Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I'm getting thousands of Symantec email pop-ups, Please help!


  • This topic is locked This topic is locked

#1
skinnypig

skinnypig

    Member

  • Member
  • PipPip
  • 44 posts
I'm getting hundreds and hundreds of pop-ups from Symantec about an email proxy. It would seem that my computer is sending out thousands of spam emails all by itself.
I've run scans with Norton, AVG, Malwarebytes and Super spyware killer. they've all found and dealt with various Trojans and tracking cookies but none of this has stopped my presumably still infected computer from sending spam.

I've disabled Symantec's outbound email scanner to stop the pop-ups but this obviously doesn't solve the whole problem; so any help would be really greatly appreciated.
  • 0

Advertisements


#2
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hello skinnypig and welcome to G2G!

My name is Cold Titanium :) , and I will be assisting you with your problem. I am still in training, so all my replies need to be checked by an expert first. So there may be a slight delay in between replies.

Please follow all of my instructions without skipping anything. Also, please refrain from experimenting around whilst I am helping you. At times some of the things I tell you to do may seem unnecessary and frustrating, but just stick to it and we'll get through :)

:) Note: Please save these instructions in a file or print them out, as the internet may not be available while we are fixing the system.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Step #1

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top make sure it is set to Standard Output.
  • Ensure the Use SafeList is selected for Extra Registry
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    msconfig
    safebootminimal
    safebootnetwork
    activex
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



  • Click the Run Scan button. Do not change any settings unless otherwise told to do so.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.



Step #2

  • Download GMER to your desktop
  • Right-Click and extract it to the desktop
  • Double-Click gmer.exe
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. (Please be patient as it can take some time to complete)

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


After it finishes scanning
  • Click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it to your desktop

Post ark.txt in your next reply


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I would like to see OTL.txt, Extras.txt, and ark.txt in your next reply. Please do not attach the logs or post them in Quote or Code boxes, just post them plain. :)
  • 0

#3
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
thanks a lot, here's the requested scan results:
OTListIt.Txt:
------------------
OTL logfile created on: 26/07/2010 03:11:31 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\geoffrey\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 13.33 Gb Free Space | 9.32% Space Free | Partition Type: NTFS
Drive D: | 7.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.39 Gb Total Space | 0.30 Gb Free Space | 4.07% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-42CACB7C
Current User Name: geoffrey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/26 00:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\geoffrey\Desktop\OTL.exe
PRC - [2010/07/20 17:59:33 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/20 17:59:32 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/20 17:59:31 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/20 17:59:28 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/07/20 17:59:15 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/07/20 17:58:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/19 18:50:45 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/01/12 01:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/13 02:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/04 00:42:08 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2007/08/04 00:35:38 | 002,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2007/08/04 00:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/05 23:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 23:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 23:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 22:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 22:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/06/22 19:45:54 | 000,106,496 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
PRC - [2007/06/08 00:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2007/04/26 18:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2007/04/09 19:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/04/09 02:24:32 | 000,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
PRC - [2007/03/16 13:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe
PRC - [2007/03/16 13:26:18 | 000,031,840 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe
PRC - [2007/03/14 23:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2007/03/14 23:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2007/02/08 21:19:44 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2007/02/08 21:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/02/08 21:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 21:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/01/30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/10 06:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/29 03:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2006/11/13 20:23:40 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2006/11/13 19:10:00 | 000,478,800 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2006/11/12 06:03:16 | 001,405,012 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2006/11/12 05:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2006/11/08 18:28:52 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/11/08 18:20:58 | 000,950,272 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/11/08 18:14:00 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/11/03 04:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/10/23 09:48:20 | 000,040,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2006/09/06 08:38:44 | 000,054,824 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2006/05/24 05:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/19 00:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/28 00:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
PRC - [2004/03/25 19:35:26 | 001,732,608 | ---- | M] (Adobe Systems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
PRC - [2001/01/19 11:00:00 | 000,068,608 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
PRC - [2000/11/17 09:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


========== Modules (SafeList) ==========

MOD - [2010/07/26 00:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\geoffrey\Desktop\OTL.exe
MOD - [2007/08/04 00:42:18 | 000,660,792 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
MOD - [2007/08/04 00:42:10 | 002,094,392 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
MOD - [2007/08/04 00:28:10 | 001,324,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
MOD - [2007/08/04 00:28:06 | 000,714,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dll
MOD - [2007/08/04 00:28:02 | 005,174,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_lenovo_res.dll
MOD - [2007/08/04 00:27:46 | 001,910,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dll
MOD - [2007/08/04 00:27:42 | 000,800,056 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dll
MOD - [2007/08/04 00:19:10 | 000,664,888 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dll
MOD - [2007/08/04 00:19:06 | 000,386,360 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dll
MOD - [2007/08/04 00:09:58 | 000,066,872 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_lenovo_res2.dll
MOD - [2006/11/12 06:09:38 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2004/08/04 13:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2004/08/04 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/08/04 13:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2004/08/04 13:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/20 17:58:52 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/06/16 10:48:04 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/01/30 01:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/12 01:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/13 02:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/13 02:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/04 00:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/05 23:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 23:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/06/22 19:45:54 | 000,106,496 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2007/06/08 00:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/04/09 02:24:32 | 000,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2007/03/16 13:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007/03/14 23:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007/03/14 23:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2007/02/08 21:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/02/08 21:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 21:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/01/30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/14 08:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 04:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/12 05:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/11/08 18:28:52 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/11/08 18:20:58 | 000,950,272 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/11/08 18:14:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/11/03 04:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/05/24 05:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/04/14 18:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006/04/14 18:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/04/14 18:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/11/14 09:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 11:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2004/03/25 19:35:26 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)
SRV - [2000/11/17 09:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2010/07/20 18:00:20 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/20 18:00:13 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/07/20 18:00:13 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/07/20 17:03:14 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2010/07/15 09:13:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/15 09:13:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/15 09:13:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/15 09:13:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/23 20:37:11 | 000,264,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20100720.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/08/03 19:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 19:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 19:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 19:07:10 | 000,035,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/03 19:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 19:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/06/16 10:46:54 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/05/26 08:54:25 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/05/26 08:53:22 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/14 17:20:08 | 000,020,936 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb22ldr.sys -- (USB22LDR)
DRV - [2007/11/14 17:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2007/08/10 06:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/17 05:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/05/22 23:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/22 08:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/09 19:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/04/04 02:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/04/02 19:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/02/26 04:59:10 | 005,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/02/24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 23:46:42 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/16 23:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/02/12 18:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/08 20:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/01/24 01:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 13:48:48 | 001,711,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/11/13 02:41:20 | 000,862,922 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/11/08 21:49:42 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/06 09:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/30 02:51:40 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/09/06 09:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/06 09:08:40 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/06 09:06:28 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)
DRV - [2006/09/06 09:06:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)
DRV - [2006/09/05 19:07:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)
DRV - [2006/09/05 19:07:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)
DRV - [2006/08/30 06:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/05/24 19:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2006/05/19 06:24:20 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/08 17:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/01/07 22:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 12:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 07:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 07:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/11 07:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.co...me/3000notebook [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {665202A7-07EB-4212-BE77-9558103271F2}:1.9.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845

FF - HKLM\software\mozilla\Firefox\extensions\\{665202A7-07EB-4212-BE77-9558103271F2}: C:\Documents and Settings\geoffrey\Local Settings\Application Data\{665202A7-07EB-4212-BE77-9558103271F2} [2010/07/20 14:08:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/20 18:12:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 02:05:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 02:05:02 | 000,000,000 | ---D | M]

[2008/08/21 14:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geoffrey\Application Data\Mozilla\Extensions
[2010/07/20 14:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geoffrey\Application Data\Mozilla\Firefox\Profiles\ehu2i5nk.default\extensions
[2010/04/27 13:35:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\geoffrey\Application Data\Mozilla\Firefox\Profiles\ehu2i5nk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/20 14:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/26 02:54:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/12 14:51:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 14:51:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 14:51:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 14:51:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/20 16:48:55 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [Dyalorecewekif] C:\WINDOWS\ucopasuy.DLL File not found
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [Dcuhuwud] C:\WINDOWS\bLaHolb.DLL File not found
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\geoffrey\Application Data\ogix.exe) - C:\Documents and Settings\geoffrey\Application Data\ogix.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\tphotkey: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - Reg Error: Key error. File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\geoffrey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\geoffrey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/26 00:51:54 | 000,000,188 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{4a5dd6e6-5d3a-11de-b80f-001eec0a93d0}\Shell\AutoRun\command - "" = E:\RECYCO\avorun.exe -- [2010/07/25 19:30:52 | 000,131,072 | RHS- | M] ()
O33 - MountPoints2\{4a5dd6e6-5d3a-11de-b80f-001eec0a93d0}\Shell\open\command - "" = E:\RECYCO\avorun.exe -- [2010/07/25 19:30:52 | 000,131,072 | RHS- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A7A2256D-1FD3-493D-C31F-F01E940BC581} - Microsoft Windows Media Player
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: Midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\ma_cmidn.dll (M-Audio)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\Vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183528496136192)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/26 02:56:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\geoffrey\Desktop\OTL.exe
[2010/07/22 21:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geoffrey\Local Settings\Application Data\Identities
[2010/07/22 08:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geoffrey\Application Data\SUPERAntiSpyware.com
[2010/07/22 08:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/22 08:36:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/07/21 12:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/20 19:04:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/20 18:06:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/07/20 18:00:20 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/20 18:00:18 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/20 18:00:13 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/20 18:00:11 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/20 18:00:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010/07/20 17:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/20 17:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/20 17:03:14 | 000,010,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2010/07/20 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geoffrey\Application Data\Malwarebytes
[2010/07/20 15:06:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/20 15:06:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/20 15:06:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/20 15:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/20 14:53:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/20 14:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geoffrey\Local Settings\Application Data\{665202A7-07EB-4212-BE77-9558103271F2}
[2010/07/20 14:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geoffrey\Local Settings\Application Data\ehrafxjep
[2010/07/14 01:17:46 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2008/05/26 08:33:59 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/05/26 08:33:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/26 03:17:15 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\olmonie.sys
[2010/07/26 03:06:52 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/07/26 03:05:21 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/07/26 03:05:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/26 03:05:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/26 02:50:26 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/26 00:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\geoffrey\Desktop\OTL.exe
[2010/07/25 19:30:52 | 000,131,072 | RHS- | M] () -- C:\Documents and Settings\geoffrey\Application Data\ogix.exe
[2010/07/25 02:48:26 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\geoffrey\NTUSER.DAT
[2010/07/25 02:48:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\geoffrey\ntuser.ini
[2010/07/25 02:25:01 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/07/25 02:20:41 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\geoffrey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/23 05:34:48 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1623880038-1315426461-3159198203-1008.job
[2010/07/22 17:54:48 | 062,322,183 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/22 13:29:28 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/07/22 08:36:08 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/21 12:27:29 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\geoffrey\Desktop\HijackThis.lnk
[2010/07/20 20:15:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\WinInit.ini
[2010/07/20 18:00:22 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/07/20 18:00:22 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/20 18:00:20 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/07/20 18:00:13 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/07/20 18:00:13 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/07/20 18:00:11 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/20 17:03:14 | 000,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2010/07/20 15:06:47 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 14:08:07 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xsogohidimenip.dat
[2010/07/20 14:08:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Shedom.bin
[2010/07/20 14:06:34 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2010/07/20 13:28:22 | 000,000,243 | ---- | M] () -- C:\WINDOWS\Caligari.ini
[2010/07/15 03:17:58 | 078,007,495 | ---- | M] () -- C:\Documents and Settings\geoffrey\Desktop\atish-worker.wmv
[2010/07/13 12:20:15 | 105,520,149 | R--- | M] () -- C:\Documents and Settings\geoffrey\Desktop\alice2ebvibe.wmv
[2010/07/13 03:31:53 | 086,663,705 | ---- | M] () -- C:\Documents and Settings\geoffrey\Desktop\aliceBeb.wmv
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/26 02:54:04 | 000,131,072 | RHS- | C] () -- C:\Documents and Settings\geoffrey\Application Data\ogix.exe
[2010/07/22 08:36:08 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/07/21 12:27:28 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\geoffrey\Desktop\HijackThis.lnk
[2010/07/20 20:15:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2010/07/20 18:28:22 | 000,000,389 | ---- | C] () -- C:\Documents and Settings\geoffrey\avgrep.txt
[2010/07/20 18:00:22 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG Free 9.0.lnk
[2010/07/20 18:00:11 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/07/20 18:00:05 | 062,322,183 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/07/20 15:06:47 | 000,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 14:08:07 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xsogohidimenip.dat
[2010/07/20 14:08:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shedom.bin
[2010/07/20 14:06:40 | 000,766,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\olmonie.sys
[2010/07/20 14:06:32 | 000,000,150 | ---- | C] () -- C:\zrpt.xml
[2010/07/20 13:59:12 | 000,013,160 | ---- | C] () -- C:\Documents and Settings\geoffrey\hs_err_pid4896.log
[2010/07/15 03:17:58 | 078,007,495 | ---- | C] () -- C:\Documents and Settings\geoffrey\Desktop\atish-worker.wmv
[2010/07/13 12:20:15 | 105,520,149 | R--- | C] () -- C:\Documents and Settings\geoffrey\Desktop\alice2ebvibe.wmv
[2010/07/13 03:31:53 | 086,663,705 | ---- | C] () -- C:\Documents and Settings\geoffrey\Desktop\aliceBeb.wmv
[2010/05/06 13:54:48 | 000,000,114 | ---- | C] () -- C:\WINDOWS\downloaded.ini
[2009/05/31 02:51:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/14 02:12:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/16 14:32:51 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/16 14:32:51 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/12 05:31:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/10/12 05:31:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/10/12 05:31:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/10/12 05:31:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/10/12 05:31:26 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/10/12 05:30:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2008/08/31 10:09:51 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\DSE2_DFT.dll
[2008/08/22 07:49:54 | 000,000,243 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2008/08/22 02:06:33 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/22 02:06:33 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5922AEFE77.sys
[2008/05/26 09:11:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/26 08:52:52 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/05/26 08:43:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/05/26 08:43:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/05/26 08:43:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/05/26 08:43:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/05/26 08:43:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/05/26 08:43:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/05/26 08:37:29 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/26 08:37:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2008/05/26 08:35:44 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/05/26 08:34:44 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/05/26 08:34:00 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/05/26 08:34:00 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2007/08/16 11:28:38 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/08/16 11:28:27 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/06/27 17:13:51 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2007/02/09 20:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/12 05:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/04/30 08:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 08:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/17 19:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 19:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 20:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/04/30 08:13:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/08/21 13:50:00 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2006/04/30 08:13:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/05/26 08:44:15 | 000,001,496 | ---- | M] () -- C:\drivez.log
[2006/04/30 08:13:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/04/30 08:13:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/27 08:03:22 | 000,250,048 | RHS- | M] () -- C:\NTLDR
[2010/07/26 03:05:04 | 2646,605,824 | -HS- | M] () -- C:\pagefile.sys
[2008/05/26 08:36:14 | 000,000,542 | ---- | M] () -- C:\RHDSetup.log
[2010/07/20 19:45:08 | 000,000,422 | ---- | M] () -- C:\rkill.log
[2008/05/26 08:34:48 | 000,000,086 | ---- | M] () -- C:\setup.log
[2009/06/15 11:33:12 | 008,368,350 | ---- | M] () -- C:\sma.txt
[2008/05/26 08:22:51 | 000,000,083 | ---- | M] () -- C:\syslevel.lgl
[2010/07/22 13:27:42 | 000,013,944 | ---- | M] () -- C:\TPHKLOCK.TXT
[2010/07/20 14:06:34 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
[2 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/04/30 08:12:53 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/06 06:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD8O.DLL
[2006/11/06 06:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP8O.DLL
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008/07/06 11:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/04/30 01:03:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/04/30 01:03:02 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/04/30 01:03:02 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2005/03/02 19:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\system32\user32.dll
[17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll
[17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 13:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll
[17 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 02:03:50

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >
  • 0

#4
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
Extras.Txt:
-------------------------
OTL Extras logfile created on: 26/07/2010 03:11:31 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\geoffrey\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 13.33 Gb Free Space | 9.32% Space Free | Partition Type: NTFS
Drive D: | 7.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.39 Gb Total Space | 0.30 Gb Free Space | 4.07% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-42CACB7C
Current User Name: geoffrey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{077C74E2-A2A8-11D5-8CD5-00104BB9CE36}" = Speech
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{1007F41F-7D69-468E-8017-3849A5A973C2}" = ThinkVantage Technologies Welcome Message
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{12FE6BA3-731D-40BC-A9CF-6BC10E019CEE}" = Carrara 6 Render Node
"{1EC60864-A294-44BF-984A-3E8867D74EA2}" = Adobe After Effects 6.0
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 17
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2BD5C305-1B27-4D41-B690-7A61172D2FEB}" = Macromedia Flash 8
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = Series II MIDI
"{39612766-BE78-4F2E-9A74-C70117FB4896}" = SymNet
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Integrated Camera
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.32
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5F97C1E7-E37D-4CB4-B817-7B59AAF81F14}" = Carrara 6 Pro
"{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"{6280149E-EFF3-4F1B-BD43-5B7EDD6F620A}" = Lenovo Care Supplement
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{796E076A-82F7-4D49-98C8-DEC0C3BC733A}" = Diskeeper Lite
"{79D56DFD-D28E-4289-BED2-32A6342A305B}" = Corel Business Center
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7FC3BBEC-5A91-41B0-9CB8-960EC4421411}" = InterVideo WinDVD Creator 3
"{830D8CBD-C668-49e2-A969-C2C2106332E0}" = Norton AntiVirus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = Lenovo Bluetooth with Enhanced Data Rate Software
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{986F64DC-FF15-449D-998F-EE3BCEC6666A}" = Help Center
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A04BF5DC-6DD3-4B6D-BABD-B1BC5DB23CF0}" = Ulead DVD Workshop
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A52A504E-18BE-4821-9A2A-BFB4542DA0BD}" = Lenovo PM Driver
"{A600F230-62FF-43CC-98FB-19694AFA7F27}" = Hexagon 2
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B293806D-4407-4287-A00C-E9064174EF89}" = Network Magic
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP1
"{B334D9AE-1393-423E-97C0-3BDC3360E692}" = Sonic Icons for Lenovo
"{B4342A07-E2C7-4A8B-9145-CBDEE750BCE3}" = VOCALOID2 Voice DB (Miku)
"{B6588186-9657-486C-AEB1-F57D8E160F19}" = VOCALOID2 Expression DB (Standard)
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C54ED2B6-1AF2-416F-BBA8-5E2B8CDCB5C4}" = XP Themes
"{C6876FE6-A314-4628-B0D7-F3EE5E35C4B4}" = Windows Live Toolbar
"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF52099A-3BEA-4C41-AEA8-1E190F04D737}" = Lenovo Care
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D52ECEBC-9B20-41A5-81C4-A62DE2367419}" = Adobe Creative Suite
"{D9B2A9FA-C829-426E-9E87-0E977AED2B97}" = Symantec Real Time Storage Protection Component
"{DB71210F-8314-4AE3-B7A7-EBAF85BD30E9}" = Wallpapers
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{E7E836B8-4BDD-454F-82E6-5FEA17C83AD4}" = Message Center
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC422FB2-9F4D-4FB1-A5CE-5F741132EBC5}" = Lenovo Fingerprint Software
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F055E1B2-8A05-4D87-8039-1BE979BA4193}" = Client Security Solution
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F151F2B3-0C32-44D3-90E2-E639B8024622}" = Rescue and Recovery
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F1C1C21B-F56E-400B-B0B0-270D817889F3}" = VOCALOID2 Editor V2.0.2.4J
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Arturia CS-80V v1.2" = Arturia CS-80V v1.2
"ASIO4ALL" = ASIO4ALL
"Ask Toolbar_is1" = Vuze Toolbar
"AVG9Uninstall" = AVG Free 9.0
"AwayTask" = Maintenance Manager
"broomstickbass-1.0.0" = Broomstick Bass 1.0.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP1
"Caligari trueSpace6_is1" = Caligari trueSpace6
"Collab" = Collab
"Digital Media LE" = Roxio Digital Media LE
"EPSON Printer and Utilities" = EPSON Printer Software
"FL Studio 8" = FL Studio 8
"fragMOTION 1.0.0_is1" = fragMOTION 1.0.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InstallShield_{62715632-A555-4D9E-9CEC-4F84EB55B07B}" = PM Driver
"Lenovo Registration" = Lenovo Registration
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Magic Bullet Suite 2.1" = Magic Bullet Suite 2.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MMF2 SWF File Exporter" = MMF2 SWF File Exporter
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multimedia Fusion 2" = Multimedia Fusion 2
"Multimedia Fusion 2 - HWA" = Multimedia Fusion 2 - HWA
"Multimedia Fusion Developer 2" = Multimedia Fusion Developer 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OnScreenDisplay" = On Screen Display
"PC-Doctor 5 for Windows" = PC-Doctor 5 for Windows
"PCMCIAPW" = ThinkPad PC Card Power Policy
"Picasa2" = Picasa 2
"PoiZone" = PoiZone
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel® PROSet/Wireless Software
"SymSetupTemp.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Toxic Biohazard" = Toxic Biohazard
"Trapcode 3DStroke" = Trapcode 3DStroke
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"VLC media player" = VLC media player 0.9.2
"VueScan" = VueScan
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24/07/2010 05:34:37 | Computer Name = LENOVO-42CACB7C | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 24/07/2010 20:58:59 | Computer Name = LENOVO-42CACB7C | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 24/07/2010 20:59:24 | Computer Name = LENOVO-42CACB7C | Source = Application Error | ID = 1000
Description = Faulting application rrservice.exe, version 4.0.123.0, faulting module
rrservice.exe, version 4.0.123.0, fault address 0x000018ff.

Error - 24/07/2010 21:01:09 | Computer Name = LENOVO-42CACB7C | Source = Application Error | ID = 1004
Description = Faulting application rrservice.exe, version 4.0.123.0, faulting module
rrservice.exe, version 4.0.123.0, fault address 0x000018ff.

Error - 25/07/2010 21:51:55 | Computer Name = LENOVO-42CACB7C | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 25/07/2010 21:53:41 | Computer Name = LENOVO-42CACB7C | Source = Application Error | ID = 1000
Description = Faulting application rrservice.exe, version 4.0.123.0, faulting module
rrservice.exe, version 4.0.123.0, fault address 0x000018ff.

Error - 25/07/2010 22:06:24 | Computer Name = LENOVO-42CACB7C | Source = WinMgmt | ID = 28
Description = WinMgmt could not initialize the core parts. This could be due to
a badly installed version of WinMgmt, WinMgmt repository upgrade failure, insufficient
disk space or insufficient memory.

Error - 25/07/2010 22:06:35 | Computer Name = LENOVO-42CACB7C | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 25/07/2010 22:07:27 | Computer Name = LENOVO-42CACB7C | Source = Application Error | ID = 1004
Description = Faulting application rrservice.exe, version 4.0.123.0, faulting module
rrservice.exe, version 4.0.123.0, fault address 0x000018ff.

Error - 25/07/2010 22:09:13 | Computer Name = LENOVO-42CACB7C | Source = Application Error | ID = 1004
Description = Faulting application rrservice.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 20/07/2010 18:45:51 | Computer Name = LENOVO-42CACB7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 20/07/2010 18:45:59 | Computer Name = LENOVO-42CACB7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 20/07/2010 18:46:14 | Computer Name = LENOVO-42CACB7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 20/07/2010 18:49:59 | Computer Name = LENOVO-42CACB7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 20/07/2010 19:06:38 | Computer Name = LENOVO-42CACB7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 20/07/2010 20:28:02 | Computer Name = LENOVO-42CACB7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 20/07/2010 20:29:00 | Computer Name = LENOVO-42CACB7C | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 21/07/2010 22:55:27 | Computer Name = LENOVO-42CACB7C | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.

Error - 22/07/2010 07:18:59 | Computer Name = LENOVO-42CACB7C | Source = DCOM | ID = 10010
Description = The server {60C70E11-2B08-4798-B366-C8450CDA7B1A} did not register
with DCOM within the required timeout.

Error - 25/07/2010 21:56:03 | Computer Name = LENOVO-42CACB7C | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >
  • 0

#5
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
and ARK.txt:
--------------------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-26 08:18:05
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\geoffrey\LOCALS~1\Temp\awkcrfog.sys


---- System - GMER 1.0.15 ----

SSDT 89F84438 ZwAlertResumeThread
SSDT 89C1E138 ZwAlertThread
SSDT 89CE41F0 ZwAllocateVirtualMemory
SSDT 89BE6D88 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x99FEC020] <-- ROOTKIT !!!
SSDT 89BE3008 ZwCreateMutant
SSDT 89D0B0F0 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x99FEC2A0] <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x99FEC800] <-- ROOTKIT !!!
SSDT 89B930A8 ZwFreeVirtualMemory
SSDT 89F4A008 ZwImpersonateAnonymousToken
SSDT 89C60A70 ZwImpersonateThread
SSDT 89B71008 ZwMapViewOfSection
SSDT 89CFD460 ZwOpenEvent
SSDT 89F4DEF8 ZwOpenProcessToken
SSDT 89B92008 ZwOpenThreadToken
SSDT 8A0D4700 ZwResumeThread
SSDT 89BE45F8 ZwSetContextThread
SSDT 89F4BDA8 ZwSetInformationProcess
SSDT 89CE9008 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x99FECA50] <-- ROOTKIT !!!
SSDT 8A08A180 ZwSuspendProcess
SSDT 89DAE6E0 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x99E47620] <-- ROOTKIT !!!
SSDT 89C126E0 ZwTerminateThread
SSDT 89BE2888 ZwUnmapViewOfSection
SSDT 89CE4160 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text olmonie.sys F7436030 173 Bytes [68, 8B, D5, BB, A2, FF, 34, ...]
.text olmonie.sys F743619E 38 Bytes [34, 24, FF, 74, 24, 04, 66, ...]
.text olmonie.sys F74361C5 53 Bytes [00, 0F, 90, C0, D0, C8, 0F, ...]
.text olmonie.sys F74361FB 46 Bytes [24, 89, 64, 24, 08, 60, FF, ...]
.text olmonie.sys F743622A 40 Bytes [B6, F2, 0F, B6, F2, 89, 44, ...]
.text ...
? C:\WINDOWS\system32\drivers\olmonie.sys A device attached to the system is not functioning.
PAGE Ntfs.sys BA798E88 4 Bytes CALL 8ABDF609

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AB654A0

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] olmonie <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\olmonie@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\olmonie@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\olmonie@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\olmonie@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\olmonie@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\olmonie@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\olmonie@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\olmonie@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ Wireless
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ProcessGroupPolicy ProcessWIRELESSPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ Folder Redirection
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@DllName fdeploy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@EventSources (Folder Redirection,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ QoS Packet Scheduler
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ProcessGroupPolicy ProcessPSCHEDPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ Scripts
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicy ProcessScriptsGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicyEx ProcessScriptsGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@GenerateGroupPolicy GenerateScriptsGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NotifyLinkTransition 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @iedkcs32.dll,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @iedkcs32.dll,-3014
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ IP Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ProcessGroupPolicy ProcessIPSECPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@DllName ACNotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Startup ACNotifyWLEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Logon ACNotifyWLEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Unlock ACNotifyWLEventUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Logoff ACNotifyWLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Lock ACNotifyWLEventLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Shutdown ACNotifyWLEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName igfxdev.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@Unlock WinlogonUnlockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@DllName C:\Program Files\Lenovo\HOTKEY\tphklock.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Startup WLEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Shutdown WLEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Logon WLEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Logoff WLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Lock WLEventLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Unlock WLEventUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET 0

---- EOF - GMER 1.0.15 ----
  • 0

#6
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Firstly:

Your computer has more than one Antivirus programs installed! The different Antiviruses can conflict, and they can also cause your computer to bog down. Having multiple Antiviruses on your computer actually places it at greater risk of infection, since all the Antiviruses are fighting each other. Please only use one.

