10/03 11:30:01 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/10/03 11:29:49 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/03 01:21:15 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/03 01:21:15 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/03 01:19:36 | 00,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/10/03 00:40:20 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/02 23:56:26 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/10/02 22:46:25 | 00,012,288 | ---- | M] (ASUSTeK Computer Inc.) -- C:\WINDOWS\System32\drivers\EIO64_xp.sys
[2009/10/02 22:43:04 | 00,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2009/10/02 22:42:18 | 00,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/02 22:32:40 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2009/10/02 22:06:45 | 00,409,600 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
[2009/10/02 22:06:45 | 00,086,016 | ---- | M] (Portions © Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
[2009/10/02 21:56:45 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/02 21:55:56 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/02 21:53:09 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/02 21:53:09 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/10/02 21:53:09 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/02 21:53:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/10/02 21:53:09 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/10/02 21:53:09 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/10/02 21:52:51 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/02 21:51:56 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/02 21:51:56 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/02 21:49:47 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/02 21:49:35 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/10/02 21:47:14 | 00,000,211 | -HS- | M] () -- C:\boot.ini
========== Files - No Company Name ==========
[2009/10/09 19:22:52 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\settings.dat
[2009/10/09 13:46:44 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/09 01:19:40 | 00,000,020 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM
[2009/10/09 01:01:43 | 00,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/08 21:29:39 | 00,000,618 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\DVDFab 5.lnk
[2009/10/08 21:20:39 | 00,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CyberLink PowerDVD 8.lnk
[2009/10/07 10:53:12 | 00,000,386 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Shortcut to Local Area Connection.lnk
[2009/10/06 22:01:49 | 00,001,787 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2009/10/06 22:01:04 | 00,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/10/05 00:42:57 | 04,958,588 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-00531102}.BAK
[2009/10/04 17:07:25 | 00,000,671 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\vso_ts_preview.xml
[2009/10/04 17:05:56 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\pcouffin.log
[2009/10/04 17:05:45 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\inst.exe
[2009/10/04 17:05:45 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\pcouffin.cat
[2009/10/04 17:05:45 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Paul\Application Data\pcouffin.inf
[2009/10/03 21:07:53 | 08,355,840 | ---- | C] () -- C:\Documents and Settings\Paul\My Documents\The Residents Comprehensive.accdb
[2009/10/03 20:31:22 | 00,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/03 18:38:03 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 15:20:08 | 00,000,728 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/10/03 11:30:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/03 11:29:49 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/10/03 01:24:31 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/10/03 01:19:36 | 00,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/10/02 23:26:39 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/10/02 23:26:39 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/10/02 23:26:39 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/10/02 23:26:39 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/10/02 23:26:39 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/10/02 23:26:39 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/10/02 23:26:39 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/10/02 23:26:39 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/10/02 23:26:39 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/10/02 23:26:39 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/10/02 23:26:39 | 00,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2009/10/02 23:26:39 | 00,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2009/10/02 23:26:39 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/10/02 23:26:39 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/10/02 23:26:39 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/10/02 23:26:39 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/10/02 23:26:39 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/10/02 23:26:38 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/10/02 23:26:38 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/10/02 23:26:38 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/10/02 23:26:38 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/10/02 23:26:38 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/10/02 23:26:38 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/10/02 23:26:38 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/10/02 23:26:38 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/10/02 23:26:38 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/10/02 23:26:38 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/10/02 23:26:34 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/10/02 23:26:34 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/10/02 23:26:34 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/10/02 23:26:30 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/10/02 23:26:30 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/10/02 23:26:30 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/10/02 23:26:30 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/10/02 23:26:30 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/10/02 23:26:30 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/10/02 23:26:30 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/10/02 23:26:30 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/10/02 23:26:30 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/10/02 23:26:30 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/10/02 23:26:28 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/10/02 23:26:27 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/10/02 23:26:25 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/10/02 23:26:24 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/10/02 23:26:21 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/10/02 23:26:20 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/10/02 23:26:20 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/10/02 23:26:19 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/10/02 23:26:15 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/10/02 23:26:15 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/10/02 23:26:14 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/10/02 23:26:14 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/10/02 