:) Note: I noticed that you have AVG, and Symantec/Norton installed. Get rid of AVG for now. If you have a paid subscription to one of these Antiviruses, you should get rid of the free ones and then use the remaining time. Let me know what you decide. :)



Howdy skinnypig!

Yep, you've got some nasties on that system. Let's clean 'em up!



Step #1


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Step #2


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Dyalorecewekif] C:\WINDOWS\ucopasuy.DLL File not found
    O4 - HKCU..\Run: [Dcuhuwud] C:\WINDOWS\bLaHolb.DLL File not found
    O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\geoffrey\Application Data\ogix.exe) - C:\Documents and Settings\geoffrey\Application Data\ogix.exe ()
    O32 - AutoRun File - [2010/07/26 00:51:54 | 000,000,188 | ---- | M] () - E:\autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{4a5dd6e6-5d3a-11de-b80f-001eec0a93d0}\Shell\AutoRun\command - "" = E:\RECYCO\avorun.exe -- [2010/07/25 19:30:52 | 000,131,072 | RHS- | M] ()
    O33 - MountPoints2\{4a5dd6e6-5d3a-11de-b80f-001eec0a93d0}\Shell\open\command - "" = E:\RECYCO\avorun.exe -- [2010/07/25 19:30:52 | 000,131,072 | RHS- | M] ()
    [2010/07/20 14:06:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geoffrey\Local Settings\Application Data\ehrafxjep
    [2010/07/26 03:17:15 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\olmonie.sys
    [2010/07/25 19:30:52 | 000,131,072 | RHS- | M] () -- C:\Documents and Settings\geoffrey\Application Data\ogix.exe
    [2010/07/20 14:08:07 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xsogohidimenip.dat
    [2010/07/20 14:08:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Shedom.bin
    [2010/07/20 14:06:34 | 000,000,150 | ---- | M] () -- C:\zrpt.xml
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Step #3


  • Re-Open gmer.exe
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. (Please be patient as it can take some time to complete)

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


After it finishes scanning
  • Click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it to your desktop

Post ark.txt in your next reply


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Step #4


Please visit VirusTotal

  • Click the Browse button
  • Type or Paste the following into the File Name box

C:\WINDOWS\System32\5922AEFE77.sys

  • Click the big blue Send File button
  • If it says the file has already been analyzed, just click the reanalyze file now button
  • After it finishes, copy and paste all the stuff from the blue and white lines above Additional information

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I'd like to see GooredFix.txt, OTL.txt, ark.txt, and the VirusTotal report in your next reply :)
  • 1

#7
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
awesome!
I've got rid of AVG and Anti Malware Bytes and kept Norton.
Here's GooredFix.txt
--------------------
GooredFix by jpshortstuff (03.07.10.1)
Log created at 01:04 on 28/07/2010 (geoffrey)
Firefox version 3.6.6 (en-GB)

========== GooredScan ==========

Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{665202A7-07EB-4212-BE77-9558103271F2} -> Success!
Deleting C:\Documents and Settings\geoffrey\Local Settings\Application Data\{665202A7-07EB-4212-BE77-9558103271F2} -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [13:32 21/08/2008]
{AB2CE124-6272-4b12-94A9-7303C7397BD1} [01:54 26/03/2010]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [04:56 22/08/2008]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [00:13 10/12/2008]
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [08:28 27/11/2009]

C:\Documents and Settings\geoffrey\Application Data\Mozilla\Firefox\Profiles\ehu2i5nk.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [12:35 27/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [03:51 15/08/2009]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [00:13 10/12/2008]

-=E.O.F=-
  • 0

#8
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
And OTL.txt:
---------------------------------------------
OTL logfile created on: 28/07/2010 01:14:35 - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\geoffrey\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 73.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 13.43 Gb Free Space | 9.39% Space Free | Partition Type: NTFS
Drive D: | 7.32 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 7.39 Gb Total Space | 0.29 Gb Free Space | 3.90% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LENOVO-42CACB7C
Current User Name: geoffrey
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/26 00:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\geoffrey\Desktop\OTL.exe
PRC - [2009/05/26 12:40:52 | 000,755,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SoftwareDistribution\Download\0324c5a28e6362009236ca4e6a4fc546\update\update.exe
PRC - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/01/12 01:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/13 02:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/04 00:42:08 | 000,927,032 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_tray.exe
PRC - [2007/08/04 00:35:38 | 002,630,968 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
PRC - [2007/08/04 00:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
PRC - [2007/07/05 23:05:04 | 000,065,536 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2007/07/05 23:04:18 | 000,114,688 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2007/07/05 23:03:32 | 000,184,320 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2007/07/05 22:58:40 | 000,413,696 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
PRC - [2007/07/05 22:51:48 | 000,126,976 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
PRC - [2007/06/22 19:45:54 | 000,106,496 | ---- | M] (AuthenTec,Inc) -- C:\WINDOWS\system32\FpLogonServ.exe
PRC - [2007/06/08 00:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Lenovo\System Update\SUService.exe
PRC - [2007/04/26 18:10:00 | 000,120,368 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE
PRC - [2007/04/09 19:03:00 | 000,058,416 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
PRC - [2007/04/09 02:24:32 | 000,054,832 | ---- | M] (Lenovo.) -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe
PRC - [2007/03/16 13:26:22 | 000,057,344 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe
PRC - [2007/03/16 13:26:18 | 000,031,840 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\PM Driver\PMHandler.exe
PRC - [2007/03/14 23:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
PRC - [2007/03/14 23:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2007/02/08 21:19:44 | 000,536,576 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
PRC - [2007/02/08 21:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
PRC - [2007/02/08 21:11:32 | 000,569,344 | ---- | M] () -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
PRC - [2007/02/08 21:00:06 | 000,022,016 | ---- | M] () -- C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
PRC - [2007/01/30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2007/01/10 06:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
PRC - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/29 03:48:10 | 000,569,344 | ---- | M] (Sonix) -- C:\WINDOWS\vsnp2uvc.exe
PRC - [2006/11/13 20:23:40 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
PRC - [2006/11/13 19:10:00 | 000,478,800 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2006/11/12 06:03:16 | 001,405,012 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\BTStackServer.exe
PRC - [2006/11/12 05:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe
PRC - [2006/11/08 18:28:52 | 000,434,176 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2006/11/08 18:20:58 | 000,950,272 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2006/11/08 18:14:00 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2006/11/07 11:51:20 | 000,091,688 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
PRC - [2006/11/03 04:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006/10/23 09:48:20 | 000,040,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2006/09/06 08:38:44 | 000,054,824 | ---- | M] () -- C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
PRC - [2006/05/24 05:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/05/19 00:24:06 | 000,196,696 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
PRC - [2004/08/04 13:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/07/28 00:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\Installshield\UpdateService\issch.exe
PRC - [2004/03/25 19:35:26 | 001,732,608 | ---- | M] (Adobe Systems) -- C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
PRC - [2001/01/19 11:00:00 | 000,068,608 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE
PRC - [2000/11/17 09:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe


========== Modules (SafeList) ==========

MOD - [2010/07/26 00:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\geoffrey\Desktop\OTL.exe
MOD - [2007/08/04 00:42:18 | 000,660,792 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
MOD - [2007/08/04 00:42:10 | 002,094,392 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
MOD - [2007/08/04 00:28:10 | 001,324,344 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
MOD - [2007/08/04 00:28:06 | 000,714,040 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_banner.dll
MOD - [2007/08/04 00:28:02 | 005,174,584 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\css_lenovo_res.dll
MOD - [2007/08/04 00:27:46 | 001,910,072 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Client Security Solution\csswait.dll
MOD - [2007/08/04 00:27:42 | 000,800,056 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\cssuserdatadispatcher.dll
MOD - [2007/08/04 00:19:10 | 000,664,888 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tcsrpc.dll
MOD - [2007/08/04 00:19:06 | 000,386,360 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\tvttsp.dll
MOD - [2007/08/04 00:09:58 | 000,066,872 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Common Files\Lenovo\tvt_lenovo_res2.dll
MOD - [2006/11/12 06:09:38 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll
MOD - [2004/08/04 13:00:00 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2004/08/04 13:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/08/04 13:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2004/08/04 13:00:00 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wtsapi32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2009/06/16 10:48:04 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2009/04/02 12:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 12:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/01/30 01:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/12 01:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/09/13 02:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/13 02:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/04 00:10:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)
SRV - [2007/07/05 23:05:04 | 000,065,536 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2007/07/05 23:03:32 | 000,184,320 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2007/06/22 19:45:54 | 000,106,496 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- C:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2007/06/08 00:43:46 | 000,013,312 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2007/04/09 02:24:32 | 000,054,832 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\FnF5svc.exe -- (FNF5SVC)
SRV - [2007/03/16 13:26:22 | 000,057,344 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files\Lenovo\PM Driver\PMSveH.exe -- (PMSveH)
SRV - [2007/03/14 23:42:48 | 000,321,088 | ---- | M] (Pure Networks, Inc.) [Auto | Running] -- C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe -- (nmservice)
SRV - [2007/03/14 23:42:22 | 000,012,800 | ---- | M] (Pure Networks, Inc.) [On_Demand | Stopped] -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe -- (nmraapache)
SRV - [2007/02/08 21:19:36 | 001,118,208 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2007/02/08 21:11:32 | 000,569,344 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe -- (TVT Backup Protection Service)
SRV - [2007/02/08 21:09:58 | 000,950,272 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2007/01/30 04:01:26 | 000,108,080 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2007/01/14 08:11:06 | 000,080,504 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2007/01/13 04:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/10 06:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/05 09:19:28 | 000,047,712 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
SRV - [2007/01/05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/12 05:56:18 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\Lenovo\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2006/11/08 18:28:52 | 000,434,176 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®
SRV - [2006/11/08 18:20:58 | 000,950,272 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel®
SRV - [2006/11/08 18:14:00 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®
SRV - [2006/11/03 04:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/05/24 05:08:06 | 000,622,700 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/04/14 18:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2006/04/14 18:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/04/14 18:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005/11/14 09:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 11:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2004/03/25 19:35:26 | 000,061,440 | ---- | M] (Adobe Sytems) [On_Demand | Stopped] -- C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe -- (AdobeVersionCue)
SRV - [2000/11/17 09:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)


========== Driver Services (SafeList) ==========

DRV - [2010/07/20 17:03:14 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2010/07/15 09:13:00 | 001,362,608 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/07/15 09:13:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/07/15 09:13:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/15 09:13:00 | 000,085,424 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100721.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/06/23 20:37:11 | 000,264,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20100720.001\SymIDSCo.sys -- (SYMIDSCO)
DRV - [2009/08/03 19:07:10 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/08/03 19:07:10 | 000,145,968 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2009/08/03 19:07:10 | 000,039,856 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2009/08/03 19:07:10 | 000,035,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2009/08/03 19:07:10 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/03 19:07:10 | 000,012,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2009/06/16 10:46:54 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/05/26 08:54:25 | 000,033,536 | ---- | M] (Lenovo) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tvtfilter.sys -- (tvtfilter)
DRV - [2008/05/26 08:53:22 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pmemnt.sys -- (pmem)
DRV - [2007/11/30 23:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 23:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 23:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/11/14 17:20:08 | 000,020,936 | ---- | M] (MIDIMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb22ldr.sys -- (USB22LDR)
DRV - [2007/11/14 17:20:04 | 000,031,752 | ---- | M] (M-Audio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ma_cmidi.sys -- (MA_CMIDI)
DRV - [2007/08/10 06:52:44 | 004,603,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/06/17 05:29:08 | 000,146,824 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/05/22 23:59:38 | 000,030,336 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvti2c.sys -- (TVTI2C)
DRV - [2007/05/22 08:59:34 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2007/04/14 02:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/04/09 19:03:00 | 000,012,848 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2007/04/04 02:59:30 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s616bus.sys -- (s616bus) Sony Ericsson Device 616 driver (WDM)
DRV - [2007/04/02 19:24:08 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2007/02/26 04:59:10 | 005,700,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/02/24 22:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 23:46:42 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007/02/16 23:09:06 | 009,598,080 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007/02/12 18:36:54 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/08 20:30:28 | 000,017,664 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tvtpktfilter.sys -- (TVTPktFilter)
DRV - [2007/01/24 01:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/01/24 00:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/15 13:48:48 | 001,711,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETw3x32.sys -- (NETw3x32) Intel®
DRV - [2006/11/13 02:41:20 | 000,862,922 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/11/08 21:49:42 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/11/06 09:23:24 | 000,012,080 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2006/10/30 02:51:40 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/09/06 09:09:26 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59obex.sys -- (se59obex)
DRV - [2006/09/06 09:08:40 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mgmt.sys -- (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/06 09:06:28 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59nd5.sys -- (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS)
DRV - [2006/09/06 09:06:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59unic.sys -- (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM)
DRV - [2006/09/05 19:07:52 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdm.sys -- (se59mdm)
DRV - [2006/09/05 19:07:48 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se59mdfl.sys -- (se59mdfl)
DRV - [2006/08/30 06:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/05/24 19:48:14 | 000,010,240 | ---- | M] (Lenovo ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PMHler.sys -- (PMHler)
DRV - [2006/05/19 06:24:20 | 000,193,088 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2005/11/08 17:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/01/07 22:07:18 | 000,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 13:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2004/08/04 12:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2004/08/04 07:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 07:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/03 23:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/09/11 07:36:54 | 000,021,060 | ---- | M] (InterVideo, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iviaspi.sys -- (Iviaspi)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.co...me/3000notebook [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/29 02:05:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 02:05:02 | 000,000,000 | ---D | M]

[2008/08/21 14:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geoffrey\Application Data\Mozilla\Extensions
[2010/07/20 14:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\geoffrey\Application Data\Mozilla\Firefox\Profiles\ehu2i5nk.default\extensions
[2010/04/27 13:35:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\geoffrey\Application Data\Mozilla\Firefox\Profiles\ehu2i5nk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/20 14:57:44 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/26 02:54:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/12 14:51:48 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 14:51:48 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 14:51:48 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 14:51:48 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/07/20 16:48:55 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CPwmIEBrowserHelper Object) - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe (Adobe Systems)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AMSG] C:\Program Files\ThinkVantage\AMSG\Amsg.exe (LENOVO)
O4 - HKLM..\Run: [AwaySch] C:\Program Files\Lenovo\AwayTask\AwaySch.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [cssauth] C:\Program Files\Lenovo\Client Security Solution\cssauth.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe (Diskeeper Corporation)
O4 - HKLM..\Run: [FingerPrintSoftware] C:\Program Files\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\Installshield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LPManager] C:\Program Files\Lenovo\LenovoCare\LPMGR.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
O4 - HKLM..\Run: [osCheck] C:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PMHandler] C:\Program Files\Lenovo\PM Driver\PMHandler.exe (Lenovo)
O4 - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe ()
O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)
O4 - HKCU..\Run: [DriverUpdaterPro] C:\Program Files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp3.dll (Pure Networks, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (c:\documents and settings\geoffrey\application data\ogix.exe) - c:\documents and settings\geoffrey\application data\ogix.exe File not found
O20 - Winlogon\Notify\ACNotify: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\ATFUS: DllName - C:\WINDOWS\system32\FpWinLogonNp.dll - C:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O20 - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O20 - Winlogon\Notify\tphotkey: DllName - Reg Error: Key error. - Reg Error: Key error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\geoffrey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\geoffrey\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/04/30 08:13:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/28 01:14:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/07/28 01:07:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/28 01:04:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geoffrey\Desktop\GooredFix Backups
[2010/07/28 01:03:58 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\geoffrey\Desktop\GooredFix.exe
[2010/07/26 02:56:25 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\geoffrey\Desktop\OTL.exe
[2010/07/22 21:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geoffrey\Local Settings\Application Data\Identities
[2010/07/22 08:36:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/07/21 12:27:25 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/20 19:04:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/07/20 18:06:39 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/07/20 17:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/07/20 17:57:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/07/20 17:03:14 | 000,010,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2010/07/20 15:06:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\geoffrey\Application Data\Malwarebytes
[2010/07/20 15:06:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/20 14:53:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/07/14 01:17:46 | 000,743,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2008/05/26 08:33:59 | 000,167,936 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2008/05/26 08:33:59 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/28 01:19:20 | 000,766,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\olmonie.sys
[2010/07/28 01:12:42 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/07/28 01:10:06 | 000,025,269 | ---- | M] () -- C:\WINDOWS\System32\PROCDB.INI
[2010/07/28 01:09:59 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/28 01:09:15 | 000,000,380 | ---- | M] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2010/07/28 01:09:13 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/28 01:09:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/28 01:07:47 | 007,077,888 | -H-- | M] () -- C:\Documents and Settings\geoffrey\NTUSER.DAT
[2010/07/28 01:07:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\geoffrey\ntuser.ini
[2010/07/27 20:52:46 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\geoffrey\Desktop\GooredFix.exe
[2010/07/26 08:25:01 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2010/07/26 06:49:36 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1623880038-1315426461-3159198203-1008.job
[2010/07/26 00:56:10 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\geoffrey\Desktop\gmer.zip
[2010/07/26 00:54:46 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\geoffrey\Desktop\OTL.exe
[2010/07/25 02:20:41 | 000,159,744 | ---- | M] () -- C:\Documents and Settings\geoffrey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/21 12:27:29 | 000,001,741 | ---- | M] () -- C:\Documents and Settings\geoffrey\Desktop\HijackThis.lnk
[2010/07/20 20:15:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\WinInit.ini
[2010/07/20 17:03:14 | 000,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2010/07/20 13:28:22 | 000,000,243 | ---- | M] () -- C:\WINDOWS\Caligari.ini
[2010/07/15 03:17:58 | 078,007,495 | ---- | M] () -- C:\Documents and Settings\geoffrey\Desktop\atish-worker.wmv
[2010/07/13 12:20:15 | 105,520,149 | R--- | M] () -- C:\Documents and Settings\geoffrey\Desktop\alice2ebvibe.wmv
[2010/07/13 03:31:53 | 086,663,705 | ---- | M] () -- C:\Documents and Settings\geoffrey\Desktop\aliceBeb.wmv
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/26 03:22:16 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\geoffrey\Desktop\gmer.exe
[2010/07/26 03:21:59 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\geoffrey\Desktop\gmer.zip
[2010/07/21 12:27:28 | 000,001,741 | ---- | C] () -- C:\Documents and Settings\geoffrey\Desktop\HijackThis.lnk
[2010/07/20 20:15:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2010/07/20 18:28:22 | 000,000,389 | ---- | C] () -- C:\Documents and Settings\geoffrey\avgrep.txt
[2010/07/20 14:06:40 | 000,766,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\olmonie.sys
[2010/07/20 13:59:12 | 000,013,160 | ---- | C] () -- C:\Documents and Settings\geoffrey\hs_err_pid4896.log
[2010/07/15 03:17:58 | 078,007,495 | ---- | C] () -- C:\Documents and Settings\geoffrey\Desktop\atish-worker.wmv
[2010/07/13 12:20:15 | 105,520,149 | R--- | C] () -- C:\Documents and Settings\geoffrey\Desktop\alice2ebvibe.wmv
[2010/07/13 03:31:53 | 086,663,705 | ---- | C] () -- C:\Documents and Settings\geoffrey\Desktop\aliceBeb.wmv
[2010/05/06 13:54:48 | 000,000,114 | ---- | C] () -- C:\WINDOWS\downloaded.ini
[2009/05/31 02:51:45 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/05/14 02:12:04 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/16 14:32:51 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/16 14:32:51 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/12 05:31:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2008/10/12 05:31:29 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2008/10/12 05:31:29 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2008/10/12 05:31:26 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2008/10/12 05:31:26 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2008/10/12 05:30:00 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\ArtFfct.dll
[2008/08/31 10:09:51 | 004,874,240 | ---- | C] () -- C:\WINDOWS\System32\DSE2_DFT.dll
[2008/08/22 07:49:54 | 000,000,243 | ---- | C] () -- C:\WINDOWS\Caligari.ini
[2008/08/22 02:06:33 | 000,003,140 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/08/22 02:06:33 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\5922AEFE77.sys
[2008/05/26 09:11:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/05/26 08:52:52 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008/05/26 08:43:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/05/26 08:43:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/05/26 08:43:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/05/26 08:43:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/05/26 08:43:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/05/26 08:43:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/05/26 08:37:29 | 000,701,840 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/05/26 08:37:29 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4785.dll
[2008/05/26 08:35:44 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008/05/26 08:34:44 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2008/05/26 08:34:00 | 009,598,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008/05/26 08:34:00 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2007/08/16 11:28:38 | 000,025,269 | ---- | C] () -- C:\WINDOWS\System32\PROCDB.INI
[2007/08/16 11:28:27 | 000,000,380 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2007/06/27 17:13:51 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\RegisterDialog.dll
[2007/02/09 20:54:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/12 05:50:38 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/04/30 08:31:51 | 000,004,670 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/30 08:22:10 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/02/17 19:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 19:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 20:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:888AFB86
< End of report >
  • 0

#9
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
And ark.txt:
----------------------------------------
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-28 06:44:20
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\geoffrey\LOCALS~1\Temp\awkcrfog.sys


---- System - GMER 1.0.15 ----

SSDT 89EDD450 ZwAlertResumeThread
SSDT 89CE6100 ZwAlertThread
SSDT 8AB65C98 ZwAllocateVirtualMemory
SSDT 89EB3280 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0x9BD07020] <-- ROOTKIT !!!
SSDT 89E337E8 ZwCreateMutant
SSDT 89E1A728 ZwCreateThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0x9BD072A0] <-- ROOTKIT !!!
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0x9BD07800] <-- ROOTKIT !!!
SSDT 8A0792A8 ZwFreeVirtualMemory
SSDT 89D8F1B8 ZwImpersonateAnonymousToken
SSDT 89F2A198 ZwImpersonateThread
SSDT 8A118300 ZwMapViewOfSection
SSDT 89EDC220 ZwOpenEvent
SSDT 89F870E8 ZwOpenProcessToken
SSDT 8A08F518 ZwOpenThreadToken
SSDT 8A111D88 ZwResumeThread
SSDT 89F8F260 ZwSetContextThread
SSDT 89EC1128 ZwSetInformationProcess
SSDT 89F8B718 ZwSetInformationThread
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0x9BD07A50] <-- ROOTKIT !!!
SSDT 89EF3220 ZwSuspendProcess
SSDT 89DE86E0 ZwSuspendThread
SSDT 89DCD500 ZwTerminateProcess
SSDT 89E2B808 ZwTerminateThread
SSDT 89F6E1B8 ZwUnmapViewOfSection
SSDT 89D88418 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 122 804E497C 4 Bytes CALL 00D82CB8
.text ntoskrnl.exe!ZwYieldExecution + 262 804E4ABC 4 Bytes CALL 11D84331
.text olmonie.sys F7436030 173 Bytes [68, 8B, D5, BB, A2, FF, 34, ...]
.text olmonie.sys F743619E 38 Bytes [34, 24, FF, 74, 24, 04, 66, ...]
.text olmonie.sys F74361C5 53 Bytes [00, 0F, 90, C0, D0, C8, 0F, ...]
.text olmonie.sys F74361FB 46 Bytes [24, 89, 64, 24, 08, 60, FF, ...]
.text olmonie.sys F743622A 40 Bytes [B6, F2, 0F, B6, F2, 89, 44, ...]
.text ...
? C:\WINDOWS\system32\drivers\olmonie.sys A device attached to the system is not functioning.
PAGE Ntfs.sys BA798E88 4 Bytes CALL 8AC295E1