23:26:14 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/10/02 23:26:12 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/10/02 23:26:02 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/10/02 23:25:55 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/10/02 23:25:55 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/10/02 23:25:55 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/10/02 23:25:55 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/10/02 23:25:55 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/10/02 23:25:55 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/10/02 23:25:55 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/10/02 23:25:55 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/10/02 23:25:55 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/10/02 23:25:55 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/10/02 23:25:54 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/10/02 23:21:49 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/10/02 23:07:11 | 11,701,792 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/10/02 23:07:11 | 00,362,784 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/10/02 23:07:11 | 00,088,148 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/10/02 23:07:11 | 00,034,484 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/10/02 23:03:54 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/10/02 22:44:57 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2009/10/02 22:44:55 | 00,196,662 | ---- | C] () -- C:\WINDOWS\System32\ATKF16.rc0
[2009/10/02 22:44:55 | 00,196,662 | ---- | C] () -- C:\WINDOWS\System32\ATKF12.rc0
[2009/10/02 22:44:55 | 00,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin
[2009/10/02 22:44:55 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin
[2009/10/02 22:44:55 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin
[2009/10/02 22:44:55 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin
[2009/10/02 22:44:55 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin
[2009/10/02 22:44:55 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin
[2009/10/02 22:44:55 | 00,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin
[2009/10/02 22:44:55 | 00,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin
[2009/10/02 22:44:55 | 00,001,540 | ---- | C] () -- C:\WINDOWS\System32\ATKF16.rc1
[2009/10/02 22:44:55 | 00,001,540 | ---- | C] () -- C:\WINDOWS\System32\ATKF12.rc1
[2009/10/02 22:44:55 | 00,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\trialatkosdRUS.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\trialatkosdKOR.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\trialatkosdJPN.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\trialatkosdGER.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\trialatkosdFRA.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\trialatkosdENG.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\trialatkosdCHT.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\trialatkosdCHS.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\atkosdRUS.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\atkosdKOR.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\atkosdJPN.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\atkosdGER.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\atkosdFRA.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\atkosdENG.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\atkosdCHT.rc0
[2009/10/02 22:44:54 | 00,303,320 | ---- | C] () -- C:\WINDOWS\System32\atkosdCHS.rc0
[2009/10/02 22:44:54 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/10/02 22:44:54 | 00,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll
[2009/10/02 22:44:54 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll
[2009/10/02 22:44:54 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll
[2009/10/02 22:44:54 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll
[2009/10/02 22:44:54 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll
[2009/10/02 22:44:54 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll
[2009/10/02 22:44:54 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll
[2009/10/02 22:44:54 | 00,033,104 | ---- | C] () -- C:\WINDOWS\System32\trialatkgft.rc0
[2009/10/02 22:44:54 | 00,033,104 | ---- | C] () -- C:\WINDOWS\System32\trialatkgeneral.rc0
[2009/10/02 22:44:54 | 00,033,104 | ---- | C] () -- C:\WINDOWS\System32\atksht.rc0
[2009/10/02 22:44:54 | 00,033,104 | ---- | C] () -- C:\WINDOWS\System32\atkgtvt.rc0
[2009/10/02 22:44:54 | 00,033,104 | ---- | C] () -- C:\WINDOWS\System32\atkgft.rc0
[2009/10/02 22:44:54 | 00,033,104 | ---- | C] () -- C:\WINDOWS\System32\atkdst.rc0
[2009/10/02 22:44:54 | 00,024,632 | ---- | C] () -- C:\WINDOWS\System32\atkrec.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\trialatkshon.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\trialatkshoff.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\trialatkgtvon.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\trialatkgtvoff.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\trialatkdson.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\trialatkdsoff.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\atkshon.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\atkshoff.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\atkgtvon.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\atkgtvoff.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\atkdson.rc0
[2009/10/02 22:44:54 | 00,011,912 | ---- | C] () -- C:\WINDOWS\System32\atkdsoff.rc0
[2009/10/02 22:44:54 | 00,009,024 | ---- | C] () -- C:\WINDOWS\System32\trialatkgfon.rc0
[2009/10/02 22:44:54 | 00,009,024 | ---- | C] () -- C:\WINDOWS\System32\trialatkgfoff.rc0
[2009/10/02 22:44:54 | 00,009,024 | ---- | C] () -- C:\WINDOWS\System32\atkgfon.rc0
[2009/10/02 22:44:54 | 00,009,024 | ---- | C] () -- C:\WINDOWS\System32\atkgfoff.rc0
[2009/10/02 22:44:53 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/10/02 22:44:53 | 00,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll
[2009/10/02 22:44:53 | 00,006,697 | ---- | C] () -- C:\WINDOWS\System32\asusgsb.cat
[2009/10/02 22:44:53 | 00,002,963 | ---- | C] () -- C:\WINDOWS\System32\xvid.inf
[2009/10/02 22:44:53 | 00,002,414 | ---- | C] () -- C:\WINDOWS\System32\asusgsb.inf
[2009/10/02 22:43:37 | 00,069,232 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/02 22:43:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/10/02 22:42:20 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/10/02 22:42:20 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/10/02 22:42:20 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/10/02 22:42:19 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/10/02 22:42:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/10/02 22:42:18 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/10/02 22:42:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009/10/02 22:42:16 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/10/02 22:42:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/10/02 22:42:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009/10/02 22:42:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/10/02 22:42:16 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/10/02 22:42:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/10/02 22:42:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009/10/02 22:42:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009/10/02 