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8ABBE628

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] olmonie <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\olmonie@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\olmonie@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\olmonie@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\olmonie@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\olmonie@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\olmonie@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\olmonie@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\olmonie@Group Boot Bus Extender
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ Wireless
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@ProcessGroupPolicy ProcessWIRELESSPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ Folder Redirection
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@DllName fdeploy.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}@EventSources (Folder Redirection,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ Microsoft Disk Quota
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoBackgroundPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@DllName dskquota.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ QoS Packet Scheduler
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@ProcessGroupPolicy ProcessPSCHEDPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ Scripts
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicy ProcessScriptsGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@ProcessGroupPolicyEx ProcessScriptsGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@GenerateGroupPolicy GenerateScriptsGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}@NotifyLinkTransition 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ Internet Explorer Zonemapping
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@ProcessGroupPolicy ProcessGroupPolicyForZoneMap
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@RequiresSucessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}@DisplayName @iedkcs32.dll,-3051
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessSecurityPolicyGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@GenerateGroupPolicy SceGenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionRsopPlanningDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicyEx SceProcessSecurityPolicyGPOEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ExtensionDebugLevel 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@ Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@EnableAsynchronousProcessing 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}@MaxNoGPOListChangesInterval 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicyEx ProcessGroupPolicyEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DllName iedkcs32.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@ Internet Explorer Branding
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@NoMachinePolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}@DisplayName @iedkcs32.dll,-3014
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ProcessGroupPolicy SceProcessEFSRecoveryGPO
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@DllName scecli.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@ EFS recovery
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@NoGPOListChanges 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ Microsoft Offline Files
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@DllName %SystemRoot%\System32\cscui.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@EnableAsynchronousProcessing 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoMachinePolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoSlowLink 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@PerUserLocalSettings 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@ProcessGroupPolicy ProcessGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}@RequiresSuccessfulRegistry 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ Software Installation
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@DllName appmgmts.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@ProcessGroupPolicyEx ProcessGroupPolicyObjectsEx
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@GenerateGroupPolicy GenerateGroupPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoBackgroundPolicy 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@RequiresSucessfulRegistry 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@NoSlowLink 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@PerUserLocalSettings 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}@EventSources (Application Management,Application)?(MsiInstaller,Application)?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ IP Security
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@ProcessGroupPolicy ProcessIPSECPolicy
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@DllName gptext.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoUserPolicy 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}@NoGPOListChanges 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@DllName ACNotify.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Startup ACNotifyWLEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Logon ACNotifyWLEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Unlock ACNotifyWLEventUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Logoff ACNotifyWLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Lock ACNotifyWLEventLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify@Shutdown ACNotifyWLEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@DLLName igfxdev.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@Asynchronous 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@Impersonate 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui@Unlock WinlogonUnlockEvent
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@DllName C:\Program Files\Lenovo\HOTKEY\tphklock.dll
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Asynchronous 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Impersonate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Startup WLEventStartup
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Shutdown WLEventShutdown
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Logon WLEventLogon
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Logoff WLEventLogoff
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Lock WLEventLock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey@Unlock WLEventUnlock
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@HelpAssistant 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@TsInternetUser 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@SQLAgentCmdExec 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@NetShowServices 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IWAM_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@IUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@VUSR_ 65536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList@ASPNET 0

---- EOF - GMER 1.0.15 ----
  • 0

#10
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
And lastly the VirusTotal report:
-----------------------------------------------------
Antivirus Version Last Update Result
AhnLab-V3 2010.07.28.00 2010.07.27 -
AntiVir 8.2.4.26 2010.07.27 -
Antiy-AVL 2.0.3.7 2010.07.28 -
Authentium 5.2.0.5 2010.07.28 -
Avast 4.8.1351.0 2010.07.28 -
Avast5 5.0.332.0 2010.07.28 -
AVG 9.0.0.851 2010.07.27 -
BitDefender 7.2 2010.07.28 -
CAT-QuickHeal 11.00 2010.07.28 -
ClamAV 0.96.0.3-git 2010.07.28 -
Comodo 5564 2010.07.28 -
DrWeb 5.0.2.03300 2010.07.28 -
Emsisoft 5.0.0.34 2010.07.28 -
eSafe 7.0.17.0 2010.07.27 -
eTrust-Vet 36.1.7743 2010.07.27 -
F-Prot 4.6.1.107 2010.07.28 -
F-Secure 9.0.15370.0 2010.07.28 -
Fortinet 4.1.143.0 2010.07.24 -
GData 21 2010.07.28 -
Ikarus T3.1.1.84.0 2010.07.28 -
Jiangmin 13.0.900 2010.07.28 -
Kaspersky 7.0.0.125 2010.07.27 -
McAfee 5.400.0.1158 2010.07.28 -
McAfee-GW-Edition 2010.1 2010.07.27 -
Microsoft 1.6004 2010.07.28 -
NOD32 5318 2010.07.27 -
Norman 6.05.11 2010.07.27 -
nProtect 2010-07-28.01 2010.07.28 -
Panda 10.0.2.7 2010.07.27 -
PCTools 7.0.3.5 2010.07.28 -
Prevx 3.0 2010.07.28 -
Rising 22.58.02.03 2010.07.28 -
Sophos 4.55.0 2010.07.28 -
Sunbelt 6652 2010.07.28 -
SUPERAntiSpyware 4.40.0.1006 2010.07.28 -
Symantec 20101.1.1.7 2010.07.28 -
TheHacker 6.5.2.1.326 2010.07.27 -
TrendMicro 9.120.0.1004 2010.07.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.28 -
VBA32 3.12.12.6 2010.07.27 -
ViRobot 2010.7.23.3956 2010.07.28 -
VirusBuster 5.0.27.0 2010.07.28 -
Additional information
File size: 88 bytes
MD5...: c0637aa559e7b35e6cdc01b52ab5355c
SHA1..: cf738842bbe6e5644928270cbc44e5f674d31210
SHA256: 3f05818f4d43768d4d19dbdc41a588fa6a7009fe4e1463b760b3330510272986
ssdeep: 3:hl/E0hq/tP9Lcnn:Xc1P9an
PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: MS Flight Simulator Aircraft Performance Info (100.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
  • 0

Advertisements


#11
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Wassup skinnypig!

One of them is being persistent. Let's use a bigger hammer...heeheehee :)



Step #1


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Step #2


Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\Combofix.txt in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

P.S. Good job on getting me all those logs :)
  • 0

#12
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
This one wasn't so easy, I couldn't disable Norton and Combofix crashed the first time I tried to run it, but it seemed to work ok the second time round.

Here's the Combofix log:
----------------------------------------
ComboFix 10-07-29.01 - geoffrey 30/07/2010 6:37.1.2 - x86
Running from: c:\documents and settings\geoffrey\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\CEPx4581.tmp
C:\CEPx9217.tmp
c:\documents and settings\All Users\Application Data\pswi_preloaded.exe
c:\documents and settings\geoffrey\Application Data\ogix.exe
c:\documents and settings\geoffrey\Start Menu\Programs\Antimalware Doctor
c:\documents and settings\geoffrey\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\documents and settings\geoffrey\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\UACjquvxvajcrjqdlv.db
c:\windows\system32\uactmp.db

Infected copy of c:\windows\system32\DRIVERS\i8042prt.sys was found and disinfected
Restored copy from - Kitty had a snack :)
Infected copy of c:\windows\system32\drivers\pciide.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((( Files Created from 2010-06-28 to 2010-07-30 )))))))))))))))))))))))))))))))
.

2010-07-30 05:31 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-07-30 05:31 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
2010-07-28 00:07 . 2010-07-28 00:07 -------- d-----w- C:\_OTL
2010-07-22 20:17 . 2010-07-22 20:17 -------- d-----w- c:\documents and settings\geoffrey\Local Settings\Application Data\Identities
2010-07-22 07:36 . 2010-07-22 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-21 11:27 . 2010-07-21 11:27 -------- d-----w- c:\program files\Trend Micro
2010-07-20 17:06 . 2010-07-20 17:06 -------- d-----w- C:\$AVG
2010-07-20 16:57 . 2010-07-20 16:57 -------- d-----w- c:\program files\AVG
2010-07-20 16:57 . 2010-07-27 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-20 16:03 . 2010-07-20 16:03 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2010-07-20 14:06 . 2010-07-20 14:06 -------- d-----w- c:\documents and settings\geoffrey\Application Data\Malwarebytes
2010-07-20 14:06 . 2010-07-20 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-20 13:06 . 2010-07-30 05:58 766976 ----a-w- c:\windows\system32\drivers\olmonie.sys
2010-07-14 00:17 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-30 06:00 . 2009-02-25 11:44 -------- d-----w- c:\documents and settings\geoffrey\Application Data\Skype
2010-07-30 05:46 . 2008-08-22 04:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-30 05:18 . 2009-02-25 11:46 -------- d-----w- c:\documents and settings\geoffrey\Application Data\skypePM
2010-07-21 11:23 . 2008-08-22 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-20 18:06 . 2009-06-16 01:21 -------- d-----w- c:\program files\Norton Internet Security
2010-07-20 13:11 . 2008-08-21 13:36 -------- d-----w- c:\documents and settings\geoffrey\Application Data\Azureus
2010-07-20 12:28 . 2008-08-22 06:49 -------- d-----w- c:\program files\truespace6
2010-06-14 14:30 . 2006-04-30 07:10 743936 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 10:41 . 2008-05-26 08:06 105760 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-13 15:01 . 2009-08-13 13:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-14 18:26 . 2008-05-26 07:23 90112 ----a-w- c:\windows\DUMP4f39.tmp
2010-05-08 10:11 . 2008-08-22 01:06 3140 -csha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-08 10:11 . 2008-08-22 01:06 88 -csh--r- c:\windows\system32\5922AEFE77.sys
2010-05-04 17:20 . 2006-04-30 06:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-04-30 06:55 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 07:09 . 2006-04-30 06:55 1859968 ------w- c:\windows\system32\win32k.sys
.

------- Sigcheck -------

[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\ServicePackFiles\i386\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mfc40u.dll
[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\mfc40u.dll
[7] 2006-11-01 19:17 . 925F8B61ED301A317BA850EBEECBDAA0 . 927504 . . [4.1.0.61] . . c:\windows\SoftwareDistribution\Download\26553d2988faa6629ee272005cd35201\sp2qfe\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll
[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\system32\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 31840]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2007-08-23 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-23 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-23 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-23 138008]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-11-13 478800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-22 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-9-1 127488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-05-31 20:57 155648 ------w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R3 USB22LDR;M-Audio USB MIDISPORT 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [2007-11-14 20936]
S1 PMHler;PMHler;c:\windows\system32\drivers\PMHler.sys [2006-05-24 10240]
S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-06-22 106496]
S2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832]
S2 TVT Backup Protection Service;TVT Backup Protection Service;c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe [2007-02-08 569344]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-15 102448]
S3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\DRIVERS\Tvti2c.sys [2007-05-22 30336]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*Deregistered* - olmonie
.
Contents of the 'Scheduled Tasks' folder

2010-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57]

2010-07-30 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1623880038-1315426461-3159198203-1008.job
- c:\documents and settings\geoffrey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-24 13:04]

2010-05-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - geoffrey.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]

2010-07-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-17 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\geoffrey\Application Data\Mozilla\Firefox\Profiles\ehu2i5nk.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\geoffrey\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
AddRemove-Arturia CS-80V v1.2 - c:\progra~1\IMAGE-~1\FLSTUD~1\Plugins\VST\Arturia\UNWISE.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-30 06:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\olmonie]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
@DACL=(02 0000)
@SACL=
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"="ACNotify.dll"
"Startup"="ACNotifyWLEventStartup"
"Logon"="ACNotifyWLEventLogon"
"Unlock"="ACNotifyWLEventUnlock"
"Logoff"="ACNotifyWLEventLogoff"
"Lock"="ACNotifyWLEventLock"
"Shutdown"="ACNotifyWLEventShutdown"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@DACL=(02 0000)
@SACL=
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
@DACL=(02 0000)
@SACL=
@=""
"DllName"="c:\\Program Files\\Lenovo\\HOTKEY\\tphklock.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1412)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll

- - - - - - - > 'explorer.exe'(3024)
c:\windows\system32\WININET.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\program files\Lenovo\Client Security Solution\csswait.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\program files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Common Files\Lenovo\tvt_lenovo_res2.dll
c:\program files\Lenovo\Client Security Solution\css_lenovo_res.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\progra~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-07-30 07:12:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-30 06:12

Pre-Run: 14,121,005,056 bytes free
Post-Run: 16,327,991,296 bytes free

- - End Of File - - 69F730F6A906FAC489113270DE49055F
  • 0

#13
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Greetings skinny :)

We have 'em cornered! YarRRrrr! TiMe to DIE!



Step #1


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit::
c:\windows\system32\drivers\olmonie.sys

DirLook::
c:\program files\truespace6

Driver::
olmonie

FCopy::
c:\windows\ServicePackFiles\i386\mfc40u.dll | c:\windows\system32\mfc40u.dll
c:\windows\ServicePackFiles\i386\mfc40u.dll | c:\windows\$NtServicePackUninstall$\mfc40u.dll

KILLALL::


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#14
skinnypig

skinnypig

    Member

  • Topic Starter
  • Member
  • PipPip
  • 44 posts
I had some problems disabling Norton, I switched off the virus scan, firewall and all other functions but couldn't get rid off the 'symantec security centre'. So I think norton was still running but wasn't necessarily doing anything. Is that ok?

Here's the log:
----------------------------------




ComboFix 10-07-29.01 - geoffrey 01/08/2010 2:05.2.2 - x86
Running from: c:\documents and settings\geoffrey\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\geoffrey\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\mfc40u.dll --> c:\windows\system32\mfc40u.dll
c:\windows\ServicePackFiles\i386\mfc40u.dll --> c:\windows\$NtServicePackUninstall$\mfc40u.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OLMONIE
-------\Service_olmonie


((((((((((((((((((((((((( Files Created from 2010-07-01 to 2010-08-01 )))))))))))))))))))))))))))))))
.

2010-07-30 05:31 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-07-30 05:31 . 2008-04-13 19:18 52480 ----a-w- c:\windows\system32\dllcache\i8042prt.sys
2010-07-28 00:07 . 2010-07-28 00:07 -------- d-----w- C:\_OTL
2010-07-22 20:17 . 2010-07-22 20:17 -------- d-----w- c:\documents and settings\geoffrey\Local Settings\Application Data\Identities
2010-07-22 07:36 . 2010-07-22 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-21 11:27 . 2010-07-21 11:27 -------- d-----w- c:\program files\Trend Micro
2010-07-20 17:06 . 2010-07-20 17:06 -------- d-----w- C:\$AVG
2010-07-20 16:57 . 2010-07-20 16:57 -------- d-----w- c:\program files\AVG
2010-07-20 16:57 . 2010-07-27 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-20 16:03 . 2010-07-20 16:03 10344 ----a-w- c:\windows\system32\drivers\symlcbrd.sys
2010-07-20 14:06 . 2010-07-20 14:06 -------- d-----w- c:\documents and settings\geoffrey\Application Data\Malwarebytes
2010-07-20 14:06 . 2010-07-20 14:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-14 00:17 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 01:20 . 2009-02-25 11:44 -------- d-----w- c:\documents and settings\geoffrey\Application Data\Skype
2010-08-01 01:17 . 2008-08-22 04:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-08-01 00:28 . 2009-02-25 11:46 -------- d-----w- c:\documents and settings\geoffrey\Application Data\skypePM
2010-07-21 11:23 . 2008-08-22 04:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-20 18:06 . 2009-06-16 01:21 -------- d-----w- c:\program files\Norton Internet Security
2010-07-20 13:11 . 2008-08-21 13:36 -------- d-----w- c:\documents and settings\geoffrey\Application Data\Azureus
2010-07-20 12:28 . 2008-08-22 06:49 -------- d-----w- c:\program files\truespace6
2010-06-14 14:30 . 2006-04-30 07:10 743936 ------w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 10:41 . 2008-05-26 08:06 105760 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-13 15:01 . 2009-08-13 13:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-14 18:26 . 2008-05-26 07:23 90112 ----a-w- c:\windows\DUMP4f39.tmp
2010-05-08 10:11 . 2008-08-22 01:06 3140 -csha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-08 10:11 . 2008-08-22 01:06 88 -csh--r- c:\windows\system32\5922AEFE77.sys
2010-05-04 17:20 . 2006-04-30 06:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2006-04-30 06:55 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\truespace6 ----