22:42:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/10/02 22:42:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/10/02 22:42:13 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/10/02 22:42:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009/10/02 22:42:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009/10/02 22:42:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/10/02 22:42:11 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/10/02 22:42:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009/10/02 22:42:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/10/02 22:42:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009/10/02 22:42:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/10/02 22:42:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/10/02 22:42:11 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/10/02 22:42:09 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009/10/02 22:42:09 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009/10/02 22:42:09 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/10/02 22:42:09 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/10/02 22:42:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/10/02 22:42:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/10/02 22:42:07 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009/10/02 22:42:07 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/10/02 22:42:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009/10/02 22:42:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009/10/02 22:42:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009/10/02 22:42:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/10/02 22:42:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/10/02 22:42:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/10/02 22:42:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/10/02 22:42:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/10/02 22:42:01 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/10/02 22:41:49 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/10/02 22:40:10 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/10/02 22:40:10 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/10/02 22:40:09 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/10/02 22:40:09 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/10/02 22:40:09 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/10/02 22:40:09 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/10/02 22:40:09 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/10/02 22:40:09 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/10/02 22:39:28 | 00,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/02 22:38:34 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2009/10/02 22:38:31 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/10/02 22:35:49 | 00,014,505 | R--- | C] () -- C:\WINDOWS\atiogl.xml
[2009/10/02 22:35:47 | 00,007,167 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2009/10/02 22:35:45 | 00,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/10/02 22:35:44 | 03,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/10/02 22:35:43 | 03,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009/10/02 22:35:43 | 00,174,820 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/02 22:32:40 | 00,002,422 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2009/10/02 22:11:43 | 00,031,656 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-0000000C-00001102-00000004-00531102}.rfx
[2009/10/02 22:11:43 | 00,031,656 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-0000000C-00001102-00000004-00531102}.rfx
[2009/10/02 22:11:43 | 00,028,968 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000C-00001102-00000004-00531102}.rfx
[2009/10/02 22:11:43 | 00,028,968 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000C-00001102-00000004-00531102}.rfx
[2009/10/02 22:11:43 | 00,011,564 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-0000000C-00001102-00000004-00531102}.rfx
[2009/10/02 22:11:43 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/10/02 22:11:43 | 00,001,080 | ---- | C] () -- C:\WINDOWS\System32\settings.sfm
[2009/10/02 22:11:35 | 06,417,058 | -H-- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\IconCache.db
[2009/10/02 22:07:26 | 00,005,464 | ---- | C] () -- C:\WINDOWS\{00000000-00000000-0000000C-00001102-00000004-00531102}.CDF
[2009/10/02 22:06:51 | 00,007,406 | ---- | C] () -- C:\WINDOWS\System32\SBAudigy.ico
[2009/10/02 22:06:51 | 00,001,912 | ---- | C] () -- C:\WINDOWS\System32\Audigy.bmp
[2009/10/02 22:05:57 | 00,086,446 | R--- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/10/02 22:05:57 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/10/02 22:05:57 | 00,000,191 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/10/02 22:05:30 | 07,572,224 | ---- | C] () -- C:\WINDOWS\System32\CT8MGM.SF2
[2009/10/02 22:05:29 | 04,174,814 | ---- | C] () -- C:\WINDOWS\System32\CT4MGM.SF2
[2009/10/02 22:05:24 | 29,705,938 | ---- | C] () -- C:\WINDOWS\System32\28MBGM.sf2
[2009/10/02 21:58:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Paul\Application Data\desktop.ini
[2009/10/02 21:57:01 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/02 21:56:45 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/10/02 21:55:56 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/02 21:55:47 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/10/02 21:55:16 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/10/02 21:55:16 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/10/02 21:55:14 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/10/02 21:54:58 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/10/02 21:54:57 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/10/02 21:54:48 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/10/02 21:54:47 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/10/02 21:54:44 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/10/02 21:54:35 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/10/02 21:54:31 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/10/02 21:54:14 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/10/02 21:54:10 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/10/02 21:54:10 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/10/02 21:54:10 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/10/02 21:54:10 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/10/02 21:54:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/10/02 21:54:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/10/02 21:54:10 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/10/02 21:54:09 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/10/02 21:54:09 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/10/02 21:54:09 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/10/02 21:54:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/10/02 21:54:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/10/02 21:54:09 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/10/02 21:54:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/10/02 21:54:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/10/02 21:54:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/10/02 21:54:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/10/02 21:54:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/10/02 21:54:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/10/02 21:54:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/10/02 21:54:08 