2010-07-17 17:10 . 2010-06-11 13:09 128138 ----a-w- c:\program files\truespace6\Textures\helmet-txr.jpg
2010-07-17 17:07 . 2010-07-17 16:58 42358 ----a-w- c:\program files\truespace6\Textures\flag-txr.png
2010-06-15 16:42 . 2010-06-15 16:27 594421 ----a-w- c:\program files\truespace6\Textures\cessna-detail-4.png
2010-06-15 16:42 . 2010-06-15 17:00 238376 ----a-w- c:\program files\truespace6\Textures\cessna-detail-4-1.png
2010-06-15 15:46 . 2010-06-15 15:46 84779 ----a-w- c:\program files\truespace6\Textures\cessna-bump-1.jpg
2010-06-15 15:12 . 2010-06-15 15:10 284973 ----a-w- c:\program files\truespace6\Textures\cessna-detail-3.png
2010-06-15 14:24 . 2009-02-03 12:46 97671 ----a-w- c:\program files\truespace6\Textures\3250789779_cd3058ecb2_o.jpg
2010-06-15 14:19 . 2010-06-11 12:18 801925 ----a-w- c:\program files\truespace6\Textures\clouds4852.jpg
2010-06-15 14:13 . 2010-06-15 14:13 23763 ----a-w- c:\program files\truespace6\Textures\cessna-detail-2.png
2010-06-14 17:46 . 2010-06-14 17:52 13694 ----a-w- c:\program files\truespace6\Textures\cessna-detail-1.png
2010-06-14 16:13 . 2010-06-14 16:12 91682 ----a-w- c:\program files\truespace6\Textures\cessna-bump.jpg
2010-06-14 15:35 . 2010-06-14 15:35 668001 ----a-w- c:\program files\truespace6\Textures\cessna-1.png
2010-06-14 14:27 . 2010-06-14 14:44 328134 ----a-w- c:\program files\truespace6\Textures\cessna-1.jpg
2010-04-27 15:53 . 2010-04-27 15:49 27485 ----a-w- c:\program files\truespace6\Textures\decotora-3.jpg
2010-04-27 15:49 . 2010-04-27 15:47 19935 ----a-w- c:\program files\truespace6\Textures\decotora-2.jpg
2010-04-27 15:40 . 2010-04-27 15:39 23678 ----a-w- c:\program files\truespace6\Textures\decotora-1.jpg
2010-04-27 12:57 . 2010-04-27 14:26 135411 ----a-w- c:\program files\truespace6\Textures\navigation-bump.jpg
2010-04-26 09:47 . 2010-04-26 09:44 130395 ----a-w- c:\program files\truespace6\Textures\navigation#2.jpg
2010-03-26 14:07 . 2004-08-22 13:14 41655 -c--a-w- c:\program files\truespace6\Textures\tx_robo_rear.jpg
2010-03-26 14:07 . 2004-08-22 12:58 55964 -c--a-w- c:\program files\truespace6\Textures\tx_tinrobo.jpg
2010-03-08 14:25 . 2010-03-08 12:58 5975574 -c--a-w- c:\program files\truespace6\Textures\sneeker-2.bmp
2010-03-08 14:24 . 2010-03-08 14:24 1682 -c--a-w- c:\program files\truespace6\Tsx\luuv\snk.mtl
2010-03-08 14:24 . 2010-03-08 14:24 8456983 -c--a-w- c:\program files\truespace6\Tsx\luuv\snk.obj
2010-02-08 13:03 . 2010-02-09 01:06 861606 -c--a-w- c:\program files\truespace6\Textures\parachute-girl-txr.jpg
2009-11-10 15:46 . 2009-11-10 15:46 5524520 -c--a-w- c:\program files\truespace6\Textures\env-map-1.avi
2009-11-10 14:58 . 2009-05-20 17:55 369864 -c--a-w- c:\program files\truespace6\Textures\pachinko-2.jpg
2009-11-10 14:57 . 2009-11-10 14:57 3449624 -c--a-w- c:\program files\truespace6\Textures\shape-synk-1.avi
2009-11-10 14:55 . 2009-11-10 14:55 7005140 -c--a-w- c:\program files\truespace6\Textures\shape-synk.avi
2009-11-04 15:41 . 2009-11-04 15:37 2349592 -c--a-w- c:\program files\truespace6\Textures\temp-bkg.avi
2009-07-01 17:36 . 2009-07-01 17:38 251772 -c----w- c:\program files\truespace6\Textures\,Sandra-1.jpg
2009-07-01 13:39 . 2009-07-01 13:39 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Sandra-1.bmp
2009-07-01 13:39 . 2009-07-01 13:39 1119234 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Sandra-1.cob
2009-07-01 13:38 . 2009-07-01 13:38 759109 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Sandra-1.wgs
2009-07-01 13:26 . 2009-07-01 13:39 895 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Sandra-1.fps
2009-06-26 12:57 . 2009-06-22 17:05 298958 -c----w- c:\program files\truespace6\Textures\pachinko-bkg.jpg
2009-06-22 12:23 . 2009-06-22 12:17 306471 -c----w- c:\program files\truespace6\Textures\go-piney-2.jpg
2009-06-22 12:22 . 2009-06-22 12:20 365640 -c----w- c:\program files\truespace6\Textures\go-piney-3.jpg
2009-06-12 15:45 . 2009-06-12 15:44 163095 -c----w- c:\program files\truespace6\Textures\d-t-i-d-4.jpg
2009-06-09 15:29 . 2009-06-09 16:11 9875768 -c----w- c:\program files\truespace6\Textures\3d-track-1.avi
2009-05-29 17:22 . 2009-05-29 17:28 332306 -c----w- c:\program files\truespace6\Textures\head-test#2,Kristine,1.jpg
2009-05-29 17:11 . 2009-05-29 17:18 242153 -c----w- c:\program files\truespace6\Textures\head-test#2,Kristine.jpg
2009-05-29 17:07 . 2009-05-29 17:09 242338 -c----w- c:\program files\truespace6\Textures\,Kristine.jpg
2009-05-29 16:54 . 2009-07-01 17:29 394989 -c---tw- c:\program files\truespace6\Tsx\Facial Animator\Textures\ibrowser.tmp
2009-05-26 12:12 . 2009-05-26 13:11 10905416 -c--a-w- c:\program files\truespace6\Textures\3d-back-1.avi
2009-05-26 12:05 . 2009-05-26 12:07 960520192 -c----w- c:\program files\truespace6\Textures\tokyo ga-street-1.avi
2009-05-20 00:42 . 2009-05-20 00:42 12 -----tw- c:\program files\truespace6\Textures\ibrowser.tmp
2009-03-16 16:01 . 2009-03-16 16:17 2456660 -c----w- c:\program files\truespace6\Textures\bkg-temp.avi
2008-12-03 10:35 . 2008-12-02 16:04 190362624 -c----w- c:\program files\truespace6\Textures\bedroom-floor-1.avi
2008-12-02 13:21 . 2008-12-02 13:16 22589 -c----w- c:\program files\truespace6\Textures\302527b.jpg
2008-12-01 00:40 . 2008-12-01 00:17 13989 -c----w- c:\program files\truespace6\Textures\IBERIA.JPG
2008-12-01 00:40 . 1996-10-15 23:59 8251 -c----w- c:\program files\truespace6\Textures\BUMIBE.JPG
2008-12-01 00:34 . 1996-10-15 23:33 41501 -c----w- c:\program files\truespace6\Textures\REFLEF.JPG
2008-12-01 00:29 . 1996-10-16 03:53 27673 -c----w- c:\program files\truespace6\Textures\RIGHT.JPG
2008-11-18 12:08 . 2008-10-26 14:53 1997708 -c----w- c:\program files\truespace6\Textures\actionbiker-17.jpg
2008-11-17 00:16 . 2004-03-27 21:21 1925 ------w- c:\program files\truespace6\Shaders\Material\readme.html
2008-11-17 00:16 . 2003-04-06 21:32 331776 ------w- c:\program files\truespace6\Shaders\Material\uvtoon.tss
2008-11-17 00:10 . 2008-11-17 00:10 156213 ------w- c:\program files\truespace6\Shaders\Material\uvtoon100b6.zip
2008-11-15 17:38 . 2008-11-15 13:07 1770542 -c----w- c:\program files\truespace6\Textures\2100466689_7011cc9716_o.jpg
2008-11-15 14:25 . 2008-11-15 12:52 3957860 -c----w- c:\program files\truespace6\Textures\2715746847_d863337793_o.jpg
2008-10-29 11:17 . 2008-10-29 11:17 18398 -c----w- c:\program files\truespace6\Textures\parachute-lines.jpg
2008-08-26 02:14 . 2001-02-25 10:08 907 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\ClothMotion-e.txt
2008-08-26 02:14 . 2001-02-28 09:58 13341 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\PurchaseClothMotion.htm
2008-08-26 02:14 . 2001-02-25 10:21 12034 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\ClothMotion-e.htm
2008-08-26 02:14 . 2000-10-08 05:04 1591 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\mastrcrd.gif
2008-08-26 02:14 . 2000-11-13 02:54 906 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\rr.gif
2008-08-26 02:14 . 2000-10-08 04:45 1388 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\pipenet.gif
2008-08-26 02:14 . 2000-10-08 05:04 1357 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\visacard.gif
2008-08-26 02:14 . 2000-10-31 09:40 4477 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\006.jpg
2008-08-26 02:14 . 2000-08-08 22:53 2188 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\hei02.gif
2008-08-26 02:14 . 2000-08-08 22:53 2244 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\hei01.gif
2008-08-26 02:14 . 2000-08-05 08:11 581 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\005.gif
2008-08-26 02:14 . 2000-10-31 09:40 16923 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\005.jpg
2008-08-26 02:14 . 2000-10-31 09:40 18062 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\001.jpg
2008-08-26 02:14 . 2000-10-31 09:40 19242 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\003.jpg
2008-08-26 02:14 . 2000-10-31 09:40 24356 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\002.jpg
2008-08-26 02:14 . 2000-08-08 22:19 1165 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\col02.gif
2008-08-26 02:14 . 2000-08-08 22:18 1574 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\col01.gif
2008-08-26 02:14 . 2000-08-08 23:23 907 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\a02.gif
2008-08-26 02:14 . 2000-08-08 23:22 4517 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\a01.gif
2008-08-26 02:14 . 2000-08-07 07:29 1322 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\011.gif
2008-08-26 02:14 . 2000-08-07 07:21 863 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\010.gif
2008-08-26 02:14 . 2000-08-07 07:29 620 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\009.gif
2008-08-26 02:14 . 2000-08-05 04:42 913 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\007.gif
2008-08-26 02:14 . 2000-08-05 08:11 800 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\006.gif
2008-08-26 02:14 . 2000-10-31 09:40 20149 -c----w- c:\program files\truespace6\Tsx\ck_clothmot\images-e\004.jpg
2008-08-26 02:14 . 2001-02-28 09:59 221184 ------w- c:\program files\truespace6\Tsx\ck_clothmot\ClothMotion.tsx
2008-08-24 23:25 . 2010-07-20 12:28 4900 ----a-w- c:\program files\truespace6\truespace.cfg
2008-08-24 23:25 . 2010-07-20 12:28 234 ----a-w- c:\program files\truespace6\truespace.key
2008-08-22 06:49 . 2008-08-22 06:58 115631 -c----w- c:\program files\truespace6\unins000.dat
2002-07-15 23:04 . 2002-07-15 23:04 637832 ------w- c:\program files\truespace6\tS6.exe
2002-07-15 22:23 . 2002-07-15 22:23 90186 ------w- c:\program files\truespace6\calatm32.dll
2002-07-15 22:23 . 2002-07-15 22:23 73802 ------w- c:\program files\truespace6\CalDDraw.dll
2002-07-15 22:23 . 2002-07-15 22:23 3960832 ------w- c:\program files\truespace6\Lipro.dll
2002-07-15 22:23 . 2002-07-15 22:23 24648 ------w- c:\program files\truespace6\LWorks.tsr
2002-07-15 22:23 . 2002-07-15 22:23 81995 ------w- c:\program files\truespace6\scriptmn.dll
2002-07-15 22:23 . 2002-07-15 22:23 4706378 ------w- c:\program files\truespace6\TsCommon.dll
2002-07-15 22:23 . 2002-07-15 22:23 5787648 ------w- c:\program files\truespace6\tsxapi.dll
2002-07-15 22:23 . 2002-07-15 22:23 651339 ------w- c:\program files\truespace6\TsxPythn.dll
2002-07-15 22:23 . 2002-07-15 22:23 2870976 ------w- c:\program files\truespace6\win32ui.dll
2002-07-15 22:23 . 2002-07-15 22:23 630784 ------w- c:\program files\truespace6\Tsx\Facial Animator\FacialAnimator.tsx
2002-07-15 22:17 . 2010-07-20 12:28 599 ----a-w- c:\program files\truespace6\truespace.cfl
2002-07-15 22:17 . 2010-07-20 12:28 276 ----a-w- c:\program files\truespace6\truespace.prl
2002-07-15 22:17 . 2010-07-20 12:28 65636 ----a-w- c:\program files\truespace6\truespace.tsp
2002-07-15 21:05 . 2002-07-15 21:05 59153 -c----w- c:\program files\truespace6\Configs\Model Space.tsc
2002-07-15 20:57 . 2002-07-15 20:57 54772 -c----w- c:\program files\truespace6\Configs\MFH (Binky) Default.tsc
2002-07-15 20:56 . 2002-07-15 20:56 54675 -c----w- c:\program files\truespace6\Configs\4-View.tsc
2002-07-15 20:55 . 2002-07-15 20:55 50060 -c----w- c:\program files\truespace6\Configs\Default tS6.tsc
2002-07-15 20:53 . 2002-07-15 20:53 53867 -c----w- c:\program files\truespace6\Configs\JP Default.tsc
2002-07-15 16:16 . 2002-07-15 16:16 225280 ------w- c:\program files\truespace6\Shelling.dll
2002-07-15 16:10 . 2002-07-15 16:10 1446912 ------w- c:\program files\truespace6\KFEditor.dll
2002-07-14 22:34 . 2002-07-14 22:34 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Sandra.bmp
2002-07-14 22:34 . 2002-07-14 22:34 314667 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Sandra.cob
2002-07-14 22:33 . 2002-07-14 22:33 849 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Sandra.fps
2002-07-14 22:33 . 2002-07-14 22:33 208993 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Sandra.wgs
2002-07-12 21:51 . 2002-07-12 21:51 127589 -c----w- c:\program files\truespace6\Textures\sandra_tex3-5.jpg
2002-07-12 21:45 . 2002-07-12 21:45 150377 -c----w- c:\program files\truespace6\Textures\sandra_bump3-5.jpg
2002-07-12 20:52 . 2002-07-12 20:52 64949 -c----w- c:\program files\truespace6\Configs\markSpace 1280x1024.tsc
2002-07-12 20:46 . 2002-07-12 20:46 68518 -c----w- c:\program files\truespace6\Configs\markSpace 1024x768.tsc
2002-07-11 21:37 . 2002-07-11 21:37 38796 -c----w- c:\program files\truespace6\Tsx\luuv\luuv.chm
2002-07-11 21:10 . 2002-07-11 21:10 2328265 -c----w- c:\program files\truespace6\Library\physics.scl\CrashTest.scn
2002-07-11 21:03 . 2002-07-11 21:03 209 -c----w- c:\program files\truespace6\Library\physics.scl\Physics.scl
2002-07-10 23:10 . 2002-07-10 23:10 659456 -c----w- c:\program files\truespace6\Tsx\luuv\luuv.tsx
2002-07-10 10:47 . 2002-07-10 10:47 53616 -c----w- c:\program files\truespace6\Library\FX Metals.mtl
2002-07-09 21:12 . 2002-07-09 21:12 415554 -c----w- c:\program files\truespace6\Library\physics.scl\Wagon.scn
2002-07-09 16:57 . 2002-07-09 16:57 708608 ------w- c:\program files\truespace6\MirrorModeler.dll
2002-07-09 16:31 . 2002-07-09 16:31 25 -c----w- c:\program files\truespace6\Library\scenes.scl\scenes.scl
2002-07-09 16:25 . 2002-07-09 16:25 78 -c----w- c:\program files\truespace6\Library\Layers.scl\Layers.scl
2002-07-09 16:21 . 2002-07-09 16:21 591 -c----w- c:\program files\truespace6\Library\more objects.obl\More Objects.obl
2002-07-09 16:21 . 2002-07-09 16:21 60529 -c----w- c:\program files\truespace6\Library\more objects.obl\Door.cob
2002-07-08 22:06 . 2002-07-08 22:06 7869 -c----w- c:\program files\truespace6\ReadMe.rtf
2002-07-08 21:10 . 2009-05-20 00:42 404 -c----w- c:\program files\truespace6\Library\objects.obl\Objects.obl
2002-07-08 21:09 . 2002-07-08 21:09 89 -c----w- c:\program files\truespace6\Library\Mouldings.obl\Mouldings.obl
2002-07-08 21:08 . 2002-07-08 21:08 117 -c----w- c:\program files\truespace6\Library\vehicles.obl\vehicles.obl
2002-07-08 20:57 . 2002-07-08 20:57 77529 -c----w- c:\program files\truespace6\Projects\Tutorials\tutorials.tsp
2002-07-08 20:56 . 2002-07-08 20:56 396 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\scenes.scl
2002-07-08 20:56 . 2002-07-08 20:56 2189656 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\machine.scn
2002-07-08 20:49 . 2002-07-08 20:49 107905 -c----w- c:\program files\truespace6\Library\objects.obl\Flex.cob
2002-07-08 20:07 . 2010-07-17 17:40 119689 ----a-w- c:\program files\truespace6\Library\lights.lgl
2002-07-08 20:07 . 2002-07-08 20:07 444767 -c----w- c:\program files\truespace6\Library\Paths.ptl
2002-07-08 17:45 . 2002-07-08 17:45 117 -c----w- c:\program files\truespace6\Library\python.scl\Python.scl
2002-07-08 17:45 . 2002-07-08 17:45 60 -c----w- c:\program files\truespace6\Library\radiosity.scl\Radiosity.scl
2002-07-08 17:33 . 2010-06-15 16:55 273275 ----a-w- c:\program files\truespace6\Library\materials.mtl
2002-07-08 16:31 . 2002-07-08 16:31 690657 -c----w- c:\program files\truespace6\tS6_help.chm
2002-07-06 19:31 . 2002-07-06 19:31 22101 -c----w- c:\program files\truespace6\Textures\eye-sandra.jpg
2002-07-05 17:27 . 2002-07-05 17:27 344967 -c----w- c:\program files\truespace6\Library\physics.scl\Ship.scn
2002-07-05 17:08 . 2002-07-05 17:08 175675 -c----w- c:\program files\truespace6\Library\physics.scl\Mixer.scn
2002-07-05 16:24 . 2002-07-05 16:24 72490 -c----w- c:\program files\truespace6\Library\physics.scl\tS6_Physics.scn
2002-07-04 21:38 . 2002-07-04 21:38 69603 -c----w- c:\program files\truespace6\Library\physics.scl\Sash.scn
2002-07-04 21:25 . 2002-07-04 21:25 63214 -c----w- c:\program files\truespace6\Library\physics.scl\Rot2.scn
2002-07-04 21:15 . 2002-07-04 21:15 23361 -c----w- c:\program files\truespace6\Library\physics.scl\RolPlane.scn
2002-07-04 21:10 . 2002-07-04 21:10 184577 -c----w- c:\program files\truespace6\Library\physics.scl\planet.scn
2002-07-04 20:54 . 2002-07-04 20:54 165 -c----w- c:\program files\truespace6\Library\subsurf.obl\subsurf.obl
2002-07-04 20:54 . 2002-07-04 20:54 126 -c----w- c:\program files\truespace6\Library\scifi.obl\scifi.obl
2002-07-04 20:54 . 2002-07-04 20:54 246 -c----w- c:\program files\truespace6\Library\ik.obl\ik.obl
2002-07-04 20:54 . 2002-07-04 20:54 97 -c----w- c:\program files\truespace6\Library\characters.obl\characters.obl
2002-07-04 20:53 . 2002-07-04 20:53 74 -c----w- c:\program files\truespace6\Library\scneffects.scl\scneffects.scl
2002-07-04 20:51 . 2002-07-04 20:51 54377 -c----w- c:\program files\truespace6\Library\physics.scl\Plane.scn
2002-07-04 20:51 . 2002-07-04 20:51 6550 -c----w- c:\program files\truespace6\Library\scenes.scl\tS6 Default.scn
2002-07-04 20:29 . 2002-07-04 20:29 11369 -c----w- c:\program files\truespace6\PDFMan\ts6_manual.htm
2002-07-04 20:25 . 2002-07-04 20:25 329366 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\cheeseboard2.scn
2002-07-04 20:22 . 2002-07-04 20:22 45067 -c----w- c:\program files\truespace6\Library\physics.scl\Fan.scn
2002-07-04 20:16 . 2002-07-04 20:16 66420 -c----w- c:\program files\truespace6\Library\physics.scl\Baloon.scn
2002-07-04 20:03 . 2002-07-04 20:03 403849 -c----w- c:\program files\truespace6\Library\physics.scl\Balls.scn
2002-07-04 19:59 . 2002-07-04 19:59 234198 -c----w- c:\program files\truespace6\Library\physics.scl\Sheets.scn
2002-07-04 19:53 . 2002-07-04 19:53 189556 -c----w- c:\program files\truespace6\Library\physics.scl\Wall.scn
2002-07-04 19:32 . 2002-07-04 19:32 85719 -c----w- c:\program files\truespace6\Library\physics.scl\Wgears.scn
2002-07-04 18:49 . 2002-07-04 18:49 31756 -c----w- c:\program files\truespace6\Library\physics.scl\Airscrew.scn
2002-07-04 17:53 . 2002-07-04 17:53 78873 -c----w- c:\program files\truespace6\Library\Curves.cvl
2002-07-04 17:37 . 2002-07-04 17:37 84365 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\baked lighting.scn
2002-07-04 17:23 . 2002-07-04 17:23 19290 -c----w- c:\program files\truespace6\Textures\027.jpg
2002-07-04 13:11 . 2002-07-04 13:11 162058 -c----w- c:\program files\truespace6\Library\objects.obl\I-Pod.cob
2002-07-04 13:11 . 2002-07-04 13:11 330075 -c----w- c:\program files\truespace6\Library\objects.obl\Dino.cob
2002-07-03 08:06 . 2002-07-03 08:06 35244 -c----w- c:\program files\truespace6\Library\scneffects.scl\Advanced Volumetrics.scn
2002-07-03 07:05 . 2002-07-03 07:05 999545 -c----w- c:\program files\truespace6\Library\vehicles.obl\b25 bomber.cob
2002-07-02 23:44 . 2002-07-02 23:44 29078 -c----w- c:\program files\truespace6\Library\objects.obl\Rams Horns.cob
2002-07-02 23:28 . 2002-07-02 23:28 498941 -c----w- c:\program files\truespace6\Library\vehicles.obl\Rocket.cob
2002-07-02 23:28 . 2002-07-02 23:28 267265 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Kristine.scn
2002-07-02 23:00 . 2002-07-02 23:00 2174509 -c----w- c:\program files\truespace6\Library\Layers.scl\Apollo AGC Chip-GLWason+2002.scn
2002-07-02 21:39 . 2002-07-02 21:39 135428 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\labyrinth.scn
2002-07-02 20:24 . 2002-07-02 20:24 520213 -c----r- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Cooter_72fps.cob
2002-07-02 17:46 . 2002-07-02 17:46 3415933 -c----w- c:\program files\truespace6\Library\more objects.obl\Magazine rack.cob
2002-07-02 17:45 . 2002-07-02 17:45 67807 -c----w- c:\program files\truespace6\Library\more objects.obl\Telescope.cob
2002-07-02 17:44 . 2002-07-02 17:44 181884 -c----w- c:\program files\truespace6\Library\more objects.obl\Gold Fish.cob
2002-07-02 17:43 . 2002-07-02 17:43 84364 -c----w- c:\program files\truespace6\Library\more objects.obl\Bathroom.cob
2002-07-02 17:42 . 2002-07-02 17:42 590951 -c----w- c:\program files\truespace6\Library\more objects.obl\Dinosaur.cob
2002-07-02 17:41 . 2002-07-02 17:41 545470 -c----w- c:\program files\truespace6\Library\more objects.obl\Temple.cob
2002-07-02 17:41 . 2002-07-02 17:41 64112 -c----w- c:\program files\truespace6\Library\more objects.obl\Folding Table.cob
2002-07-02 17:40 . 2002-07-02 17:40 214215 -c----w- c:\program files\truespace6\Library\more objects.obl\Bowl.cob
2002-07-02 17:40 . 2002-07-02 17:40 209626 -c----w- c:\program files\truespace6\Library\more objects.obl\UFO.cob
2002-07-02 17:40 . 2002-07-02 17:40 35624 -c----w- c:\program files\truespace6\Library\more objects.obl\Street lamp.cob
2002-07-02 17:38 . 2002-07-02 17:38 2220857 -c----w- c:\program files\truespace6\Library\more objects.obl\Shell.cob
2002-07-02 17:30 . 2002-07-02 17:30 191934 -c----w- c:\program files\truespace6\Library\objects.obl\Bone Spine.cob
2002-07-02 17:21 . 2002-07-02 17:21 471055 -c----w- c:\program files\truespace6\Library\objects.obl\DNA.cob
2002-07-01 22:00 . 2002-07-01 22:00 526607 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Cooter.cob
2002-07-01 22:00 . 2002-07-01 22:00 903 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Cooter.fps
2002-07-01 21:59 . 2002-07-01 21:59 742153 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Cooter.wgs
2002-06-29 07:57 . 2002-06-29 07:57 4020837 -c----w- c:\program files\truespace6\PDFMan\ch10_PolygonModeling.PDF
2002-06-29 07:57 . 2002-06-29 07:57 343968 -c----w- c:\program files\truespace6\PDFMan\Index.PDF
2002-06-29 07:54 . 2002-06-29 07:54 1562755 -c----w- c:\program files\truespace6\PDFMan\appendixD_Shaders.PDF
2002-06-29 07:53 . 2002-06-29 07:53 3219877 -c----w- c:\program files\truespace6\PDFMan\ch23_Rendering.PDF
2002-06-29 07:52 . 2002-06-29 07:52 3026103 -c----w- c:\program files\truespace6\PDFMan\ch24_AnimationAndSE.PDF
2002-06-29 07:50 . 2002-06-29 07:50 4090670 -c----w- c:\program files\truespace6\PDFMan\ch25_Bones&Skinning.PDF
2002-06-29 07:47 . 2002-06-29 07:47 720010 -c----w- c:\program files\truespace6\PDFMan\ch26_InverseKinematics.PDF
2002-06-29 07:47 . 2002-06-29 07:47 1297104 -c----w- c:\program files\truespace6\PDFMan\ch27_PhysicalSimulation.PDF
2002-06-29 07:46 . 2002-06-29 07:46 5134696 -c----w- c:\program files\truespace6\PDFMan\ch28_FacialAnimator.PDF
2002-06-29 07:43 . 2002-06-29 07:43 1166495 -c----w- c:\program files\truespace6\PDFMan\AppendixB_Settings.PDF
2002-06-29 07:43 . 2002-06-29 07:43 614537 -c----w- c:\program files\truespace6\PDFMan\appendixC_Scripting.PDF
2002-06-28 22:55 . 2002-06-28 22:55 414304 -c----w- c:\program files\truespace6\Library\objects.obl\Braclet.cob
2002-06-28 22:48 . 2002-06-28 22:48 99121 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\pong.scn
2002-06-28 22:38 . 2002-06-28 22:38 144546 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\invaders.scn
2002-06-28 21:06 . 2002-06-28 21:06 102207 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\intro.scn
2002-06-28 20:42 . 2002-06-28 20:42 80171 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Procanim.scn
2002-06-28 20:37 . 2002-06-28 20:37 18326 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Parentchild.scn
2002-06-28 20:30 . 2002-06-28 20:30 23384 -c----w- c:\program files\truespace6\Library\python.scl\Gate3.scn
2002-06-28 20:30 . 2002-06-28 20:30 23967 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Gate2.scn
2002-06-27 20:40 . 2002-06-27 20:40 1220161 -c----w- c:\program files\truespace6\PDFMan\ch22_Radiosity.PDF
2002-06-27 20:20 . 2002-06-27 20:20 1537289 -c----w- c:\program files\truespace6\PDFMan\ch21_LightsandLighting.PDF
2002-06-27 19:59 . 2002-06-27 19:59 1025945 -c----w- c:\program files\truespace6\PDFMan\ch20_PaintTools.PDF
2002-06-27 19:54 . 2002-06-27 19:54 2894418 -c----w- c:\program files\truespace6\PDFMan\ch19_MaterialEditor.PDF
2002-06-27 19:11 . 2002-06-27 19:11 1733669 -c----w- c:\program files\truespace6\PDFMan\ch18_UVTools.PDF
2002-06-27 18:59 . 2002-06-27 18:59 795665 -c----w- c:\program files\truespace6\PDFMan\ch17_Plastiform.PDF
2002-06-27 18:47 . 2002-06-27 18:47 934816 -c----w- c:\program files\truespace6\PDFMan\ch16_Metaballs.PDF
2002-06-27 17:58 . 2002-06-27 17:58 3603166 -c----w- c:\program files\truespace6\PDFMan\ch15_Sculpt&Deform.PDF
2002-06-27 17:58 . 2002-06-27 17:58 258031 -c----w- c:\program files\truespace6\PDFMan\sw License Agreement&Copyright&Cover.PDF
2002-06-27 17:58 . 2002-06-27 17:58 192936 -c----w- c:\program files\truespace6\PDFMan\Table_of_Contents.PDF
2002-06-27 17:25 . 2002-06-27 17:25 13108 -c----w- c:\program files\truespace6\PDFMan\images\tS6Banner.jpg
2002-06-26 23:55 . 2002-06-26 23:55 159843 -c----w- c:\program files\truespace6\Library\objects.obl\Rope Twist.cob
2002-06-26 23:45 . 2002-06-26 23:45 23472 -c----w- c:\program files\truespace6\Library\objects.obl\Attack Plane.cob
2002-06-26 23:22 . 2002-06-26 23:22 287401 -c----w- c:\program files\truespace6\Library\objects.obl\Torso.cob
2002-06-26 23:18 . 2002-06-26 23:18 96291 -c----w- c:\program files\truespace6\Library\objects.obl\Popcorn.cob
2002-06-26 23:10 . 2002-06-26 23:10 108665 -c----w- c:\program files\truespace6\Library\more objects.obl\Eyes_0.cob
2002-06-26 23:02 . 2002-06-26 23:02 411882 -c----w- c:\program files\truespace6\Library\vehicles.obl\P-51.cob
2002-06-26 21:52 . 2002-06-26 21:52 436915 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Shadow Catch.scn
2002-06-26 20:07 . 2002-06-26 20:07 1593316 -c----w- c:\program files\truespace6\PDFMan\ch12_ArrayTools.PDF
2002-06-26 20:06 . 2002-06-26 20:06 2962799 -c----w- c:\program files\truespace6\PDFMan\ch11_UtilitiesGroup.PDF
2002-06-26 20:05 . 2002-06-26 20:05 1714300 -c----w- c:\program files\truespace6\PDFMan\ch14_SubdivisionSurfaces.PDF
2002-06-26 20:02 . 2002-06-26 20:02 1387031 -c----w- c:\program files\truespace6\PDFMan\ch13_BooleanOperations.PDF
2002-06-26 19:40 . 2002-06-26 19:40 1683497 -c----w- c:\program files\truespace6\Library\more objects.obl\Tire.cob
2002-06-26 19:30 . 2002-06-26 19:30 3500124 -c----w- c:\program files\truespace6\Library\more objects.obl\Ring Cage.cob
2002-06-26 17:56 . 2002-06-26 17:56 43967 -c----w- c:\program files\truespace6\Library\more objects.obl\Jaws.cob
2002-06-25 23:42 . 2002-06-25 23:42 9050 -c----w- c:\program files\truespace6\Library\objects.obl\Space Ship.cob
2002-06-25 23:37 . 2002-06-25 23:37 52177 -c----w- c:\program files\truespace6\Library\more objects.obl\Candle Stick.cob
2002-06-25 23:34 . 2002-06-25 23:34 27692 -c----w- c:\program files\truespace6\Library\objects.obl\Stairs.cob
2002-06-25 22:28 . 2002-06-25 22:28 572190 -c----w- c:\program files\truespace6\Library\vehicles.obl\Sub.cob
2002-06-25 22:27 . 2002-06-25 22:27 43515 -c----w- c:\program files\truespace6\Library\more objects.obl\Porch Roof.cob
2002-06-25 22:24 . 2002-06-25 22:24 26222 -c----w- c:\program files\truespace6\Library\objects.obl\Desk Lamp.cob
2002-06-25 22:22 . 2002-06-25 22:22 374784 -c----w- c:\program files\truespace6\Library\objects.obl\Globe.cob
2002-06-25 22:21 . 2002-06-25 22:21 50453 -c----w- c:\program files\truespace6\Library\objects.obl\bridge.cob
2002-06-25 22:20 . 2002-06-25 22:20 24497 -c----w- c:\program files\truespace6\Library\more objects.obl\Vase.cob
2002-06-25 22:14 . 2002-06-25 22:14 10446 -c----w- c:\program files\truespace6\Library\more objects.obl\Book2.cob
2002-06-25 22:11 . 2002-06-25 22:11 115294 -c----w- c:\program files\truespace6\Library\objects.obl\Bay Window.cob
2002-06-25 22:02 . 2002-06-25 22:02 20086 -c----w- c:\program files\truespace6\Library\Mouldings.obl\FrameMitre.cob
2002-06-25 21:59 . 2002-06-25 21:59 10930 -c----w- c:\program files\truespace6\Library\Mouldings.obl\Frame-4.cob
2002-06-25 21:58 . 2002-06-25 21:58 10671 -c----w- c:\program files\truespace6\Library\Mouldings.obl\Frame-1.cob
2002-06-25 21:56 . 2002-06-25 21:56 11309 -c----w- c:\program files\truespace6\Library\Mouldings.obl\frame-3.cob
2002-06-25 21:55 . 2002-06-25 21:55 14543 -c----w- c:\program files\truespace6\Library\Mouldings.obl\Frame-2.cob
2002-06-25 21:54 . 2002-06-25 21:54 23184 -c----w- c:\program files\truespace6\Library\objects.obl\Chair.cob
2002-06-25 21:51 . 2002-06-25 21:51 465308 -c----w- c:\program files\truespace6\Library\vehicles.obl\Air Car.cob
2002-06-25 21:49 . 2002-06-25 21:49 519200 -c----w- c:\program files\truespace6\Library\objects.obl\Microscope.cob
2002-06-25 21:45 . 2002-06-25 21:45 3777474 -c----w- c:\program files\truespace6\PDFMan\ch01_IntroductoryTutorial.PDF
2002-06-25 21:43 . 2002-06-25 21:43 2181092 -c----w- c:\program files\truespace6\PDFMan\ch03_Project&Libraries.PDF
2002-06-25 21:41 . 2002-06-25 21:41 783271 -c----w- c:\program files\truespace6\PDFMan\ch04_Layers.PDF
2002-06-25 21:41 . 2002-06-25 21:41 1993003 -c----w- c:\program files\truespace6\PDFMan\ch06_Primitives.PDF
2002-06-25 21:40 . 2002-06-25 21:40 1736297 -c----w- c:\program files\truespace6\PDFMan\ch05_2DDrawTools.PDF
2002-06-25 21:39 . 2002-06-25 21:39 3917124 -c----w- c:\program files\truespace6\PDFMan\ch02_UserInterface.PDF
2002-06-25 21:36 . 2002-06-25 21:36 1595159 -c----w- c:\program files\truespace6\PDFMan\ch07_NURBSSweepTools.PDF
2002-06-25 21:36 . 2002-06-25 21:36 2850564 -c----w- c:\program files\truespace6\PDFMan\ch08_NURBSModeling.PDF
2002-06-25 19:04 . 2002-06-25 19:04 6408 -c----w- c:\program files\truespace6\Library\Mouldings.obl\Cornice.cob
2002-06-25 17:53 . 2002-06-25 17:53 82571 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Chocolate.scn
2002-06-24 19:00 . 2002-06-24 19:00 663208 -c----w- c:\program files\truespace6\PDFMan\appendixA_FileFormats.PDF
2002-06-23 23:58 . 2002-06-23 23:58 74662 -c----w- c:\program files\truespace6\PDFMan\Intro_letter.PDF
2002-06-23 20:32 . 2002-06-23 20:32 1790833 -c----w- c:\program files\truespace6\PDFMan\ch09_PolygonSweepTools.PDF
2002-06-21 19:15 . 2002-06-21 19:15 67597 -c----w- c:\program files\truespace6\Library\objects.obl\Wire globe.cob
2002-06-20 23:25 . 2002-06-20 23:25 265568 -c----r- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Kristine_72fps.cob
2002-06-20 22:13 . 2002-06-20 22:13 882 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Kristine.fps
2002-06-20 22:13 . 2002-06-20 22:13 346171 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Kristine.wgs
2002-06-20 21:14 . 2002-06-20 21:14 267385 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Kristine.cob
2002-06-14 17:17 . 2002-06-14 17:17 80938 -c----w- c:\program files\truespace6\Tsx\Facial Animator\ExpDep.edf
2002-05-31 16:03 . 2002-05-31 16:03 73728 ------w- c:\program files\truespace6\Tsx\Facial Animator\RecogDll.dll
2002-05-30 20:34 . 2002-05-30 20:34 4889 -c----w- c:\program files\truespace6\Tsx\Facial Animator\fpinfo.fp
2002-05-30 18:03 . 2002-05-30 18:03 120054 -c----w- c:\program files\truespace6\Textures\P51skin6.bmp
2002-05-30 18:03 . 2002-05-30 18:03 120054 -c----w- c:\program files\truespace6\Textures\P51skin5.bmp
2002-05-30 18:03 . 2002-05-30 18:03 120054 -c----w- c:\program files\truespace6\Textures\P51skin4.bmp
2002-05-30 18:03 . 2002-05-30 18:03 120054 -c----w- c:\program files\truespace6\Textures\P51skin3.bmp
2002-05-30 18:02 . 2002-05-30 18:02 120054 -c----w- c:\program files\truespace6\Textures\P51skin2.bmp
2002-05-30 18:02 . 2002-05-30 18:02 120054 -c----w- c:\program files\truespace6\Textures\P51skin.bmp
2002-05-25 19:32 . 2002-05-25 19:32 87380 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Light Glow2.scn
2002-05-25 19:07 . 2002-05-25 19:07 32771 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Light Glow.scn
2002-05-17 15:50 . 2002-05-17 15:50 102865 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_low_poly.cob
2002-05-14 16:44 . 2002-05-14 16:44 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_single.bmp
2002-05-14 16:44 . 2002-05-14 16:44 221837 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_single.cob
2002-05-14 16:44 . 2002-05-14 16:44 880 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_single.fps
2002-05-14 16:41 . 2002-05-14 16:41 441319 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_single.wgs
2002-05-13 23:46 . 2002-05-13 23:46 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_low_poly.bmp
2002-05-13 23:46 . 2002-05-13 23:46 838 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_low_poly.fps
2002-05-13 23:45 . 2002-05-13 23:45 195881 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_low_poly.wgs
2002-05-06 19:55 . 2002-05-06 19:55 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Anger.bmp
2002-05-06 19:55 . 2002-05-06 19:55 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Uuu.bmp
2002-05-06 19:54 . 2002-05-06 19:54 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Bill.bmp
2002-05-06 19:54 . 2002-05-06 19:54 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Blink Left.bmp
2002-05-06 19:53 . 2002-05-06 19:53 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Blink Right.bmp
2002-05-06 19:52 . 2002-05-06 19:52 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Blink.bmp
2002-05-06 19:52 . 2002-05-06 19:52 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Brow Up Left.bmp
2002-05-06 19:51 . 2002-05-06 19:51 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Brow Up Right.bmp
2002-05-06 19:50 . 2002-05-06 19:50 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Brows Up.bmp
2002-05-06 19:49 . 2002-05-06 19:49 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Consonant.bmp
2002-05-06 19:49 . 2002-05-06 19:49 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Disgust.bmp
2002-05-06 19:48 . 2002-05-06 19:48 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Eee.bmp
2002-05-06 19:46 . 2002-05-06 19:46 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Eee2.bmp
2002-05-06 19:46 . 2002-05-06 19:46 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Fear.bmp
2002-05-06 19:45 . 2002-05-06 19:45 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Ffff.bmp
2002-05-06 19:45 . 2002-05-06 19:45 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Frown Left.bmp
2002-05-06 19:42 . 2002-05-06 19:42 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Frown Right.bmp
2002-05-06 19:38 . 2002-05-06 19:38 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Frown.bmp
2002-05-06 19:37 . 2002-05-06 19:37 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Gomez.bmp
2002-05-06 19:37 . 2002-05-06 19:37 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Iii.bmp
2002-05-06 19:36 . 2002-05-06 19:36 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Iii2.bmp
2002-05-06 19:36 . 2002-05-06 19:36 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Joy.bmp
2002-05-06 19:35 . 2002-05-06 19:35 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Neutral.bmp
2002-05-06 19:35 . 2002-05-06 19:35 12342 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\notfound.bmp
2002-05-06 19:34 . 2002-05-06 19:34 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Sad.bmp
2002-05-06 19:34 . 2002-05-06 19:34 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Ooo.bmp
2002-05-06 19:33 . 2002-05-06 19:33 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Smile Left.bmp
2002-05-06 19:33 . 2002-05-06 19:33 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Smile Right.bmp
2002-05-06 19:32 . 2002-05-06 19:32 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Smile.bmp
2002-05-06 19:31 . 2002-05-06 19:31 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Sneer Left.bmp
2002-05-06 19:31 . 2002-05-06 19:31 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Sneer Right.bmp
2002-05-06 19:30 . 2002-05-06 19:30 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Surprise.bmp
2002-05-06 19:29 . 2002-05-06 19:29 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\images\Aaa.bmp
2002-05-03 16:33 . 2002-05-03 16:33 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\baby.bmp
2002-05-03 16:32 . 2002-05-03 16:32 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George.bmp
2002-05-03 16:32 . 2002-05-03 16:32 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_72fps.bmp
2002-05-03 16:32 . 2002-05-03 16:32 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris.bmp
2002-05-03 16:32 . 2002-05-03 16:32 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_72fps.bmp
2002-05-03 16:32 . 2002-05-03 16:32 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_single.bmp
2002-05-03 16:32 . 2002-05-03 16:32 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_single_72fps.bmp
2002-05-03 16:32 . 2002-05-03 16:32 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_single_72fps.bmp
2002-05-02 23:16 . 2002-05-02 23:16 55508 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\baby.cob
2002-05-02 23:13 . 2002-05-02 23:13 815 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\baby.fps
2002-05-02 23:12 . 2002-05-02 23:12 96337 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\baby.wgs
2002-05-02 22:36 . 2002-05-02 22:36 5404328 -c----w- c:\program files\truespace6\Library\Layers.scl\layer-engine.scn
2002-04-23 23:41 . 2002-04-23 23:41 408310 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris.cob
2002-04-23 19:45 . 2002-04-23 19:45 423384 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris.wgs
2002-04-23 18:51 . 2002-04-23 18:51 880 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris.fps
2002-04-17 20:49 . 2002-04-17 20:49 185477 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_single_72fps.cob
2002-04-17 20:49 . 2002-04-17 20:49 368242 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_72fps.cob
2002-04-17 20:49 . 2002-04-17 20:49 135957 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_single_72fps.cob
2002-04-17 20:48 . 2002-04-17 20:48 473535 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_72fps.cob
2002-04-02 20:24 . 2002-04-02 20:24 480785 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George.cob
2002-04-02 20:24 . 2002-04-02 20:24 816 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George.fps
2002-04-02 20:24 . 2002-04-02 20:24 212831 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George.wgs
2002-03-27 20:45 . 2002-03-27 20:45 674009 -c----w- c:\program files\truespace6\Library\Layers.scl\layer-cabrio.scn
2002-03-27 20:25 . 2002-03-27 20:25 143819 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_single.cob
2002-03-27 20:25 . 2002-03-27 20:25 816 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_single.fps
2002-03-27 20:25 . 2002-03-27 20:25 211468 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_single.wgs
2002-02-20 21:00 . 2002-02-20 21:00 6043 -c----w- c:\program files\truespace6\Init.psp
2002-02-06 16:09 . 2002-02-06 16:09 2582752 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Wire twist.scn
2002-02-01 20:51 . 2002-02-01 20:51 270756 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\ts52.wav
2002-02-01 20:50 . 2002-02-01 20:50 140724 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\fear.wav
2002-02-01 17:10 . 2002-02-01 17:10 61206 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\welcome.wav
2002-01-31 21:14 . 2002-01-31 21:14 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Cooter.bmp
2002-01-31 21:14 . 2002-01-31 21:14 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Cooter_72fps.bmp
2002-01-31 21:13 . 2002-01-31 21:13 6966 -c----w- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Kristine.bmp
2002-01-31 21:13 . 2002-01-31 21:13 6966 -c----r- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Kristine_72fps.bmp
2002-01-30 23:06 . 2002-01-30 23:06 741937 -c----r- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Cooter_72fps.wgs
2002-01-30 22:55 . 2002-01-30 22:55 711 -c----r- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Cooter_72fps.fps
2002-01-30 22:22 . 2002-01-30 22:22 335721 -c----r- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Kristine_72fps.wgs
2002-01-30 22:19 . 2002-01-30 22:19 699 -c----r- c:\program files\truespace6\Tsx\Facial Animator\custHeads\Kristine_72fps.fps
2002-01-27 20:51 . 2002-01-27 20:51 90260 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\NowIsTheWinter.wav
2002-01-27 18:49 . 2002-01-27 18:49 39080 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\ThatsAnotherStory1.wav
2002-01-26 22:12 . 2002-01-26 22:12 37477 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\NoItsNot.wav
2002-01-25 23:12 . 2002-01-25 23:12 830114 -c----w- c:\program files\truespace6\Library\objects.obl\IK George.cob
2002-01-24 21:29 . 2002-01-24 21:29 96058 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\Mars.wav
2002-01-23 16:42 . 2002-01-23 16:42 234290 -c----w- c:\program files\truespace6\Library\objects.obl\Chris Borg.cob
2002-01-18 10:31 . 2002-01-18 10:31 35926 -c----w- c:\program files\truespace6\Tsx\Facial Animator\Textures\Bibiana_side.jpg
2002-01-18 10:31 . 2002-01-18 10:31 36574 -c----w- c:\program files\truespace6\Tsx\Facial Animator\Textures\Charlie_front.jpg
2002-01-18 10:31 . 2002-01-18 10:31 54707 -c----w- c:\program files\truespace6\Tsx\Facial Animator\Textures\Charlie_side.jpg
2002-01-18 10:31 . 2002-01-18 10:31 27103 -c----w- c:\program files\truespace6\Tsx\Facial Animator\Textures\chen_front.jpg
2002-01-18 10:31 . 2002-01-18 10:31 45711 -c----w- c:\program files\truespace6\Tsx\Facial Animator\Textures\chen_side.jpg
2002-01-18 10:31 . 2002-01-18 10:31 26052 -c----w- c:\program files\truespace6\Tsx\Facial Animator\Textures\Kristine_Front.jpg
2002-01-18 10:31 . 2002-01-18 10:31 35962 -c----w- c:\program files\truespace6\Tsx\Facial Animator\Textures\Kristine_side.jpg
2002-01-18 10:31 . 2002-01-18 10:31 28881 -c----w- c:\program files\truespace6\Tsx\Facial Animator\Textures\Remy_front.jpg
2002-01-18 10:31 . 2002-01-18 10:31 38331 -c----w- c:\program files\truespace6\Tsx\Facial Animator\Textures\Remy_Side.jpg
2002-01-18 10:31 . 2002-01-18 10:31 26240 -c----w- c:\program files\truespace6\Tsx\Facial Animator\Textures\Bibiana_front.jpg
2002-01-16 08:59 . 2002-01-16 08:59 331426 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_72fps.wgs
2002-01-16 08:48 . 2002-01-16 08:48 202785 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_single_72fps.wgs
2002-01-16 08:44 . 2002-01-16 08:44 202785 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_72fps.wgs
2002-01-16 08:39 . 2002-01-16 08:39 353933 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_single_72fps.wgs
2002-01-07 17:04 . 2002-01-07 17:04 672 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_72fps.fps
2001-12-30 07:00 . 2008-08-22 06:58 72889 ------w- c:\program files\truespace6\unins000.exe
2001-12-21 19:09 . 2001-12-21 19:09 672 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\Chris_single_72fps.fps
2001-12-21 08:22 . 2001-12-21 08:22 642 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_72fps.fps
2001-12-21 08:22 . 2001-12-21 08:22 642 -c----r- c:\program files\truespace6\Tsx\Facial Animator\heads\George_single_72fps.fps
2001-12-10 23:51 . 2001-12-10 23:51 281374 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\sssuperstar.scn
2001-12-07 21:26 . 2001-12-07 21:26 36864 ------w- c:\program files\truespace6\Tsx\Facial Animator\ms_tts.dll
2001-10-31 20:14 . 2001-10-31 20:14 582645 -c----w- c:\program files\truespace6\Library\subsurf.obl\Sword.cob
2001-10-24 20:22 . 2001-10-24 20:22 28000 -c----w- c:\program files\truespace6\Textures\Eye06.jpg
2001-09-20 22:16 . 2001-09-20 22:16 45022 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\MS-1156.streetaddr.wav
2001-09-20 22:16 . 2001-09-20 22:16 40398 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\MS-1147.zipcode.wav
2001-09-20 22:16 . 2001-09-20 22:16 35854 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\MS-1141.streetaddr.wav
2001-09-20 22:16 . 2001-09-20 22:16 35230 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\MS-1126.zipcode.wav
2001-09-20 22:16 . 2001-09-20 22:16 39454 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\MS-1112.zipcode.wav
2001-08-16 19:56 . 2001-08-16 19:56 361681 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Marbles.scn
2001-05-11 20:50 . 2001-05-11 20:50 56299 -c----w- c:\program files\truespace6\Library\subsurf.obl\tut_j.cob
2001-05-03 16:45 . 2001-05-03 16:45 18102 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\py-tut.GID
2001-03-31 07:02 . 2001-03-31 07:02 7169 -c----w- c:\program files\truespace6\Tsx\Facial Animator\lpcc.nn
2001-03-19 19:53 . 2001-03-19 19:53 85626 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\10011.wav
2001-01-16 17:30 . 2001-01-16 17:30 284208 -c----w- c:\program files\truespace6\Library\radiosity.scl\interior.scn
2001-01-16 07:00 . 2001-01-16 07:00 5494 -c----w- c:\program files\truespace6\dialog.py
2001-01-16 07:00 . 2001-01-16 07:00 1917 -c----w- c:\program files\truespace6\dlgpassw.py
2001-01-16 07:00 . 2001-01-16 07:00 3322 -c----w- c:\program files\truespace6\docview.py
2001-01-16 07:00 . 2001-01-16 07:00 898 -c----w- c:\program files\truespace6\object.py
2001-01-16 07:00 . 2001-01-16 07:00 15973 -c----w- c:\program files\truespace6\string.py
2001-01-16 07:00 . 2001-01-16 07:00 358 -c----w- c:\program files\truespace6\thread.py
2001-01-16 07:00 . 2001-01-16 07:00 101547 -c----w- c:\program files\truespace6\win32con.py
2001-01-16 07:00 . 2001-01-16 07:00 1360 -c----w- c:\program files\truespace6\window.py
2001-01-16 07:00 . 2001-01-16 07:00 162465 -c----w- c:\program files\truespace6\Library\3D_Brushes.mtl
2001-01-16 07:00 . 2001-01-16 07:00 216390 -c----w- c:\program files\truespace6\Library\3d_Bump Brushes.mtl
2001-01-16 07:00 . 2001-01-16 07:00 612460 -c----w- c:\program files\truespace6\Library\B&W.mtl
2001-01-16 07:00 . 2001-01-16 07:00 150179 -c----w- c:\program files\truespace6\Library\Gems.mtl
2001-01-16 07:00 . 2001-01-16 07:00 62632 -c----w- c:\program files\truespace6\Library\IBL.lgl
2001-01-16 07:00 . 2001-01-16 07:00 87146 -c----w- c:\program files\truespace6\Library\knisley.mtl
2001-01-16 07:00 . 2001-01-16 07:00 80520 -c----w- c:\program files\truespace6\Library\metals.mtl
2001-01-16 07:00 . 2001-01-16 07:00 73282 -c----w- c:\program files\truespace6\Library\metals2.mtl
2001-01-16 07:00 . 2001-01-16 07:00 142627 -c----w- c:\program files\truespace6\Library\Metals3.mtl
2001-01-16 07:00 . 2001-01-16 07:00 99974 -c----w- c:\program files\truespace6\Library\motown.mtl
2001-01-16 07:00 . 2001-01-16 07:00 73541 -c----w- c:\program files\truespace6\Library\organic.mtl
2001-01-16 07:00 . 2001-01-16 07:00 62516 -c----w- c:\program files\truespace6\Library\sandra's mat.mtl
2001-01-16 07:00 . 2001-01-16 07:00 87094 -c----w- c:\program files\truespace6\Library\scneffects.lgl
2001-01-16 07:00 . 2001-01-16 07:00 175775 -c----w- c:\program files\truespace6\Library\scneffects.sel
2001-01-16 07:00 . 2001-01-16 07:00 103483 -c----w- c:\program files\truespace6\Library\space.mtl
2001-01-16 07:00 . 2001-01-16 07:00 127010 -c----w- c:\program files\truespace6\Library\stones.mtl
2001-01-16 07:00 . 2001-01-16 07:00 74075 -c----w- c:\program files\truespace6\Library\tiles.mtl
2001-01-16 07:00 . 2001-01-16 07:00 80415 -c----w- c:\program files\truespace6\Library\vrml.mtl
2001-01-16 07:00 . 2001-01-16 07:00 3270 -c----w- c:\program files\truespace6\Library\addprimitives.obl\Object1.cob
2001-01-16 07:00 . 2001-01-16 07:00 2966 -c----w- c:\program files\truespace6\Library\addprimitives.obl\Object2.cob
2001-01-16 07:00 . 2001-01-16 07:00 4232 -c----w- c:\program files\truespace6\Library\addprimitives.obl\Object3.cob
2001-01-16 07:00 . 2001-01-16 07:00 3340 -c----w- c:\program files\truespace6\Library\addprimitives.obl\Object4.cob
2001-01-16 07:00 . 2001-01-16 07:00 3159 -c----w- c:\program files\truespace6\Library\addprimitives.obl\Object5.cob
2001-01-16 07:00 . 2001-01-16 07:00 2683 -c----w- c:\program files\truespace6\Library\addprimitives.obl\Object6.cob
2001-01-16 07:00 . 2001-01-16 07:00 2887 -c----w- c:\program files\truespace6\Library\addprimitives.obl\Object7.cob
2001-01-16 07:00 . 2001-01-16 07:00 5308 -c----w- c:\program files\truespace6\Library\addprimitives.obl\Object8.cob
2001-01-16 07:00 . 2001-01-16 07:00 104012 -c----w- c:\program files\truespace6\Library\characters.obl\Baby.cob
2001-01-16 07:00 . 2001-01-16 07:00 865931 -c----w- c:\program files\truespace6\Library\characters.obl\CrazyCat.cob
2001-01-16 07:00 . 2001-01-16 07:00 757265 -c----w- c:\program files\truespace6\Library\characters.obl\General.cob
2001-01-16 07:00 . 2001-01-16 07:00 369399 -c----w- c:\program files\truespace6\Library\characters.obl\Groover.cob
2001-01-16 07:00 . 2001-01-16 07:00 256842 -c----w- c:\program files\truespace6\Library\characters.obl\Marcus.cob
2001-01-16 07:00 . 2001-01-16 07:00 630235 -c----w- c:\program files\truespace6\Library\characters.obl\Vincent.cob
2001-01-16 07:00 . 2001-01-16 07:00 262185 -c----w- c:\program files\truespace6\Library\characters.obl\WrapsKid.cob
2001-01-16 07:00 . 2001-01-16 07:00 55200 -c----w- c:\program files\truespace6\Library\ik.obl\IK Bot.cob
2001-01-16 07:00 . 2001-01-16 07:00 381946 -c----w- c:\program files\truespace6\Library\ik.obl\IK Marcus.cob
2001-01-16 07:00 . 2001-01-16 07:00 429600 -c----w- c:\program files\truespace6\Library\ik.obl\IK Wooden Doll.cob
2001-01-16 07:00 . 2001-01-16 07:00 399517 -c----w- c:\program files\truespace6\Library\ik.obl\IK WrapsKid.cob
2001-01-16 07:00 . 2001-01-16 07:00 60085 -c----w- c:\program files\truespace6\Library\ik.obl\Jump Backwards.cob
2001-01-16 07:00 . 2001-01-16 07:00 61665 -c----w- c:\program files\truespace6\Library\ik.obl\Jump Forwards.cob
2001-01-16 07:00 . 2001-01-16 07:00 61099 -c----w- c:\program files\truespace6\Library\ik.obl\Running Pose.cob
2001-01-16 07:00 . 2001-01-16 07:00 61099 -c----w- c:\program files\truespace6\Library\ik.obl\RunToStand Pose.cob
2001-01-16 07:00 . 2001-01-16 07:00 22928 -c----w- c:\program files\truespace6\Library\ik.obl\Sandra's skeleton.cob
2001-01-16 07:00 . 2001-01-16 07:00 218314 -c----w- c:\program files\truespace6\Library\ik.obl\Walking Pose.cob
2001-01-16 07:00 . 2001-01-16 07:00 217956 -c----w- c:\program files\truespace6\Library\ik.obl\Walking Pose2.cob
2001-01-16 07:00 . 2001-01-16 07:00 51551 -c----w- c:\program files\truespace6\Library\ik.obl\WalkToStand Pose.cob
2001-01-16 07:00 . 2001-01-16 07:00 8257 -c----w- c:\program files\truespace6\Library\more objects.obl\Book.cob
2001-01-16 07:00 . 2001-01-16 07:00 631531 -c----w- c:\program files\truespace6\Library\more objects.obl\Camera.cob
2001-01-16 07:00 . 2001-01-16 07:00 164556 -c----w- c:\program files\truespace6\Library\more objects.obl\Canon.cob
2001-01-16 07:00 . 2001-01-16 07:00 113158 -c----w- c:\program files\truespace6\Library\more objects.obl\Catapult.cob
2001-01-16 07:00 . 2001-01-16 07:00 44177 -c----w- c:\program files\truespace6\Library\more objects.obl\Chair 2.cob
2001-01-16 07:00 . 2001-01-16 07:00 157427 -c----w- c:\program files\truespace6\Library\more objects.obl\Coat Rack.cob
2001-01-16 07:00 . 2001-01-16 07:00 300802 -c----w- c:\program files\truespace6\Library\more objects.obl\Cofee.cob
2001-01-16 07:00 . 2001-01-16 07:00 8018 -c----w- c:\program files\truespace6\Library\more objects.obl\Diamond.cob
2001-01-16 07:00 . 2001-01-16 07:00 129692 -c----w- c:\program files\truespace6\Library\more objects.obl\Egg Beater.cob
2001-01-16 07:00 . 2001-01-16 07:00 111677 -c----w- c:\program files\truespace6\Library\more objects.obl\IK Hand.cob
2001-01-16 07:00 . 2001-01-16 07:00 124935 -c----w- c:\program files\truespace6\Library\more objects.obl\Kiosk.cob
2001-01-16 07:00 . 2001-01-16 07:00 669693 -c----w- c:\program files\truespace6\Library\more objects.obl\Kitchener.cob
2001-01-16 07:00 . 2001-01-16 07:00 46181 -c----w- c:\program files\truespace6\Library\more objects.obl\Magic Hat.cob
2001-01-16 07:00 . 2001-01-16 07:00 6641 -c----w- c:\program files\truespace6\Library\more objects.obl\Magic Wand.cob
2001-01-16 07:00 . 2001-01-16 07:00 104625 -c----w- c:\program files\truespace6\Library\more objects.obl\Old clock.cob
2001-01-16 07:00 . 2001-01-16 07:00 163484 -c----w- c:\program files\truespace6\Library\more objects.obl\PC.cob
2001-01-16 07:00 . 2001-01-16 07:00 38991 -c----w- c:\program files\truespace6\Library\more objects.obl\Phone.cob
2001-01-16 07:00 . 2001-01-16 07:00 49042 -c----w- c:\program files\truespace6\Library\more objects.obl\Piano.cob
2001-01-16 07:00 . 2001-01-16 07:00 101389 -c----w- c:\program files\truespace6\Library\more objects.obl\Rifle.cob
2001-01-16 07:00 . 2001-01-16 07:00 118593 -c----w- c:\program files\truespace6\Library\more objects.obl\Shower Bath.cob
2001-01-16 07:00 . 2001-01-16 07:00 59365 -c----w- c:\program files\truespace6\Library\more objects.obl\Sink.cob
2001-01-16 07:00 . 2001-01-16 07:00 429378 -c----w- c:\program files\truespace6\Library\more objects.obl\Tree.cob
2001-01-16 07:00 . 2001-01-16 07:00 609532 -c----w- c:\program files\truespace6\Library\more objects.obl\Trumpet.cob
2001-01-16 07:00 . 2001-01-16 07:00 245903 -c----w- c:\program files\truespace6\Library\more objects.obl\Tub.cob
2001-01-16 07:00 . 2001-01-16 07:00 25703 -c----w- c:\program files\truespace6\Library\objects.obl\Head.cob
2001-01-16 07:00 . 2001-01-16 07:00 666744 -c----w- c:\program files\truespace6\Library\objects.obl\IK Alien.cob
2001-01-16 07:00 . 2001-01-16 07:00 71992 -c----w- c:\program files\truespace6\Library\objects.obl\IK Mech.cob
2001-01-16 07:00 . 2001-01-16 07:00 144841 -c----w- c:\program files\truespace6\Library\objects.obl\lcycle.cob
2001-01-16 07:00 . 2001-01-16 07:00 327004 -c----w- c:\program files\truespace6\Library\objects.obl\p911.cob
2001-01-16 07:00 . 2001-01-16 07:00 300793 -c----w- c:\program files\truespace6\Library\objects.obl\RetroBoy.cob
2001-01-16 07:00 . 2001-01-16 07:00 156924 -c----w- c:\program files\truespace6\Library\objects.obl\tricycle.cob
2001-01-16 07:00 . 2001-01-16 07:00 512890 -c----w- c:\program files\truespace6\Library\objects.obl\Wert.cob
2001-01-16 07:00 . 2001-01-16 07:00 7891 -c----w- c:\program files\truespace6\Library\python.scl\Cubetut1.scn
2001-01-16 07:00 . 2001-01-16 07:00 7920 -c----w- c:\program files\truespace6\Library\python.scl\Cubetut2.scn
2001-01-16 07:00 . 2001-01-16 07:00 7966 -c----w- c:\program files\truespace6\Library\python.scl\Cubetut3.scn
2001-01-16 07:00 . 2001-01-16 07:00 8016 -c----w- c:\program files\truespace6\Library\python.scl\Cubetut4.scn
2001-01-16 07:00 . 2001-01-16 07:00 8110 -c----w- c:\program files\truespace6\Library\python.scl\Cubetut5.scn
2001-01-16 07:00 . 2001-01-16 07:00 8217 -c----w- c:\program files\truespace6\Library\python.scl\Cubetut6.scn
2001-01-16 07:00 . 2001-01-16 07:00 48603 -c----w- c:\program files\truespace6\Library\python.scl\Eyeblink.scn
2001-01-16 07:00 . 2001-01-16 07:00 252725 -c----w- c:\program files\truespace6\Library\radiosity.scl\radiosityroom.scn
2001-01-16 07:00 . 2001-01-16 07:00 6298 -c----w- c:\program files\truespace6\Library\radiosity.scl\radiositytest.scn
2001-01-16 07:00 . 2001-01-16 07:00 115774 -c----w- c:\program files\truespace6\Library\scifi.obl\Battleaxe.cob
2001-01-16 07:00 . 2001-01-16 07:00 941540 -c----w- c:\program files\truespace6\Library\scifi.obl\Blaster.cob
2001-01-16 07:00 . 2001-01-16 07:00 374571 -c----w- c:\program files\truespace6\Library\scifi.obl\Engine Pod.cob
2001-01-16 07:00 . 2001-01-16 07:00 180183 -c----w- c:\program files\truespace6\Library\scifi.obl\Germ.cob
2001-01-16 07:00 . 2001-01-16 07:00 247097 -c----w- c:\program files\truespace6\Library\scifi.obl\Goggles.cob
2001-01-16 07:00 . 2001-01-16 07:00 1034698 -c----w- c:\program files\truespace6\Library\scifi.obl\Gunbot.cob
2001-01-16 07:00 . 2001-01-16 07:00 154429 -c----w- c:\program files\truespace6\Library\scifi.obl\Masque.cob
2001-01-16 07:00 . 2001-01-16 07:00 145713 -c----w- c:\program files\truespace6\Library\scifi.obl\Nameplate.cob
2001-01-16 07:00 . 2001-01-16 07:00 114370 -c----w- c:\program files\truespace6\Library\scifi.obl\Rocket.cob
2001-01-16 07:00 . 2001-01-16 07:00 28170 -c----w- c:\program files\truespace6\Library\scneffects.scl\physiclights.scn
2001-01-16 07:00 . 2001-01-16 07:00 23259 -c----w- c:\program files\truespace6\Library\scneffects.scl\scneffects_empty.scn
2001-01-16 07:00 . 2001-01-16 07:00 23986 -c----w- c:\program files\truespace6\Library\subsurf.obl\Arm.cob
2001-01-16 07:00 . 2001-01-16 07:00 26811 -c----w- c:\program files\truespace6\Library\subsurf.obl\Cyborg.cob
2001-01-16 07:00 . 2001-01-16 07:00 129033 -c----w- c:\program files\truespace6\Library\subsurf.obl\Fighter2 Animated.cob
2001-01-16 07:00 . 2001-01-16 07:00 5067 -c----w- c:\program files\truespace6\Library\subsurf.obl\Glass.cob
2001-01-16 07:00 . 2001-01-16 07:00 8903 -c----w- c:\program files\truespace6\Library\subsurf.obl\Hand.cob
2001-01-16 07:00 . 2001-01-16 07:00 100172 -c----w- c:\program files\truespace6\Library\subsurf.obl\RunningMan Animated.cob
2001-01-16 07:00 . 2001-01-16 07:00 7122 -c----w- c:\program files\truespace6\Library\subsurf.obl\Skittle.cob
2001-01-16 07:00 . 2001-01-16 07:00 10557 -c----w- c:\program files\truespace6\Library\subsurf.obl\Skull.cob
2001-01-16 07:00 . 2001-01-16 07:00 7222 -c----w- c:\program files\truespace6\Library\subsurf.obl\Spoon.cob
2001-01-16 07:00 . 2001-01-16 07:00 11330 -c----w- c:\program files\truespace6\Library\subsurf.obl\Vase.cob
2001-01-16 07:00 . 2001-01-16 07:00 182119 -c----w- c:\program files\truespace6\Library\vehicles.obl\cabrio.cob
2001-01-16 07:00 . 2001-01-16 07:00 333754 -c----w- c:\program files\truespace6\Library\vehicles.obl\cabrio2.cob
2001-01-16 07:00 . 2001-01-16 07:00 440310 -c----w- c:\program files\truespace6\Library\vehicles.obl\pmu2h.cob
2001-01-16 07:00 . 2001-01-16 07:00 509803 -c----w- c:\program files\truespace6\Library\vehicles.obl\vw golf.cob
2001-01-16 07:00 . 2001-01-16 07:00 5336 -c----w- c:\program files\truespace6\PDFMan\images\cube_trans_small.gif
2001-01-16 07:00 . 2001-01-16 07:00 2806 -c----w- c:\program files\truespace6\Procsets\Set001
2001-01-16 07:00 . 2001-01-16 07:00 478 -c----w- c:\program files\truespace6\Procsets\Set002
2001-01-16 07:00 . 2001-01-16 07:00 5602 -c----w- c:\program files\truespace6\Procsets\Set006
2001-01-16 07:00 . 2001-01-16 07:00 10044 -c----w- c:\program files\truespace6\Procsets\Set007
2001-01-16 07:00 . 2001-01-16 07:00 5788 -c----w- c:\program files\truespace6\Procsets\Set008
2001-01-16 07:00 . 2001-01-16 07:00 637 -c----w- c:\program files\truespace6\Procsets\Set009
2001-01-16 07:00 . 2001-01-16 07:00 1062 -c----w- c:\program files\truespace6\Procsets\Set010
2001-01-16 07:00 . 2001-01-16 07:00 734 -c----w- c:\program files\truespace6\Procsets\Set011
2001-01-16 07:00 . 2001-01-16 07:00 834 -c----w- c:\program files\truespace6\Procsets\Set012
2001-01-16 07:00 . 2001-01-16 07:00 6503 -c----w- c:\program files\truespace6\Procsets\Set013
2001-01-16 07:00 . 2001-01-16 07:00 12239 -c----w- c:\program files\truespace6\Procsets\Set014
2001-01-16 07:00 . 2001-01-16 07:00 7055 -c----w- c:\program files\truespace6\Procsets\Set015
2001-01-16 07:00 . 2001-01-16 07:00 4617 -c----w- c:\program files\truespace6\Procsets\Set016
2001-01-16 07:00 . 2001-01-16 07:00 3428 -c----w- c:\program files\truespace6\Procsets\Set017
2001-01-16 07:00 . 2001-01-16 07:00 13622 -c----w- c:\program files\truespace6\Procsets\Set018
2001-01-16 07:00 . 2001-01-16 07:00 26475 -c----w- c:\program files\truespace6\Procsets\Set020
2001-01-16 07:00 . 2001-01-16 07:00 13805 -c----w- c:\program files\truespace6\Procsets\Set021
2001-01-16 07:00 . 2001-01-16 07:00 11569 -c----w- c:\program files\truespace6\Procsets\Set022
2001-01-16 07:00 . 2001-01-16 07:00 476 -c----w- c:\program files\truespace6\Procsets\Set023
2001-01-16 07:00 . 2001-01-16 07:00 807 -c----w- c:\program files\truespace6\Procsets\Set024
2001-01-16 07:00 . 2001-01-16 07:00 1743 -c----w- c:\program files\truespace6\Procsets\Set025
2001-01-16 07:00 . 2001-01-16 07:00 9886 -c----w- c:\program files\truespace6\Procsets\Set027
2001-01-16 07:00 . 2001-01-16 07:00 8820 -c----w- c:\program files\truespace6\Procsets\Set028
2001-01-16 07:00 . 2001-01-16 07:00 1712 -c----w- c:\program files\truespace6\Procsets\Set029
2001-01-16 07:00 . 2001-01-16 07:00 7489 -c----w- c:\program files\truespace6\Procsets\Set030
2001-01-16 07:00 . 2001-01-16 07:00 7152 -c----w- c:\program files\truespace6\Procsets\Set031
2001-01-16 07:00 . 2001-01-16 07:00 15648 -c----w- c:\program files\truespace6\Procsets\Set032
2001-01-16 07:00 . 2001-01-16 07:00 2420 -c----w- c:\program files\truespace6\Procsets\Set033
2001-01-16 07:00 . 2001-01-16 07:00 13663 -c----w- c:\program files\truespace6\Procsets\Set034
2001-01-16 07:00 . 2001-01-16 07:00 23934 -c----w- c:\program files\truespace6\Procsets\Set035
2001-01-16 07:00 . 2001-01-16 07:00 2926 -c----w- c:\program files\truespace6\Procsets\Set036
2001-01-16 07:00 . 2001-01-16 07:00 59079 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\3Dpaint mat.mtl
2001-01-16 07:00 . 2001-01-16 07:00 10205 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\lights.lgl
2001-01-16 07:00 . 2001-01-16 07:00 90632 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\materials.mtl
2001-01-16 07:00 . 2001-01-16 07:00 32531 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\objects.obl\3D paint1.cob
2001-01-16 07:00 . 2001-01-16 07:00 78015 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\objects.obl\3D paint2.cob
2001-01-16 07:00 . 2001-01-16 07:00 33814 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\objects.obl\BIGBOO.COB
2001-01-16 07:00 . 2001-01-16 07:00 12224 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\objects.obl\Ivr1t1.cob
2001-01-16 07:00 . 2001-01-16 07:00 62 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\objects.obl\objects.obl
2001-01-16 07:00 . 2001-01-16 07:00 342287 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Cheeseboard1.scn
2001-01-16 07:00 . 2001-01-16 07:00 421024 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Cheeseboard6.scn
2001-01-16 07:00 . 2001-01-16 07:00 20620 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Gate.scn
2001-01-16 07:00 . 2001-01-16 07:00 13123 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Hair.scn
2001-01-16 07:00 . 2001-01-16 07:00 197905 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\humbug1.scn
2001-01-16 07:00 . 2001-01-16 07:00 243450 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\humbug2.scn
2001-01-16 07:00 . 2001-01-16 07:00 407567 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\pots1.scn
2001-01-16 07:00 . 2001-01-16 07:00 407664 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\pots4.scn
2001-01-16 07:00 . 2001-01-16 07:00 63262 -c----w- c:\program files\truespace6\Projects\Tutorials\Library\scenes.scl\Procanim2.scn
2001-01-16 07:00 . 2001-01-16 07:00 962022 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\appleskin.tga
2001-01-16 07:00 . 2001-01-16 07:00 962022 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\applskin.tga
2001-01-16 07:00 . 2001-01-16 07:00 786476 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\dust.tga
2001-01-16 07:00 . 2001-01-16 07:00 954280 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\glaze.tga
2001-01-16 07:00 . 2001-01-16 07:00 932818 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\glazebump.tga
2001-01-16 07:00 . 2001-01-16 07:00 161502 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\glazemask.tga
2001-01-16 07:00 . 2001-01-16 07:00 1440018 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\label.tga
2001-01-16 07:00 . 2001-01-16 07:00 429526 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\lid1.tga
2001-01-16 07:00 . 2001-01-16 07:00 393260 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\rust.tga
2001-01-16 07:00 . 2001-01-16 07:00 681800 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\tin1.tga
2001-01-16 07:00 . 2001-01-16 07:00 10437 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_0_DC.tga
2001-01-16 07:00 . 2001-01-16 07:00 10437 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_0_DR.tga
2001-01-16 07:00 . 2001-01-16 07:00 118295 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_0_MC.tga
2001-01-16 07:00 . 2001-01-16 07:00 118295 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_0_MR.tga
2001-01-16 07:00 . 2001-01-16 07:00 15249 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_1_DC.tga
2001-01-16 07:00 . 2001-01-16 07:00 15249 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_1_DR.tga
2001-01-16 07:00 . 2001-01-16 07:00 70362 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_1_MC.tga
2001-01-16 07:00 . 2001-01-16 07:00 70362 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_1_MR.tga
2001-01-16 07:00 . 2001-01-16 07:00 19637 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_2_DC.tga
2001-01-16 07:00 . 2001-01-16 07:00 19637 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_2_DR.tga
2001-01-16 07:00 . 2001-01-16 07:00 62779 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_2_MC.tga
2001-01-16 07:00 . 2001-01-16 07:00 62779 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_2_MR.tga
2001-01-16 07:00 . 2001-01-16 07:00 11823 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_3_DC.tga
2001-01-16 07:00 . 2001-01-16 07:00 11823 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_3_DR.tga
2001-01-16 07:00 . 2001-01-16 07:00 33155 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_3_MC.tga
2001-01-16 07:00 . 2001-01-16 07:00 33155 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_3_MR.tga
2001-01-16 07:00 . 2001-01-16 07:00 4029 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_4_DC.tga
2001-01-16 07:00 . 2001-01-16 07:00 4029 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_4_DR.tga
2001-01-16 07:00 . 2001-01-16 07:00 5233 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_4_MC.tga
2001-01-16 07:00 . 2001-01-16 07:00 5233 -c----w- c:\program files\truespace6\Projects\Tutorials\Textures\sweettin2tex\noname_1974988674_4_MR.tga
2001-01-16 07:00 . 2001-01-16 07:00 1583 -c----w- c:\program files\truespace6\Scripts\autosave.py
2001-01-16 07:00 . 2001-01-16 07:00 791 -c----w- c:\program files\truespace6\Scripts\constupdate.py
2001-01-16 07:00 . 2001-01-16 07:00 2285 -c----w- c:\program files\truespace6\Scripts\dlgtest.py
2001-01-16 07:00 . 2001-01-16 07:00 643 -c----w- c:\program files\truespace6\Scripts\groundlock.py
2001-01-16 07:00 . 2001-01-16 07:00 3308 -c----w- c:\program files\truespace6\Scripts\primcrea.py
2001-01-16 07:00 . 2001-01-16 07:00 2539 -c----w- c:\program files\truespace6\Scripts\WFMMREADME.TXT
2001-01-16 07:00 . 2001-01-16 07:00 22472 -c----w- c:\program files\truespace6\SupportFiles\IES Files\KEY.txt
2001-01-16 07:00 . 2001-01-16 07:00 1026560 -c----w- c:\program files\truespace6\SupportFiles\IES Files\KEY.XLS
2001-01-16 07:00 . 2001-01-16 07:00 2694 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2518T1EF.IES
2001-01-16 07:00 . 2001-01-16 07:00 2706 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2518T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2719 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2518T1EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4156 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2518T1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4202 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2518T1PX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2830 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2518T2EF.IES
2001-01-16 07:00 . 2001-01-16 07:00 2848 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2518T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2902 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2518T2EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4690 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2518T2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4771 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2518T2PX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2955 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2946 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2966 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T1PU.IES
2001-01-16 07:00 . 2001-01-16 07:00 2950 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T1SD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2940 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T1SN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2965 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T1SU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3028 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T1WD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2995 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T1WN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2983 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T1WU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3071 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2971 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3044 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T2PU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3061 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T2SD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2969 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T2SN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3042 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T2SU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3138 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T2WD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3046 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T2WN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3097 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T2WU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3107 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T3PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3184 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T3PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3127 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T3PU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3077 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T3SD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3175 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T3SN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3121 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T3SU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3163 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T3WD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3239 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T3WN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3185 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Apex 55\2526T3WU.IES
2001-01-16 07:00 . 2001-01-16 07:00 2048 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Classroom Lighter\8466T2WN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2228 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Classroom Lighter\8466T3WN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1820 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8313F1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1873 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8313F2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1770 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8313H1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2143 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8313H2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1769 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8313T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1891 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8313T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2900 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8315F1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2976 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8315F2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2829 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8315H1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3022 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8315H2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2875 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8315T1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3031 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8315T2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2970 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316F1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2982 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316F1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2979 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316F1PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3092 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316F2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3028 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316F2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3023 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316F2PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3025 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316H1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2961 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316H1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2923 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316H1PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3019 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316H2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3141 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316H2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3087 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316H2PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 2929 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316T1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2937 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316T1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2851 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316T1PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3015 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316T2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2991 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316T2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2963 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Crescendo\8316T2PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 1749 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Ergolight\ErgoT1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2960 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Ergolight\ErgoT2CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3746 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Ergolight\ErgoT3CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2694 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2218T1EF.IES
2001-01-16 07:00 . 2001-01-16 07:00 2706 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2218T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2719 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2218T1EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4156 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2218T1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4202 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2218T1PX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2830 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2218T2EF.IES
2001-01-16 07:00 . 2001-01-16 07:00 2848 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2218T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2902 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2218T2EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4690 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2218T2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4771 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2218T2PX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2955 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2946 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2966 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T1PU.IES
2001-01-16 07:00 . 2001-01-16 07:00 2950 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T1SD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2940 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T1SN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2965 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T1SU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3028 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T1WD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2995 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T1WN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2983 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T1WU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3071 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2971 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3044 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T2PU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3061 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T2SD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2969 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T2SN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3042 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T2SU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3138 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T2WD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3046 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T2WN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3097 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T2WU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3107 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T3PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3184 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T3PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3127 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T3PU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3076 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T3SD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3175 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T3SN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3121 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T3SU.IES
2001-01-16 07:00 . 2001-01-16 07:00 3173 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T3WD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3239 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T3WN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3185 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Euro 55\2226T3WU.IES
2001-01-16 07:00 . 2001-01-16 07:00 1773 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2603T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1851 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2603T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1931 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2603T3EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2693 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2608T1EF.IES
2001-01-16 07:00 . 2001-01-16 07:00 2705 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2608T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2718 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2608T1EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2829 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2608T2EF.IES
2001-01-16 07:00 . 2001-01-16 07:00 2847 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2608T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2901 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2608T2EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 1767 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2663H1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2140 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2663H2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2712 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Flexxa\2668H1EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2722 -c----w- c:\program files\truespace6\SupportFiles\IES Files\InCove\2808F1EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2717 -c----w- c:\program files\truespace6\SupportFiles\IES Files\InCove\2808H1EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2694 -c----w- c:\program files\truespace6\SupportFiles\IES Files\InCove\2818T1EF.IES
2001-01-16 07:00 . 2001-01-16 07:00 2718 -c----w- c:\program files\truespace6\SupportFiles\IES Files\InCove\2818T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2701 -c----w- c:\program files\truespace6\SupportFiles\IES Files\InCove\2818T1EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2830 -c----w- c:\program files\truespace6\SupportFiles\IES Files\InCove\2818T2EF.IES
2001-01-16 07:00 . 2001-01-16 07:00 2860 -c----w- c:\program files\truespace6\SupportFiles\IES Files\InCove\2818T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2884 -c----w- c:\program files\truespace6\SupportFiles\IES Files\InCove\2818T2EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 1817 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8213F1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1870 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8213F2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1770 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8213H1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2143 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8213H2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1766 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8213T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1888 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8213T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2764 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8215F1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2973 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8215F2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2643 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8215H1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3019 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8215H2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2872 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8215T1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3028 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8215T2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2967 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216F1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2979 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216F1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2976 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216F1PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3089 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216F2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3025 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216F2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3020 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216F2PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3025 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216H1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2961 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216H1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2920 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216H1PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3019 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216H2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3141 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216H2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3084 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216H2PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 2926 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216T1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2934 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216T1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2848 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216T1PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3012 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216T2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2988 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216T2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2960 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8216T2PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 2677 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2676 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F1EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4413 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4411 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F1LX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4216 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3699 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F1PX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2754 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2771 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F2EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4758 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4814 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F2LX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4737 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4772 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218F2PX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2804 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2817 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H1EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4581 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4678 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H1LX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4479 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3950 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H1PX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2913 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2973 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H2EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 5092 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 5088 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H2LX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4972 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 5015 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218H2PX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2678 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2690 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T1EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4405 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4387 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T1LX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4262 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4219 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T1PX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2823 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2889 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T2EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4731 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4852 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T2LX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4728 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4819 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Minuet\8218T2PX.IES
2001-01-16 07:00 . 2001-01-16 07:00 3002 -c----w- c:\program files\truespace6\SupportFiles\IES Files\PERFform\2706T2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3147 -c----w- c:\program files\truespace6\SupportFiles\IES Files\PERFform\2706T3LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4358 -c----w- c:\program files\truespace6\SupportFiles\IES Files\PERFform\2708T1LF.IES
2001-01-16 07:00 . 2001-01-16 07:00 4313 -c----w- c:\program files\truespace6\SupportFiles\IES Files\PERFform\2708T1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4286 -c----w- c:\program files\truespace6\SupportFiles\IES Files\PERFform\2708T1LX.IES
2001-01-16 07:00 . 2001-01-16 07:00 4480 -c----w- c:\program files\truespace6\SupportFiles\IES Files\PERFform\2708T2LF.IES
2001-01-16 07:00 . 2001-01-16 07:00 4510 -c----w- c:\program files\truespace6\SupportFiles\IES Files\PERFform\2708T2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 4556 -c----w- c:\program files\truespace6\SupportFiles\IES Files\PERFform\2708T2LX.IES
2001-01-16 07:00 . 2001-01-16 07:00 1687 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871110KE.ies
2001-01-16 07:00 . 2001-01-16 07:00 1623 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871110PE.ies
2001-01-16 07:00 . 2001-01-16 07:00 1788 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871120KE.ies
2001-01-16 07:00 . 2001-01-16 07:00 1720 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871120PE.ies
2001-01-16 07:00 . 2001-01-16 07:00 1813 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871130KE.ies
2001-01-16 07:00 . 2001-01-16 07:00 1742 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871130PE.ies
2001-01-16 07:00 . 2001-01-16 07:00 1742 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871301EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1851 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871302EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1879 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871303EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3080 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871511KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3016 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871511PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3204 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871512KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3140 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871512PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3234 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871513KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3170 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871513PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3190 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871521KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3115 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871521PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3316 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871522KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3241 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871522PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3344 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871523KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3269 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871523PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3223 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871531KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3137 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871531PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3347 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871532KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3261 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871532PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3375 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871533KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3289 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Rls\871533PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1730 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8503T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1848 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8503T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1886 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8503T3EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3051 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8505T2HN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3013 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8505T2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3016 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8505T2TN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3134 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8505T3HN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3098 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8505T3LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2967 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8506T2CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1802 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8563H1EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 1937 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8563H2EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 1775 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8563T1EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 1885 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8563T2EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2742 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8565H1LN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2992 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8565H2LN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2642 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8565T1LN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2933 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Soleo\8565T2LN.ies
2001-01-16 07:00 . 2001-01-16 07:00 1817 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8013F1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1870 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8013F2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1770 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8013H1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2143 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8013H2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1766 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8013T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1888 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8013T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2764 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8015F1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2973 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8015F2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2643 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8015H1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3019 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8015H2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2872 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8015T1LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3028 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8015T2LN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2967 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016F1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2979 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016F1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2976 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016F1PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3089 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016F2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3025 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016F2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3020 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016F2PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3025 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016H1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2961 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016H1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2920 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016H1PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3019 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016H2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 3141 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016H2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3084 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016H2PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 2926 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016T1PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2934 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016T1PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2848 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016T1PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 3012 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016T2PD.IES
2001-01-16 07:00 . 2001-01-16 07:00 2988 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016T2PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2960 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Sonata\8016T2PU.ies
2001-01-16 07:00 . 2001-01-16 07:00 1705 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866110AE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1702 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866110CE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1793 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866120AE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1787 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866120CE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1819 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866130AE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1816 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866130CE.IES
2001-01-16 07:00 . 2001-01-16 07:00 2140 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866301EA.IES
2001-01-16 07:00 . 2001-01-16 07:00 1745 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866301EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2180 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866302EA.IES
2001-01-16 07:00 . 2001-01-16 07:00 1845 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866302EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2204 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866303EA.IES
2001-01-16 07:00 . 2001-01-16 07:00 1868 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866303EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3091 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866511AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3096 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866511AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3087 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866511CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3093 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866511CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3191 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866512AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3209 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866512AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3189 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866512CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3207 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866512CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3185 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866521AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3190 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866521AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3180 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866521CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3185 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866521CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3286 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866522AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3305 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866522AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3282 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866522CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3300 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\866522CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1700 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869110AE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1695 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869110CE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1690 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869110KE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1626 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869110PE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1793 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869120AE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1788 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869120CE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1791 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869120KE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1723 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869120PE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1829 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869130AE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1820 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869130CE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1816 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869130KE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1745 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869130PE.IES
2001-01-16 07:00 . 2001-01-16 07:00 1748 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869301EA.IES
2001-01-16 07:00 . 2001-01-16 07:00 1747 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869301EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1843 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869302EA.IES
2001-01-16 07:00 . 2001-01-16 07:00 1853 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869302EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1870 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869303EA.IES