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/10/02 21:54:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/10/02 21:54:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/10/02 21:54:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/10/02 21:54:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/10/02 21:54:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/10/02 21:54:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/10/02 21:54:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/10/02 21:54:07 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/10/02 21:54:06 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/10/02 21:54:06 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/10/02 21:54:06 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/10/02 21:54:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/10/02 21:54:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/10/02 21:54:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/10/02 21:54:06 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/10/02 21:54:05 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/10/02 21:54:05 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/10/02 21:54:05 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/10/02 21:54:05 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/10/02 21:54:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/10/02 21:54:05 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/10/02 21:54:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/10/02 21:54:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/10/02 21:54:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/10/02 21:54:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/10/02 21:54:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/10/02 21:54:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/10/02 21:54:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/10/02 21:54:04 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/10/02 21:54:03 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/10/02 21:54:03 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/10/02 21:54:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/10/02 21:54:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/10/02 21:54:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/10/02 21:54:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/10/02 21:54:02 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/10/02 21:54:02 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/10/02 21:54:02 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/10/02 21:54:01 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/10/02 21:53:09 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/02 21:53:09 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/10/02 21:53:09 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/10/02 21:53:09 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/10/02 21:53:09 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/10/02 21:53:01 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/10/02 21:53:01 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/10/02 21:53:00 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/10/02 21:51:56 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/10/02 21:51:56 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/10/02 21:51:51 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/10/02 21:51:33 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/10/02 21:51:02 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/10/02 21:51:02 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/10/02 21:50:55 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/10/02 21:49:48 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/02 21:48:55 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/10/02 21:48:55 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/10/02 21:48:55 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/10/02 21:48:55 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/10/02 21:48:54 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/10/02 21:48:54 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/10/02 21:48:54 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/10/02 21:48:54 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/10/02 21:48:54 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/10/02 21:48:54 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/10/02 21:48:54 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/10/02 21:48:54 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/10/02 21:48:53 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/10/02 21:48:53 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/10/02 21:48:53 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/10/02 21:48:53 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/10/02 21:48:53 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/10/02 21:48:53 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/10/02 21:48:53 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/10/02 21:48:51 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/10/02 21:48:51 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/10/02 21:48:50 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/10/02 21:48:43 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
========== LOP Check ==========
[2009/10/09 13:46:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/03 18:31:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009/10/02 22:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2009/10/08 21:22:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2009/10/06 20:32:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/10/09 13:37:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/10/08 21:25:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Temp
[2009/10/02 23:02:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Virgin Broadband
[2009/10/09 13:46:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Paul\Application Data
[2009/10/03 18:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Ashampoo
[2009/10/02 22:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ATI
[2009/10/08 22:16:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\BitTorrent
[2009/10/08 21:22:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\CyberLink
[2009/10/04 21:53:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Smart Recorder
[2009/10/02 22:54:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Virgin Broadband
[2009/10/08 22:00:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Vso
[2009/10/06 22:02:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Windows Desktop Search
[2009/10/07 21:10:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Windows Search
[2004/08/04 13:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/09 10:42:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\system32\eventlog.dll >
[2008/04/14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files]
< %systemroot%\system32\scecli.dll >
[2008/04/14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files]
< %systemroot%\netlogon.dll >
< %systemroot%\system32\cngaudit.dll >
< %systemroot%\system32\sceclt.dll >
< %systemroot%\ntelogon.dll >
< %systemroot%\system32\logevent.dll >
========== Files - Unicode (All) ==========
[2009/10/02 23:04:43 | 00,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/10/02 23:04:43 | 00,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????????????????????g) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
< End of report >