2001-01-16 07:00 . 2001-01-16 07:00 1882 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869303EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3095 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869511AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3092 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869511AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3085 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869511CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3088 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869511CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3083 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869511KA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3082 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869511KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3019 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869511PA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3018 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869511PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3197 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869512AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3212 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869512AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3193 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869512CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3208 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869512CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3190 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869512KA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3203 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869512KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3126 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869512PA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3139 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869512PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3229 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869513AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3241 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869513AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3224 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869513CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3236 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869513CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3222 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869513KA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3234 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869513KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3158 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869513PA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3170 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869513PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3191 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869521AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3189 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869521AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3186 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869521CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3187 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869521CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3193 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869521KA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3192 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869521KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3118 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869521PA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3117 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869521PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3295 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869522AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3310 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869522AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3294 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869522CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3309 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869522CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3303 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869522KA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3315 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869522KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3227 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869522PA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3240 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869522PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3325 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869523AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3339 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869523AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3323 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869523CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3336 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869523CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3332 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869523KA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3344 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869523KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3257 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869523PA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3269 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869523PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3238 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869531AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3238 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869531AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3228 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869531CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3229 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869531CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3226 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869531KA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3225 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869531KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3140 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869531PA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3139 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869531PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3340 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869532AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3358 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869532AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3334 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869532CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3350 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869532CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3334 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869532KA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3346 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869532KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3247 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869532PA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3260 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869532PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3370 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869533AA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3384 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869533AN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3363 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869533CA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3377 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869533CN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3363 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869533KA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3375 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869533KN.IES
2001-01-16 07:00 . 2001-01-16 07:00 3277 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869533PA.IES
2001-01-16 07:00 . 2001-01-16 07:00 3289 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Tls\869533PN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1776 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Vector ll\2903T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1854 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Vector ll\2903T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 1934 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Vector ll\2903T3EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2696 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Vector ll\2908T1EF.IES
2001-01-16 07:00 . 2001-01-16 07:00 2708 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Vector ll\2908T1EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2721 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Vector ll\2908T1EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 2832 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Vector ll\2908T2EF.IES
2001-01-16 07:00 . 2001-01-16 07:00 2850 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Vector ll\2908T2EN.IES
2001-01-16 07:00 . 2001-01-16 07:00 2904 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Vector ll\2908T2EX.IES
2001-01-16 07:00 . 2001-01-16 07:00 1802 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Venza\9263H1EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 1937 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Venza\9263H2EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 1775 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Venza\9263T1EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 1885 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Venza\9263T2EN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2742 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Venza\9265H1LN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2992 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Venza\9265H2LN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2690 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Venza\9265T1LN.ies
2001-01-16 07:00 . 2001-01-16 07:00 2933 -c----w- c:\program files\truespace6\SupportFiles\IES Files\Venza\9265T2LN.ies
2001-01-16 07:00 . 2001-01-16 07:00 3705 -c----w- c:\program files\truespace6\Textures\037005560.jpg
2001-01-16 07:00 . 2001-01-16 07:00 16558 ------w- c:\program files\truespace6\Textures\1.TGA
2001-01-16 07:00 . 2001-01-16 07:00 16558 ------w- c:\program files\truespace6\Textures\12.TGA
2001-01-16 07:00 . 2001-01-16 07:00 16558 -c----w- c:\program files\truespace6\Textures\13.TGA
2001-01-16 07:00 . 2001-01-16 07:00 16558 -c----w- c:\program files\truespace6\Textures\21.TGA
2001-01-16 07:00 . 2001-01-16 07:00 5211 -c----w- c:\program files\truespace6\Textures\3Dbonehand.tga
2001-01-16 07:00 . 2001-01-16 07:00 8073 -c----w- c:\program files\truespace6\Textures\3Dcandy.tga
2001-01-16 07:00 . 2001-01-16 07:00 41760 -c----w- c:\program files\truespace6\Textures\3Dcrater1_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 14449 -c----w- c:\program files\truespace6\Textures\3Dcrater_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 21887 -c----w- c:\program files\truespace6\Textures\3Dcross2_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 23142 -c----w- c:\program files\truespace6\Textures\3Dcross3_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 11223 -c----w- c:\program files\truespace6\Textures\3Dcross_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 20755 -c----w- c:\program files\truespace6\Textures\3Ddiamond_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 13443 -c----w- c:\program files\truespace6\Textures\3Ddrops2_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 21751 -c----w- c:\program files\truespace6\Textures\3Ddrops3_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 10938 -c----w- c:\program files\truespace6\Textures\3Ddrops_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 4113 -c----w- c:\program files\truespace6\Textures\3Dexclam_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 7854 -c----w- c:\program files\truespace6\Textures\3Dfish.tga
2001-01-16 07:00 . 2001-01-16 07:00 6890 -c----w- c:\program files\truespace6\Textures\3Dfish2.tga
2001-01-16 07:00 . 2001-01-16 07:00 6888 -c----w- c:\program files\truespace6\Textures\3Dflower.tga
2001-01-16 07:00 . 2001-01-16 07:00 4150 -c----w- c:\program files\truespace6\Textures\3Dfoot.tga
2001-01-16 07:00 . 2001-01-16 07:00 3913 -c----w- c:\program files\truespace6\Textures\3Dhand.tga
2001-01-16 07:00 . 2001-01-16 07:00 10021 -c----w- c:\program files\truespace6\Textures\3Dpinecone.tga
2001-01-16 07:00 . 2001-01-16 07:00 10776 -c----w- c:\program files\truespace6\Textures\3Dpopcorn.tga
2001-01-16 07:00 . 2001-01-16 07:00 11788 -c----w- c:\program files\truespace6\Textures\3Dpumpkin.tga
2001-01-16 07:00 . 2001-01-16 07:00 12945 -c----w- c:\program files\truespace6\Textures\3Dpumpkin2.tga
2001-01-16 07:00 . 2001-01-16 07:00 6049 -c----w- c:\program files\truespace6\Textures\3Dpyramide_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 5540 -c----w- c:\program files\truespace6\Textures\3Dquest_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 8635 -c----w- c:\program files\truespace6\Textures\3Drect2_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 27393 -c----w- c:\program files\truespace6\Textures\3Drect3_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 33694 -c----w- c:\program files\truespace6\Textures\3Drect4_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 19079 -c----w- c:\program files\truespace6\Textures\3Drect5_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 18505 -c----w- c:\program files\truespace6\Textures\3Drect6_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 17581 -c----w- c:\program files\truespace6\Textures\3Drect7_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 5139 -c----w- c:\program files\truespace6\Textures\3Drect_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 9456 -c----w- c:\program files\truespace6\Textures\3Dskull.tga
2001-01-16 07:00 . 2001-01-16 07:00 7455 -c----w- c:\program files\truespace6\Textures\3Dslime.tga
2001-01-16 07:00 . 2001-01-16 07:00 10695 -c----w- c:\program files\truespace6\Textures\3Dsnowflake.tga
2001-01-16 07:00 . 2001-01-16 07:00 8724 -c----w- c:\program files\truespace6\Textures\3Dspider.tga
2001-01-16 07:00 . 2001-01-16 07:00 5937 -c----w- c:\program files\truespace6\Textures\3Dspider2.tga
2001-01-16 07:00 . 2001-01-16 07:00 34387 -c----w- c:\program files\truespace6\Textures\3Dspot2_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 24649 -c----w- c:\program files\truespace6\Textures\3Dspot3_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 8503 -c----w- c:\program files\truespace6\Textures\3Dspot_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 9473 -c----w- c:\program files\truespace6\Textures\3Dstone.tga
2001-01-16 07:00 . 2001-01-16 07:00 9195 -c----w- c:\program files\truespace6\Textures\3Dtarget_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 27562 -c----w- c:\program files\truespace6\Textures\3Dtorus_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 4431 -c----w- c:\program files\truespace6\Textures\3Dtrack.tga
2001-01-16 07:00 . 2001-01-16 07:00 18714 -c----w- c:\program files\truespace6\Textures\3Dtriangle_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 10727 -c----w- c:\program files\truespace6\Textures\3Dwire_bump.tga
2001-01-16 07:00 . 2001-01-16 07:00 121777 -c----w- c:\program files\truespace6\Textures\5.jpg
2001-01-16 07:00 . 2001-01-16 07:00 27666 -c----w- c:\program files\truespace6\Textures\BARK.TGA
2001-01-16 07:00 . 2001-01-16 07:00 37689 -c----w- c:\program files\truespace6\Textures\Blobs_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 3366 -c----w- c:\program files\truespace6\Textures\BRICK.JPG
2001-01-16 07:00 . 2001-01-16 07:00 4952 -c----w- c:\program files\truespace6\Textures\BRK2.TGA
2001-01-16 07:00 . 2001-01-16 07:00 49490 -c----w- c:\program files\truespace6\Textures\BUMP1.TGA
2001-01-16 07:00 . 2001-01-16 07:00 49490 -c----w- c:\program files\truespace6\Textures\BUMP6.TGA
2001-01-16 07:00 . 2001-01-16 07:00 14074 -c----w- c:\program files\truespace6\Textures\CALIGARI.JPG
2001-01-16 07:00 . 2001-01-16 07:00 62350 -c----w- c:\program files\truespace6\Textures\CALIGARI.TGA
2001-01-16 07:00 . 2001-01-16 07:00 29505 -c----w- c:\program files\truespace6\Textures\caligari_alpha.tga
2001-01-16 07:00 . 2001-01-16 07:00 63665 -c----w- c:\program files\truespace6\Textures\caligari_can.jpg
2001-01-16 07:00 . 2001-01-16 07:00 26399 -c----w- c:\program files\truespace6\Textures\Cascade_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 15541 -c----w- c:\program files\truespace6\Textures\Cells_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 16882 -c----w- c:\program files\truespace6\Textures\Cement.jpg
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\CERAMIC3.BMP
2001-01-16 07:00 . 2001-01-16 07:00 46195 -c----w- c:\program files\truespace6\Textures\CircSpot_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 30734 -c----w- c:\program files\truespace6\Textures\clouds.tga
2001-01-16 07:00 . 2001-01-16 07:00 48865 -c----w- c:\program files\truespace6\Textures\Clouds2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 49784 -c----w- c:\program files\truespace6\Textures\Clouds3_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 46926 -c----w- c:\program files\truespace6\Textures\Clouds4_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 48226 -c----w- c:\program files\truespace6\Textures\Clouds5_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 48945 -c----w- c:\program files\truespace6\Textures\Clouds_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\COLOR4.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\COLOR6.BMP
2001-01-16 07:00 . 2001-01-16 07:00 6062 -c----w- c:\program files\truespace6\Textures\Corgated.jpg
2001-01-16 07:00 . 2001-01-16 07:00 87044 -c----w- c:\program files\truespace6\Textures\CORGATED.TGA
2001-01-16 07:00 . 2001-01-16 07:00 15387 -c----w- c:\program files\truespace6\Textures\Cork.tga
2001-01-16 07:00 . 2001-01-16 07:00 50843 -c----w- c:\program files\truespace6\Textures\Corrode2.tga
2001-01-16 07:00 . 2001-01-16 07:00 25457 -c----w- c:\program files\truespace6\Textures\cracktile.tga
2001-01-16 07:00 . 2001-01-16 07:00 34718 -c----w- c:\program files\truespace6\Textures\CrackTile1.tga
2001-01-16 07:00 . 2001-01-16 07:00 34376 -c----w- c:\program files\truespace6\Textures\CrackTile2.tga
2001-01-16 07:00 . 2001-01-16 07:00 11291 -c----w- c:\program files\truespace6\Textures\CrossTarget_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 32968 -c----w- c:\program files\truespace6\Textures\Cross_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 63216 -c----w- c:\program files\truespace6\Textures\crumpledpaper 2.tga
2001-01-16 07:00 . 2001-01-16 07:00 39954 -c----w- c:\program files\truespace6\Textures\CrumpledPaper_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 38036 -c----w- c:\program files\truespace6\Textures\desert.tga
2001-01-16 07:00 . 2001-01-16 07:00 49819 -c----w- c:\program files\truespace6\Textures\DiagonalGrad2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 49819 -c----w- c:\program files\truespace6\Textures\DiagonalGrad_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 40044 -c----w- c:\program files\truespace6\Textures\DIAMOND.TGA
2001-01-16 07:00 . 2001-01-16 07:00 48539 -c----w- c:\program files\truespace6\Textures\dmndplat.tga
2001-01-16 07:00 . 2001-01-16 07:00 66075 -c----w- c:\program files\truespace6\Textures\Dmndtile.tga
2001-01-16 07:00 . 2001-01-16 07:00 12433 -c----w- c:\program files\truespace6\Textures\Drops.tga
2001-01-16 07:00 . 2001-01-16 07:00 65322 -c----w- c:\program files\truespace6\Textures\DTGal.bmp
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\DUAL10.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\DUAL14.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\DUAL3.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\DUAL6.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\DUAL7.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27414 -c----w- c:\program files\truespace6\Textures\DUAL8.BMP
2001-01-16 07:00 . 2001-01-16 07:00 13898 -c----w- c:\program files\truespace6\Textures\eye.jpg
2001-01-16 07:00 . 2001-01-16 07:00 23840 -c----w- c:\program files\truespace6\Textures\EYE_BLUE.TGA
2001-01-16 07:00 . 2001-01-16 07:00 17548 -c----w- c:\program files\truespace6\Textures\Eye_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 96044 -c----w- c:\program files\truespace6\Textures\EYE_CLSD.TGA
2001-01-16 07:00 . 2001-01-16 07:00 20016 -c----w- c:\program files\truespace6\Textures\Fantasy2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 35056 -c----w- c:\program files\truespace6\Textures\Fantasy3_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 37918 -c----w- c:\program files\truespace6\Textures\Fantasy4_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 26864 -c----w- c:\program files\truespace6\Textures\fish.tga
2001-01-16 07:00 . 2001-01-16 07:00 17870 -c----w- c:\program files\truespace6\Textures\fish2.tga
2001-01-16 07:00 . 2001-01-16 07:00 9921 -c----w- c:\program files\truespace6\Textures\Floor.jpg
2001-01-16 07:00 . 2001-01-16 07:00 30592 -c----w- c:\program files\truespace6\Textures\FLOOR1.TGA
2001-01-16 07:00 . 2001-01-16 07:00 120018 -c----w- c:\program files\truespace6\Textures\FOGGY.TGA
2001-01-16 07:00 . 2001-01-16 07:00 48222 -c----w- c:\program files\truespace6\Textures\Fur_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 19521 -c----w- c:\program files\truespace6\Textures\Grass.jpg
2001-01-16 07:00 . 2001-01-16 07:00 15643 -c----w- c:\program files\truespace6\Textures\Grass1.tga
2001-01-16 07:00 . 2001-01-16 07:00 103697 -c----w- c:\program files\truespace6\Textures\hair bump.jpg
2001-01-16 07:00 . 2001-01-16 07:00 186790 -c----w- c:\program files\truespace6\Textures\hair.jpg
2001-01-16 07:00 . 2001-01-16 07:00 46448 -c----w- c:\program files\truespace6\Textures\Hair2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 47321 -c----w- c:\program files\truespace6\Textures\Hair_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 127508 -c----w- c:\program files\truespace6\Textures\HEXAGON.TGA
2001-01-16 07:00 . 2001-01-16 07:00 54811 -c----w- c:\program files\truespace6\Textures\Hextile.tga
2001-01-16 07:00 . 2001-01-16 07:00 47497 -c----w- c:\program files\truespace6\Textures\HexTiles_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 1563 -c----w- c:\program files\truespace6\Textures\HGrad2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 1563 -c----w- c:\program files\truespace6\Textures\HGrad_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 40044 -c----w- c:\program files\truespace6\Textures\HOLYMETL.TGA
2001-01-16 07:00 . 2001-01-16 07:00 1563 -c----w- c:\program files\truespace6\Textures\HStripe_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 16558 -c----w- c:\program files\truespace6\Textures\IRON1.TGA
2001-01-16 07:00 . 2001-01-16 07:00 114807 -c----w- c:\program files\truespace6\Textures\Jupiter.jpg
2001-01-16 07:00 . 2001-01-16 07:00 32838 -c----w- c:\program files\truespace6\Textures\Kaleidoscope2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 39875 -c----w- c:\program files\truespace6\Textures\Kaleidoscope_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 25494 -c----w- c:\program files\truespace6\Textures\leave1.tga
2001-01-16 07:00 . 2001-01-16 07:00 29796 -c----w- c:\program files\truespace6\Textures\leave2.tga
2001-01-16 07:00 . 2001-01-16 07:00 28899 -c----w- c:\program files\truespace6\Textures\leave3.tga
2001-01-16 07:00 . 2001-01-16 07:00 23083 -c----w- c:\program files\truespace6\Textures\leave4.tga
2001-01-16 07:00 . 2001-01-16 07:00 28527 -c----w- c:\program files\truespace6\Textures\leave5.tga
2001-01-16 07:00 . 2001-01-16 07:00 18248 -c----w- c:\program files\truespace6\Textures\leaves.tga
2001-01-16 07:00 . 2001-01-16 07:00 46323 -c----w- c:\program files\truespace6\Textures\Lightning_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 29417 -c----w- c:\program files\truespace6\Textures\LOGO.JPG
2001-01-16 07:00 . 2001-01-16 07:00 48755 -c----w- c:\program files\truespace6\Textures\Marble2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 49803 -c----w- c:\program files\truespace6\Textures\Marble3_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 49593 -c----w- c:\program files\truespace6\Textures\Marble4_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 49725 -c----w- c:\program files\truespace6\Textures\Marble5_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 48567 -c----w- c:\program files\truespace6\Textures\Marble_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 7128 -c----w- c:\program files\truespace6\Textures\Mask1_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\MOARE3.BMP
2001-01-16 07:00 . 2001-01-16 07:00 43310 -c----w- c:\program files\truespace6\Textures\Noise_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 41168 -c----w- c:\program files\truespace6\Textures\opal.tga
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\ORGANIC5.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\ORGANIC7.BMP
2001-01-16 07:00 . 2001-01-16 07:00 24070 -c----w- c:\program files\truespace6\Textures\pinecone.tga
2001-01-16 07:00 . 2001-01-16 07:00 141865 -c----w- c:\program files\truespace6\Textures\PK_FACE1.JPG
2001-01-16 07:00 . 2001-01-16 07:00 17569 -c----w- c:\program files\truespace6\Textures\PK_PANT1.JPG
2001-01-16 07:00 . 2001-01-16 07:00 23697 -c----w- c:\program files\truespace6\Textures\popcorn.tga
2001-01-16 07:00 . 2001-01-16 07:00 43397 -c----w- c:\program files\truespace6\Textures\pumpkin.tga
2001-01-16 07:00 . 2001-01-16 07:00 47397 -c----w- c:\program files\truespace6\Textures\pumpkin2.tga
2001-01-16 07:00 . 2001-01-16 07:00 30435 -c----w- c:\program files\truespace6\Textures\puzzle.tga
2001-01-16 07:00 . 2001-01-16 07:00 36970 -c----w- c:\program files\truespace6\Textures\Rays_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 12035 -c----w- c:\program files\truespace6\Textures\RectSpot2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 9239 -c----w- c:\program files\truespace6\Textures\RectSpot3_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 25500 -c----w- c:\program files\truespace6\Textures\RectSpot_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 13595 -c----w- c:\program files\truespace6\Textures\Redcrpt.tga
2001-01-16 07:00 . 2001-01-16 07:00 7518 -c----w- c:\program files\truespace6\Textures\RED_DOT.TGA
2001-01-16 07:00 . 2001-01-16 07:00 58859 -c----w- c:\program files\truespace6\Textures\Ref-Grid2.jpg
2001-01-16 07:00 . 2001-01-16 07:00 120044 -c----w- c:\program files\truespace6\Textures\ROUGH01.TGA
2001-01-16 07:00 . 2001-01-16 07:00 197147 -c----w- c:\program files\truespace6\Textures\Rustpanl.tga
2001-01-16 07:00 . 2001-01-16 07:00 10595 -c----w- c:\program files\truespace6\Textures\seahorse.tga
2001-01-16 07:00 . 2001-01-16 07:00 1618 -c----w- c:\program files\truespace6\Textures\SHOESTRP.TGA
2001-01-16 07:00 . 2001-01-16 07:00 33374 -c----w- c:\program files\truespace6\Textures\skull.tga
2001-01-16 07:00 . 2001-01-16 07:00 4892 -c----w- c:\program files\truespace6\Textures\Sky.jpg
2001-01-16 07:00 . 2001-01-16 07:00 14129 -c----w- c:\program files\truespace6\Textures\Sky1_t.jpg
2001-01-16 07:00 . 2001-01-16 07:00 36979 -c----w- c:\program files\truespace6\Textures\snowflake.tga
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\SPACE1.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\SPACE10.BMP
2001-01-16 07:00 . 2001-01-16 07:00 24386 -c----w- c:\program files\truespace6\Textures\spider.tga
2001-01-16 07:00 . 2001-01-16 07:00 17093 -c----w- c:\program files\truespace6\Textures\spider2.tga
2001-01-16 07:00 . 2001-01-16 07:00 31163 -c----w- c:\program files\truespace6\Textures\Spiral2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 34699 -c----w- c:\program files\truespace6\Textures\Spiral3_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 24421 -c----w- c:\program files\truespace6\Textures\spot1_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 31613 -c----w- c:\program files\truespace6\Textures\spot_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 66075 -c----w- c:\program files\truespace6\Textures\Sqartile.tga
2001-01-16 07:00 . 2001-01-16 07:00 40044 -c----w- c:\program files\truespace6\Textures\SQUARE.TGA
2001-01-16 07:00 . 2001-01-16 07:00 4407 -c----w- c:\program files\truespace6\Textures\Star2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 17976 -c----w- c:\program files\truespace6\Textures\Star_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 66843 -c----w- c:\program files\truespace6\Textures\Steelpnl.tga
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE1.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE10.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE11.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE12.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE2.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE3.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE5.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE6.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE7.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE8.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\STONE9.BMP
2001-01-16 07:00 . 2001-01-16 07:00 37016 -c----w- c:\program files\truespace6\Textures\Stones_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 25080 -c----w- c:\program files\truespace6\Textures\SURF1.BMP
2001-01-16 07:00 . 2001-01-16 07:00 16310 -c----w- c:\program files\truespace6\Textures\Surf9.bmp
2001-01-16 07:00 . 2001-01-16 07:00 40503 -c----w- c:\program files\truespace6\Textures\Target2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 6913 -c----w- c:\program files\truespace6\Textures\Target3_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\TEXTILE2.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\TEXTILE4.BMP
2001-01-16 07:00 . 2001-01-16 07:00 27702 -c----w- c:\program files\truespace6\Textures\TEXTILE5.BMP
2001-01-16 07:00 . 2001-01-16 07:00 66075 -c----w- c:\program files\truespace6\Textures\Tile_02.tga
2001-01-16 07:00 . 2001-01-16 07:00 54811 -c----w- c:\program files\truespace6\Textures\Tile_03.tga
2001-01-16 07:00 . 2001-01-16 07:00 66075 -c----w- c:\program files\truespace6\Textures\Tile_04.tga
2001-01-16 07:00 . 2001-01-16 07:00 38939 -c----w- c:\program files\truespace6\Textures\Tile_05.tga
2001-01-16 07:00 . 2001-01-16 07:00 7603 -c----w- c:\program files\truespace6\Textures\track.tga
2001-01-16 07:00 . 2001-01-16 07:00 31781 -c----w- c:\program files\truespace6\Textures\transp-hair.jpg
2001-01-16 07:00 . 2001-01-16 07:00 29339 -c----w- c:\program files\truespace6\Textures\triangle.tga
2001-01-16 07:00 . 2001-01-16 07:00 38939 -c----w- c:\program files\truespace6\Textures\Tritile.tga
2001-01-16 07:00 . 2001-01-16 07:00 49819 -c----w- c:\program files\truespace6\Textures\VGrad2_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 49819 -c----w- c:\program files\truespace6\Textures\VGrad_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 49819 -c----w- c:\program files\truespace6\Textures\VStripe_BW.tga
2001-01-16 07:00 . 2001-01-16 07:00 28876 -c----w- c:\program files\truespace6\Textures\waterdrops.tga
2001-01-16 07:00 . 2001-01-16 07:00 22749 -c----w- c:\program files\truespace6\Textures\waterdrops2.tga
2001-01-16 07:00 . 2001-01-16 07:00 127508 -c----w- c:\program files\truespace6\Textures\WIREBMP1.TGA
2001-01-16 07:00 . 2001-01-16 07:00 54811 -c----w- c:\program files\truespace6\Textures\Wire_02.tga
2001-01-16 07:00 . 2001-01-16 07:00 35126 -c----w- c:\program files\truespace6\Textures\Wood1.bmp
2001-01-16 07:00 . 2001-01-16 07:00 9342 -c----w- c:\program files\truespace6\Textures\WOOD1.JPG
2001-01-16 07:00 . 2001-01-16 07:00 11267 -c----w- c:\program files\truespace6\Textures\Wood2.jpg
2001-01-16 07:00 . 2001-01-16 07:00 9828 -c----w- c:\program files\truespace6\Textures\Wood3.jpg
2001-01-16 07:00 . 2001-01-16 07:00 34331 -c----w- c:\program files\truespace6\Textures\Wood3.tga
2001-01-16 07:00 . 2001-01-16 07:00 29979 -c----w- c:\program files\truespace6\Textures\Wood4.tga
2001-01-16 07:00 . 2001-01-16 07:00 49173 -c----w- c:\program files\truespace6\Textures\ZigZag_BW.tga
2001-01-11 21:51 . 2001-01-11 21:51 1131008 -c----w- c:\program files\truespace6\Tsx\Infinity2\Infinity2.tsx
2001-01-11 21:04 . 2001-01-11 21:04 1547419 -c----w- c:\program files\truespace6\Tsx\Infinity2\INFINITY2.HLP
2001-01-11 20:14 . 2001-01-11 20:14 8703 -c----w- c:\program files\truespace6\Tsx\Infinity2\Tutorials\Tutorial6.ipr
2001-01-11 19:36 . 2001-01-11 19:36 12426 -c----w- c:\program files\truespace6\Tsx\Infinity2\Tutorials\Tutorial5.ipr
2001-01-11 09:14 . 2001-01-11 09:14 7462 -c----w- c:\program files\truespace6\Tsx\Infinity2\Tutorials\Tutorial1.ipr
2001-01-10 23:31 . 2001-01-10 23:31 79526 -c----w- c:\program files\truespace6\Tsx\Infinity2\Tutorials\Kopipi.jpg
2001-01-10 23:20 . 2001-01-10 23:20 107929 -c----w- c:\program files\truespace6\Tsx\Infinity2\Tutorials\Wheatfld.jpg
2001-01-10 21:37 . 2001-01-10 21:37 753664 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Objectman10.tsx
2001-01-10 21:23 . 2001-01-10 21:23 725 -c----w- c:\program files\truespace6\Tsx\PrimitiveItch\UVtools25\UVTools25_ReadMe.txt
2001-01-10 21:16 . 2001-01-10 21:16 700928 -c----w- c:\program files\truespace6\Tsx\PrimitiveItch\UVtools25\UVTools25.tsx
2001-01-10 21:07 . 2001-01-10 21:07 13667 -c----w- c:\program files\truespace6\Tsx\Infinity2\Tutorials\Tutorial4.ipr
2001-01-10 21:07 . 2001-01-10 21:07 7462 -c----w- c:\program files\truespace6\Tsx\Infinity2\Tutorials\Tutorial2.ipr
2001-01-10 21:07 . 2001-01-10 21:07 4980 -c----w- c:\program files\truespace6\Tsx\Infinity2\Tutorials\Tutorial3.ipr
2001-01-08 20:32 . 2001-01-08 20:32 1795 -c----w- c:\program files\truespace6\Tsx\BKP\trueScale\README.TXT
2001-01-08 20:30 . 2001-01-08 20:30 1659 -c----w- c:\program files\truespace6\Tsx\BKP\Cut & Paste\README.TXT
2001-01-08 19:30 . 2001-01-08 19:30 380928 -c----w- c:\program files\truespace6\Tsx\BKP\Cut & Paste\CutandPasteDemo.tsx
2001-01-08 19:30 . 2001-01-08 19:30 27185 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\fig1.gif
2001-01-08 19:30 . 2001-01-08 19:30 19622 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\fig2.gif
2001-01-08 19:30 . 2001-01-08 19:30 32534 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\jump.gif
2001-01-08 19:30 . 2001-01-08 19:30 991 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\lclabel.gif
2001-01-08 19:30 . 2001-01-08 19:30 3563 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\leafc.jpg
2001-01-08 19:30 . 2001-01-08 19:30 3633 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\leafo.jpg
2001-01-08 19:30 . 2001-01-08 19:30 20314 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\Puppeteer_Logo.gif
2001-01-08 19:30 . 2001-01-08 19:30 2704 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\Puppeteer_Logo_2.gif
2001-01-08 19:30 . 2001-01-08 19:30 14973 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\pv2fig1.gif
2001-01-08 19:30 . 2001-01-08 19:30 9991 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\pv2fig2a.gif
2001-01-08 19:30 . 2001-01-08 19:30 22037 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\pv2fig2b.gif
2001-01-08 19:30 . 2001-01-08 19:30 20886 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\pv2fig2c.gif
2001-01-08 19:30 . 2001-01-08 19:30 15533 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\pv2fig2d.gif
2001-01-08 19:30 . 2001-01-08 19:30 24511 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\pv2fig3.gif
2001-01-08 19:30 . 2001-01-08 19:30 29442 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\pvrun.gif
2001-01-08 19:30 . 2001-01-08 19:30 28471 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\pvsitup.gif
2001-01-08 19:30 . 2001-01-08 19:30 28877 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\pvstarjumps.gif
2001-01-08 19:30 . 2001-01-08 19:30 27899 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\pvtouchtoes.gif
2001-01-08 19:30 . 2001-01-08 19:30 993 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\rclabel.gif
2001-01-08 19:30 . 2001-01-08 19:30 57987 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\run.gif
2001-01-08 19:30 . 2001-01-08 19:30 69829 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\sit.gif
2001-01-08 19:30 . 2001-01-08 19:30 10923 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\spupts5.jpg
2001-01-08 19:30 . 2001-01-08 19:30 72506 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\walk.gif
2001-01-08 19:30 . 2001-01-08 19:30 12047 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\winner1.jpg
2001-01-08 19:30 . 2001-01-08 19:30 16986 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\winner2.jpg
2001-01-08 19:29 . 2001-01-08 19:29 1168896 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\puppeteerv2demo.tsx
2001-01-08 19:29 . 2001-01-08 19:29 6588 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\Quadped.cob
2001-01-08 19:29 . 2001-01-08 19:29 9452 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\SpiderSkeleton.cob
2001-01-08 19:29 . 2001-01-08 19:29 1219 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig1.gif
2001-01-08 19:29 . 2001-01-08 19:29 1438 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig10.gif
2001-01-08 19:29 . 2001-01-08 19:29 1583 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig11.gif
2001-01-08 19:29 . 2001-01-08 19:29 10424 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig12.gif
2001-01-08 19:29 . 2001-01-08 19:29 24428 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig14a.gif
2001-01-08 19:29 . 2001-01-08 19:29 21210 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig14b.gif
2001-01-08 19:29 . 2001-01-08 19:29 46470 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig14c.gif
2001-01-08 19:29 . 2001-01-08 19:29 73829 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig14d.gif
2001-01-08 19:29 . 2001-01-08 19:29 15101 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig14e.gif
2001-01-08 19:29 . 2001-01-08 19:29 24395 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig14f.gif
2001-01-08 19:29 . 2001-01-08 19:29 14149 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig14g.gif
2001-01-08 19:29 . 2001-01-08 19:29 26734 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig14h.gif
2001-01-08 19:29 . 2001-01-08 19:29 23881 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig14i.gif
2001-01-08 19:29 . 2001-01-08 19:29 20803 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig14j.gif
2001-01-08 19:29 . 2001-01-08 19:29 26272 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig15.gif
2001-01-08 19:29 . 2001-01-08 19:29 4206 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig16.gif
2001-01-08 19:29 . 2001-01-08 19:29 2667 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig2.gif
2001-01-08 19:29 . 2001-01-08 19:29 3549 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig2a.gif
2001-01-08 19:29 . 2001-01-08 19:29 1016 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig3.gif
2001-01-08 19:29 . 2001-01-08 19:29 979 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig4.gif
2001-01-08 19:29 . 2001-01-08 19:29 967 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig5a.gif
2001-01-08 19:29 . 2001-01-08 19:29 973 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig5b.gif
2001-01-08 19:29 . 2001-01-08 19:29 1217 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig6.gif
2001-01-08 19:29 . 2001-01-08 19:29 982 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig7.gif
2001-01-08 19:29 . 2001-01-08 19:29 1114 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig8.gif
2001-01-08 19:29 . 2001-01-08 19:29 1624 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\fig9.gif
2001-01-08 19:29 . 2001-01-08 19:29 1013 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp1.htm
2001-01-08 19:29 . 2001-01-08 19:29 1202 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp10.htm
2001-01-08 19:29 . 2001-01-08 19:29 1159 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp11.htm
2001-01-08 19:29 . 2001-01-08 19:29 1762 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp12.htm
2001-01-08 19:29 . 2001-01-08 19:29 1180 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp14.htm
2001-01-08 19:29 . 2001-01-08 19:29 1593 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp15.htm
2001-01-08 19:29 . 2001-01-08 19:29 1224 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp16.htm
2001-01-08 19:29 . 2001-01-08 19:29 2105 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp17.htm
2001-01-08 19:29 . 2001-01-08 19:29 1313 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp18.htm
2001-01-08 19:29 . 2001-01-08 19:29 2937 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp19.htm
2001-01-08 19:29 . 2001-01-08 19:29 2387 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp2.htm
2001-01-08 19:29 . 2001-01-08 19:29 1273 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp20.htm
2001-01-08 19:29 . 2001-01-08 19:29 9151 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp21.htm
2001-01-08 19:29 . 2001-01-08 19:29 1430 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp22.htm
2001-01-08 19:29 . 2001-01-08 19:29 1579 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp23.htm
2001-01-08 19:29 . 2001-01-08 19:29 1926 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp24.htm
2001-01-08 19:29 . 2001-01-08 19:29 1354 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp3.htm
2001-01-08 19:29 . 2001-01-08 19:29 1081 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp4.htm
2001-01-08 19:29 . 2001-01-08 19:29 1469 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp5.htm
2001-01-08 19:29 . 2001-01-08 19:29 1178 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp6.htm
2001-01-08 19:29 . 2001-01-08 19:29 1352 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp7.htm
2001-01-08 19:29 . 2001-01-08 19:29 1164 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp8.htm
2001-01-08 19:29 . 2001-01-08 19:29 1379 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\puphelp9.htm
2001-01-08 19:29 . 2001-01-08 19:29 2704 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\Puppeteer_Logo_2.gif
2001-01-08 19:29 . 2001-01-08 19:29 6597 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\pup_help.htm
2001-01-08 19:29 . 2001-01-08 19:29 5017 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\sitting.gif
2001-01-08 19:29 . 2001-01-08 19:29 114439 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\helpfile\Woman.cob
2001-01-08 19:29 . 2001-01-08 19:29 1427 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\bpupts5.htm
2001-01-08 19:29 . 2001-01-08 19:29 19371 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\puppeteer.htm
2001-01-08 19:29 . 2001-01-08 19:29 11578 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\puppeteerv2.htm
2001-01-08 19:29 . 2001-01-08 19:29 66689 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\bow.gif
2001-01-08 19:29 . 2001-01-08 19:29 145637 -c----w- c:\program files\truespace6\Tsx\BKP\Puppeteer2\www\images\bpupts5.jpg
2001-01-08 19:25 . 2001-01-08 19:25 294912 -c----w- c:\program files\truespace6\Tsx\BKP\trueScale\trueScaleDemo.tsx
2001-01-08 07:56 . 2001-01-08 07:56 3448 -c----w- c:\program files\truespace6\Tsx\Infinity2\Tutorials\Wasteland.jpg
2001-01-05 21:40 . 2001-01-05 21:40 1078 -c----w- c:\program files\truespace6\Tsx\Infinity2\Infinity2.ico
2001-01-05 17:34 . 2001-01-05 17:34 2779 -c----w- c:\program files\truespace6\Tsx\BKP\trueScale\ts.htm
2001-01-05 17:29 . 2001-01-05 17:29 2858 -c----w- c:\program files\truespace6\Tsx\BKP\Cut & Paste\cp.htm
2001-01-05 16:52 . 2001-01-05 16:52 993 -c----w- c:\program files\truespace6\Tsx\BKP\Cut & Paste\images\rclabel.gif
2001-01-05 16:52 . 2001-01-05 16:52 993 -c----w- c:\program files\truespace6\Tsx\BKP\trueScale\images\rclabel.gif
2001-01-05 16:51 . 2001-01-05 16:51 991 -c----w- c:\program files\truespace6\Tsx\BKP\Cut & Paste\images\lclabel.gif
2001-01-05 16:51 . 2001-01-05 16:51 991 -c----w- c:\program files\truespace6\Tsx\BKP\trueScale\images\lclabel.gif
2000-10-28 20:59 . 2000-10-28 20:59 177793 -c----w- c:\program files\truespace6\Tsx\ObjectMan\OMHelp.chm
2000-10-27 19:52 . 2000-10-27 19:52 5343 -c----w- c:\program files\truespace6\Tsx\ObjectMan\OMTrial_ReadMe.htm
2000-10-09 19:00 . 2000-10-09 19:00 435712 ------w- c:\program files\truespace6\Tsx\ObjectMan\Components\eview3d.dll
2000-10-09 18:45 . 2000-10-09 18:45 30720 ------w- c:\program files\truespace6\Tsx\ObjectMan\Components\dxopengl.dll
2000-10-08 23:16 . 2000-10-08 23:16 100864 ------w- c:\program files\truespace6\Tsx\ObjectMan\Components\object3d.dll
2000-10-08 23:16 . 2000-10-08 23:16 84992 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\lwo.x3d
2000-10-08 23:16 . 2000-10-08 23:16 46592 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\max.x3d
2000-10-08 23:16 . 2000-10-08 23:16 104960 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\dwg.x3d
2000-10-06 20:41 . 2000-10-06 20:41 14336 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\3drm.x3d
2000-10-06 20:37 . 2000-10-06 20:37 76800 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\vrml.x3d
2000-10-06 20:20 . 2000-10-06 20:20 13824 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\stl.x3d
2000-10-03 21:24 . 2000-10-03 21:24 17408 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\map.x3d
2000-10-03 21:24 . 2000-10-03 21:24 13312 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\pgm.x3d
2000-10-03 21:24 . 2000-10-03 21:24 9216 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\tim.x3d
2000-10-03 21:24 . 2000-10-03 21:24 20992 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\nurbs.x3d
2000-10-03 21:24 . 2000-10-03 21:24 17920 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\xsi.x3d
2000-10-03 21:24 . 2000-10-03 21:24 29184 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\spx.x3d
2000-10-03 21:24 . 2000-10-03 21:24 14336 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\nendo.x3d
2000-10-03 17:59 . 2000-10-03 17:59 59904 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\glc.x3d
2000-10-03 17:59 . 2000-10-03 17:59 32768 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\openflt.x3d
2000-10-03 17:59 . 2000-10-03 17:59 19456 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\imagine.x3d
2000-10-03 17:59 . 2000-10-03 17:59 19456 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\halflife.x3d
2000-10-03 17:59 . 2000-10-03 17:59 13312 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\pro.x3d
2000-10-03 17:59 . 2000-10-03 17:59 9728 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\quake3.x3d
2000-10-03 17:59 . 2000-10-03 17:59 8192 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\rax.x3d
2000-10-03 17:59 . 2000-10-03 17:59 44032 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\tspace.x3d
2000-10-03 17:59 . 2000-10-03 17:59 24064 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\hmworld.x3d
2000-10-02 21:53 . 2000-10-02 21:53 215552 ------w- c:\program files\truespace6\Tsx\ObjectMan\Components\dxbmp32.dll
2000-09-30 21:54 . 2000-09-30 21:54 163840 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\rhino.x3d
2000-08-29 07:00 . 2000-08-29 07:00 15920 -c----w- c:\program files\truespace6\Tsx\BKP\Cut & Paste\images\cpinter1.jpg
2000-08-29 07:00 . 2000-08-29 07:00 10872 -c----w- c:\program files\truespace6\Tsx\BKP\trueScale\images\tsinter1.jpg
2000-08-09 07:22 . 2000-08-09 07:22 270336 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\mts.x3d
2000-07-05 23:21 . 2000-07-05 23:21 10980 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Images\gothiclogo.gif
2000-06-05 07:56 . 2000-06-05 07:56 77824 -c----w- c:\program files\truespace6\Tsx\ObjectMan\Components\Plugins\e3nurbs.x4d
2000-01-12 08:44 . 2000-01-12 08:44 620 -c----w- c:\program files\truespace6\PDFMan\manual.css
1999-09-02 07:24 . 1999-09-02 07:24 17408 ------w- c:\program files\truespace6\Tsx\ObjectMan\Components\triang32.dll
1998-12-14 23:41 . 1998-12-14 23:41 139264 ------w- c:\program files\truespace6\Shaders\Material\Spots.tss
1998-10-08 23:53 . 1998-10-08 23:53 32256 ------w- c:\program files\truespace6\CPUINF32.DLL
1998-09-02 23:00 . 1998-09-02 23:00 18432 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonTutorial\ScriptTutorial.doc
1998-09-02 22:57 . 1998-09-02 22:57 77312 -c----w- c:\program files\truespace6\Scripts\PythonDoc\tSXPython\tSXPython.doc
1998-09-02 22:13 . 1998-09-02 22:13 12903 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PY-EXT.GID
1997-04-21 23:49 . 1997-04-21 23:49 40044 -c----w- c:\program files\truespace6\Textures\BRUSHED1.TGA
1997-03-25 12:02 . 1997-03-25 12:02 319488 ------w- c:\program files\truespace6\Tsx\ObjectMan\Components\cw3230mt.dll
1997-03-18 22:04 . 1997-03-18 22:04 287 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\MS-1112.zipcode.phn
1997-03-18 22:04 . 1997-03-18 22:04 282 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\MS-1126.zipcode.phn
1997-03-18 22:04 . 1997-03-18 22:04 241 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\MS-1141.streetaddr.phn
1997-03-18 22:04 . 1997-03-18 22:04 225 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\MS-1147.zipcode.phn
1997-03-18 22:04 . 1997-03-18 22:04 282 -c----w- c:\program files\truespace6\Tsx\Facial Animator\speech\MS-1156.streetaddr.phn
1996-11-20 16:47 . 1996-11-20 16:47 141619 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PY-TUT.HLP
1996-11-20 16:47 . 1996-11-20 16:47 66345 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PY-EXT.HLP
1996-11-20 16:47 . 1996-11-20 16:47 330970 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PY-LIB.HLP
1996-11-20 16:46 . 1996-11-20 16:46 77893 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PY-REF.HLP
1996-11-20 16:46 . 1996-11-20 16:46 2317 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PY-REF.CNT
1996-11-20 07:20 . 1996-11-20 07:20 6592 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PY-LIB.CNT
1996-11-19 23:41 . 1996-11-19 23:41 1257 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PY-EXT.CNT
1996-11-19 23:36 . 1996-11-19 23:36 3576 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PY-TUT.CNT
1995-10-19 22:45 . 1995-10-19 22:45 5148 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PYTHON.HLP
1995-10-19 07:24 . 1995-10-19 07:24 313 -c----w- c:\program files\truespace6\Scripts\PythonDoc\PythonHelp\PYTHON.CNT
1994-03-16 07:00 . 1994-03-16 07:00 16558 -c----w- c:\program files\truespace6\Textures\TILES3.TGA


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 11:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FingerPrintSoftware"="c:\program files\Lenovo Fingerprint Software\fpapp.exe \s" [X]
"PMHandler"="c:\progra~1\Lenovo\PMDRIV~1\PMHandler.exe" [2007-03-16 31840]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2006-12-29 569344]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-19 774233]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2007-04-09 58416]
"TPWAUDAP"="c:\program files\Lenovo\HOTKEY\TpWAudAp.exe" [2006-09-06 54824]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 16384000]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2007-08-23 53248]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-03-23 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-03-23 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-03-23 138008]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-02-08 536576]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"LPManager"="c:\progra~1\Lenovo\LENOVO~2\LPMGR.exe" [2007-04-26 120368]
"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-11-07 91688]
"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2007-02-01 439856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 321088]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 413696]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 126976]
"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2007-08-03 2630968]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-11-13 478800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"AdobeVersionCue"="c:\program files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2004-03-25 1732608]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"osCheck"="c:\program files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-22 110592]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2006-11-13 561213]
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2008-9-1 127488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ATFUS]
2007-05-31 20:57 155648 ------w- c:\windows\system32\FpWinlogonNp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"=ma_cmidn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2009-04-02 464264]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2009-04-02 234888]
S2 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2007-06-22 106496]
S2 FNF5SVC;Fn+F5 Service;c:\program files\LENOVO\HOTKEY\FNF5SVC.exe [2007-04-09 54832]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-07-15 102448]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder

2010-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 00:57]

2010-08-01 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-02-12 22:54]

2010-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1623880038-1315426461-3159198203-1008.job
- c:\documents and settings\geoffrey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-24 13:04]

2010-05-17 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - geoffrey.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 09:09]

2010-08-01 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-06-17 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.live.com
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\geoffrey\Application Data\Mozilla\Firefox\Profiles\ehu2i5nk.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\geoffrey\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-01 02:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{0ACDD40C-75AC-47ab-BAA0-BF6DE7E7FE63}]
@DACL=(02 0000)
@="Wireless"
"ProcessGroupPolicy"="ProcessWIRELESSPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{25537BA6-77A8-11D2-9B6C-0000F8080861}]
@DACL=(02 0000)
@="Folder Redirection"
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"DllName"=expand:"fdeploy.dll"
"NoMachinePolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"NoGPOListChanges"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"GenerateGroupPolicy"="GenerateGroupPolicy"
"EventSources"=multi:"(Folder Redirection,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{3610eda5-77ef-11d2-8dc5-00c04fa31a66}]
@DACL=(02 0000)
@="Microsoft Disk Quota"
"NoMachinePolicy"=dword:00000000
"NoUserPolicy"=dword:00000001
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"RequiresSuccessfulRegistry"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000000
"DllName"=expand:"dskquota.dll"
"ProcessGroupPolicy"="ProcessGroupPolicy"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{426031c0-0b47-4852-b0ca-ac3d37bfcb39}]
@DACL=(02 0000)
@="QoS Packet Scheduler"
"ProcessGroupPolicy"="ProcessPSCHEDPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{42B5FAAE-6536-11d2-AE5A-0000F87571E3}]
@DACL=(02 0000)
@="Scripts"
"ProcessGroupPolicy"="ProcessScriptsGroupPolicy"
"ProcessGroupPolicyEx"="ProcessScriptsGroupPolicyEx"
"GenerateGroupPolicy"="GenerateScriptsGroupPolicy"
"DllName"=expand:"gptext.dll"
"NoSlowLink"=dword:00000001
"NoGPOListChanges"=dword:00000001
"NotifyLinkTransition"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{4CFB60C1-FAA6-47f1-89AA-0B18730C9FD3}]
@DACL=(02 0000)
@="Internet Explorer Zonemapping"
"DllName"=expand:"iedkcs32.dll"
"ProcessGroupPolicy"="ProcessGroupPolicyForZoneMap"
"NoGPOListChanges"=dword:00000001
"RequiresSucessfulRegistry"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3051"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{827D319E-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessSecurityPolicyGPO"
"GenerateGroupPolicy"="SceGenerateGroupPolicy"
"ExtensionRsopPlanningDebugLevel"=dword:00000001
"ProcessGroupPolicyEx"="SceProcessSecurityPolicyGPOEx"
"ExtensionDebugLevel"=dword:00000001
"DllName"=expand:"scecli.dll"
@="Security"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"EnableAsynchronousProcessing"=dword:00000001
"MaxNoGPOListChangesInterval"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{A2E30F80-D7DE-11d2-BBDE-00C04F86AE3B}]
@DACL=(02 0000)
"ProcessGroupPolicyEx"="ProcessGroupPolicyEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"ProcessGroupPolicy"="ProcessGroupPolicy"
"DllName"="iedkcs32.dll"
@="Internet Explorer Branding"
"NoSlowLink"=dword:00000001
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000001
"NoMachinePolicy"=dword:00000001
"DisplayName"=expand:"@iedkcs32.dll,-3014"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B1BE8D72-6EAC-11D2-A4EA-00C04F79F83A}]
@DACL=(02 0000)
"ProcessGroupPolicy"="SceProcessEFSRecoveryGPO"
"DllName"=expand:"scecli.dll"
@="EFS recovery"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{C631DF4C-088F-4156-B058-4375F0853CD8}]
@DACL=(02 0000)
@="Microsoft Offline Files"
"DllName"=expand:"%SystemRoot%\\System32\\cscui.dll"
"EnableAsynchronousProcessing"=dword:00000000
"NoBackgroundPolicy"=dword:00000000
"NoGPOListChanges"=dword:00000000
"NoMachinePolicy"=dword:00000000
"NoSlowLink"=dword:00000000
"NoUserPolicy"=dword:00000001
"PerUserLocalSettings"=dword:00000000
"ProcessGroupPolicy"="ProcessGroupPolicy"
"RequiresSuccessfulRegistry"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{c6dc5466-785a-11d2-84d0-00c04fb169f7}]
@DACL=(02 0000)
@="Software Installation"
"DllName"=expand:"appmgmts.dll"
"ProcessGroupPolicyEx"="ProcessGroupPolicyObjectsEx"
"GenerateGroupPolicy"="GenerateGroupPolicy"
"NoBackgroundPolicy"=dword:00000000
"RequiresSucessfulRegistry"=dword:00000000
"NoSlowLink"=dword:00000001
"PerUserLocalSettings"=dword:00000001
"EventSources"=multi:"(Application Management,Application)\00(MsiInstaller,Application)\00\00"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{e437bc1c-aa7d-11d2-a382-00c04f991e27}]
@DACL=(02 0000)
@="IP Security"
"ProcessGroupPolicy"="ProcessIPSECPolicy"
"DllName"=expand:"gptext.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ACNotify]
@DACL=(02 0000)
@SACL=
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"="ACNotify.dll"
"Startup"="ACNotifyWLEventStartup"
"Logon"="ACNotifyWLEventLogon"
"Unlock"="ACNotifyWLEventUnlock"
"Logoff"="ACNotifyWLEventLogoff"
"Lock"="ACNotifyWLEventLock"
"Shutdown"="ACNotifyWLEventShutdown"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@DACL=(02 0000)
@SACL=
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
@DACL=(02 0000)
@SACL=
@=""
"DllName"="c:\\Program Files\\Lenovo\\HOTKEY\\tphklock.dll"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"Startup"="WLEventStartup"
"Shutdown"="WLEventShutdown"
"Logon"="WLEventLogon"
"Logoff"="WLEventLogoff"
"Lock"="WLEventLock"
"Unlock"="WLEventUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList]
@DACL=(02 0000)
"HelpAssistant"=dword:00000000
"TsInternetUser"=dword:00000000
"SQLAgentCmdExec"=dword:00000000
"NetShowServices"=dword:00000000
"IWAM_"=dword:00010000
"IUSR_"=dword:00010000
"VUSR_"=dword:00010000
"ASPNET"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1072)
c:\windows\system32\FpWinLogonNp.dll
c:\program files\Lenovo Fingerprint Software\ATCSSINT.dll
c:\program files\Lenovo Fingerprint Software\SharedResources.dll
c:\program files\Lenovo Fingerprint Software\FPResource.dll
c:\program files\Lenovo\Client Security Solution\CSS_Enroll.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll

- - - - - - - > 'explorer.exe'(5940)
c:\windows\system32\WININET.dll
c:\program files\Lenovo\Client Security Solution\tvtpwm_windows_hook.dll
c:\program files\Lenovo\Client Security Solution\tvt_passwordmanager.dll
c:\program files\Lenovo\Client Security Solution\css_banner.dll
c:\program files\Lenovo\Client Security Solution\csswait.dll
c:\windows\system32\cssuserdatadispatcher.dll
c:\program files\Lenovo\Client Security Solution\css_dlgcustompolicy.dll
c:\windows\system32\tvttsp.dll
c:\windows\system32\tcsrpc.dll
c:\program files\Common Files\Lenovo\tvt_lenovo_res2.dll
c:\program files\Lenovo\Client Security Solution\css_lenovo_res.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lenovo\Bluetooth Software\bin\btwdins.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Lenovo\PM Driver\PMSveH.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\lenovo\system update\suservice.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Lenovo\Rescue and Recovery\rrpservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Lenovo\Logger\logmon.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\windows\RTHDCPL.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Lenovo\Client Security Solution\tvtpwm_tray.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
c:\progra~1\Lenovo\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2010-08-01 02:26:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-01 01:26
ComboFix2.txt 2010-07-30 06:12

Pre-Run: 16,598,364,160 bytes free
Post-Run: 16,604,012,544 bytes free

- - End Of File - - 0006A0EDA6D3F596F7AEFBFB3C11520C
  • 0

#15
Cold Titanium

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
You should be okay with the Norton thing...

Hi skinny,

I think we killed it :)


Let's make sure we got everybody.


Step #1


  • Re-open MalwareBytes and click the Update tab
  • Update it
  • Click the scanner Tab and perform a Full Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Step #2



Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 21 .
  • Click the JDK 6 Update 21 (JDK or JRE) "Download JRE" button.
  • Select your Platform, Register (if you want) and check the box that says: "I agree to the Java SE Runtime Environment 6u21 with JavaFX License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u21-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u21-windows-i586.exe and select "Run as an Administrator.")


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #3



Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


I'd like to see the MBAM and Kaspersky logs in your next post :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP