First I want to say this post is for a different computer than my last post.
I am running a pc with xp. I ran AVG the other day and it detected 56 trojans but could remove none. Oddly enough my PC has not been acting up. I suspect that this computer and my laptop got the viruses by going to a particular website and asking for a link exchange with them. That is the only common ground.
Today I uninstalled AVG and installed MSE. MSE came up with no viruses. Then I went through your process. I ran FTC, ERUNT, MBAM (nothing). Tried GMER and OTL. The logs are below. I'm hoping that someone can confirm whether or not I have a problem and if so what I can do about it. I'll give you the website that I believe caused the problem, hopefully that can help. www.chinesetime.cn
Thank you very much,
Jomo
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4638
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
9/17/2010 9:48:12 AM
mbam-log-2010-09-17 (09-48-12).txt
Scan type: Quick scan
Objects scanned: 135686
Time elapsed: 8 minute(s), 52 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-17 12:02:11
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\axxiquoc.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [7A, 71] {JP 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [71, 71] {JNO 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [77, 71] {JA 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FD0001
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71840F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71810F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 71870F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 718D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] USER32.dll!SendInput + 4 7E42F144 2 Bytes [92, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71900F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71990F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[192] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71960F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [74, 71] {JZ 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [7A, 71] {JP 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [71, 71] {JNO 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [77, 71] {JA 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EF0001
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71840F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71810F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] WS2_32.dll!WSALookupServiceNextW 71AB3181 6 Bytes JMP 719F0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] WS2_32.dll!WSALookupServiceEnd 71AB350E 6 Bytes JMP 719C0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] WS2_32.dll!WSALookupServiceBeginW 71AB35EF 6 Bytes JMP 71A20F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] WS2_32.dll!connect 71AB4A07 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] WS2_32.dll!listen 71AB8CD3 6 Bytes JMP 71A50F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 71870F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 718D0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 718A0F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] USER32.dll!SendInput + 4 7E42F144 2 Bytes [92, 71]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71900F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 103FDDE0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71990F5A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[576] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71960F5A
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[1180] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 00455589 C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH)
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\Explorer.EXE[1456] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C90001
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\Explorer.EXE[1456] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\Explorer.EXE[1456] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\Explorer.EXE[1456] WS2_32.dll!WSALookupServiceNextW 01A53181 6 Bytes JMP 717F0F5A
.text C:\WINDOWS\Explorer.EXE[1456] WS2_32.dll!WSALookupServiceEnd 01A5350E 6 Bytes JMP 717C0F5A
.text C:\WINDOWS\Explorer.EXE[1456] WS2_32.dll!WSALookupServiceBeginW 01A535EF 6 Bytes JMP 71820F5A
.text C:\WINDOWS\Explorer.EXE[1456] WS2_32.dll!connect 01A54A07 6 Bytes JMP 71790F5A
.text C:\WINDOWS\Explorer.EXE[1456] WS2_32.dll!listen 01A58CD3 6 Bytes JMP 71760F5A
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Documents and Settings\Administrator\Desktop\gmer.exe[1692] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00960001
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\System32\ezSP_Px.exe[1700] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\hkcmd.exe[1708] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\System32\hkcmd.exe[1708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A30001
.text C:\WINDOWS\System32\hkcmd.exe[1708] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\System32\hkcmd.exe[1708] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\WINDOWS\System32\hkcmd.exe[1708] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\System32\hkcmd.exe[1708] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\System32\hkcmd.exe[1708] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\System32\hkcmd.exe[1708] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\hkcmd.exe[1708] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\System32\hkcmd.exe[1708] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\System32\hkcmd.exe[1708] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\System32\hkcmd.exe[1708] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] WS2_32.dll!WSALookupServiceNextW 00B53181 6 Bytes JMP 717F0F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] WS2_32.dll!WSALookupServiceEnd 00B5350E 6 Bytes JMP 717C0F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] WS2_32.dll!WSALookupServiceBeginW 00B535EF 6 Bytes JMP 71820F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] WS2_32.dll!connect 00B54A07 6 Bytes JMP 71790F5A
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[1744] WS2_32.dll!listen 00B58CD3 6 Bytes JMP 71760F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[1772] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3580] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00900001
.text C:\WINDOWS\system32\wscntfy.exe[3580] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3580] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\wscntfy.exe[3580] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\WINDOWS\system32\wscntfy.exe[3580] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [87, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [8D, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [84, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtOpenProcess 7C90D5FE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtOpenProcess + 4 7C90D602 2 Bytes [8A, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [90, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] USER32.dll!PostMessageW 7E418CCB 6 Bytes JMP 719A0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] USER32.dll!SendMessageW 7E42929A 6 Bytes JMP 71A00F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] USER32.dll!PostMessageA 7E42AAFD 6 Bytes JMP 719D0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] USER32.dll!SendInput 7E42F140 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] USER32.dll!SendInput + 4 7E42F144 2 Bytes [A5, 71]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] USER32.dll!SendMessageA 7E42F3C2 6 Bytes JMP 71A30F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] USER32.dll!mouse_event 7E46673F 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] USER32.dll!keybd_event 7E466783 6 Bytes JMP 71A90F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 71970F5A
.text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[3996] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 71940F5A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
OTL logfile created on: 9/17/2010 12:08:01 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 43.87 Gb Free Space | 58.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MATHONDV-LMITH1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/09/17 12:02:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/07/28 15:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/06/02 16:06:16 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/06/01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010/05/31 07:18:16 | 000,323,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2009/12/18 08:58:20 | 000,345,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/07/03 20:17:00 | 000,040,960 | R--- | M] (Easy Systems Japan Ltd.) -- C:\WINDOWS\system32\ezSP_Px.exe
========== Modules (SafeList) ==========
MOD - [2010/09/17 12:02:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/28 15:31:38 | 000,211,432 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2hooks32.dll
MOD - [2008/04/14 05:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/03/26 14:03:20 | 000,057,344 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/07/28 15:49:04 | 001,935,656 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2010/06/02 16:06:20 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/27 12:22:02 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/05/03 11:32:12 | 001,099,280 | ---- | M] (SMART Technologies Inc.) [On_Demand | Stopped] -- C:\Program Files\SMART Technologies Inc\SMART Board Software\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2007/04/19 06:42:30 | 000,759,312 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SMART Technologies Inc\SMART Board Software\WebServer.exe -- (SMART Web Server)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\athuw.sys -- (AR9271)
DRV - [2010/08/25 15:15:44 | 000,041,816 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2010/08/25 15:15:18 | 000,071,008 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2010/08/17 01:30:11 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2010/06/02 16:06:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2010/03/25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2009/06/15 15:21:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2009/06/03 10:01:28 | 000,230,400 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/06/03 10:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2009/06/03 10:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2009/06/03 10:01:26 | 000,174,720 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/04/13 22:05:40 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/09/19 15:00:00 | 000,652,288 | R--- | M] (Intersil Americas Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMNDS.sys -- (PRISM)
DRV - [2003/06/19 14:30:00 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2001/08/17 09:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 09:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 09:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 09:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 09:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 09:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 09:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 09:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 09:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mathondvds.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hotmail.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/04 15:00:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/17 08:31:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/17 08:31:57 | 000,000,000 | ---D | M]
[2010/08/16 19:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/09/16 13:30:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5qly3c15.default\extensions
[2010/08/21 18:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5qly3c15.default\extensions\[email protected]
[2010/09/16 13:30:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/27 20:24:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/27 20:24:20 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/03/09 11:35:04 | 000,365,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npupd62.dll
[2006/02/23 08:16:20 | 000,034,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\upd62i9x.dll
[2006/02/23 08:16:20 | 000,045,056 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\upd62int.dll
O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies Inc\Notebook Software\NotebookPlugin.dll (SMART Technologies Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [IBP] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/16 12:21:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5319540334395392)
========== Files/Folders - Created Within 90 Days ==========
[2010/09/17 12:02:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/17 09:38:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2010/09/17 09:37:56 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/17 09:37:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/17 09:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/17 09:37:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/17 09:36:36 | 006,153,384 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/09/17 09:36:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/17 09:35:39 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/17 09:34:07 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2010/09/17 09:20:35 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/09/17 09:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/16 13:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Joomla Website
[2010/09/16 13:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2010/09/16 13:02:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Anti-Malware
[2010/09/16 12:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/09/16 12:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2010/09/16 12:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/15 19:33:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010/09/14 09:15:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/09/14 09:09:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/09/13 09:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2010/09/13 09:42:33 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2010/09/13 09:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010/09/13 09:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/09/10 14:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Probability Theory
[2010/09/07 19:43:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/09/07 19:40:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/09/07 19:39:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2010/09/07 19:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2010/09/07 19:38:53 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/09/05 14:10:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\music done
[2010/09/05 03:00:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/09/04 12:54:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2010/09/03 14:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/03 14:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/09/03 14:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/09/03 12:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\IBP 11
[2010/09/03 12:39:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IBP
[2010/09/02 20:25:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/09/02 14:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2010/08/31 12:27:59 | 000,000,000 | ---D | C] -- C:\DVDTemp
[2010/08/31 12:13:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/08/27 22:46:56 | 000,023,808 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\T1PMrGrv.dll
[2010/08/27 22:46:55 | 000,028,160 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\T1PMrGrp.sys
[2010/08/27 22:46:47 | 000,050,816 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\T1PExGrv.dll
[2010/08/27 22:46:46 | 000,025,728 | ---- | C] (Magic Control Technology Corp.) -- C:\WINDOWS\System32\drivers\T1PExGrp.sys
[2010/08/27 22:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\MCT Corp
[2010/08/27 21:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010/08/27 21:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/08/27 21:46:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/08/27 20:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/08/27 20:24:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/08/27 20:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/08/27 20:20:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010/08/26 18:00:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/08/26 17:57:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2010/08/26 17:56:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2010/08/26 17:55:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2010/08/26 17:47:01 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/08/26 17:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010/08/26 17:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/08/26 16:37:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/08/26 16:36:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/08/26 16:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/26 16:24:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/08/26 16:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/08/26 16:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\provisioning
[2010/08/26 16:24:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/08/26 16:24:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/08/26 16:24:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/08/26 16:24:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\peernet
[2010/08/26 16:19:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/08/26 15:50:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2010/08/26 15:27:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/08/26 15:27:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/08/26 15:03:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/08/25 23:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2010/08/25 23:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/08/24 14:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2010/08/24 14:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/08/21 20:35:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2010/08/21 20:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\MPC HomeCinema
[2010/08/21 20:14:19 | 000,000,000 | ---D | C] -- C:\DESKTOP
[2010/08/21 20:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/08/21 20:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\LogMeIn
[2010/08/21 20:06:30 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2010/08/21 20:06:30 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2010/08/21 20:06:30 | 000,029,568 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2010/08/21 20:06:18 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2010/08/21 20:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2010/08/21 19:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HPAppData
[2010/08/21 19:41:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2010/08/21 19:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2010/08/21 19:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Decrypter
[2010/08/21 13:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS
[2010/08/21 13:33:59 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll.000.bak
[2010/08/21 00:40:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Drivers
[2010/08/20 19:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Smith Micro
[2010/08/20 13:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2010/08/17 22:51:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Alg 2-Trig
[2010/08/17 21:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\MWSnap
[2010/08/17 21:33:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Scans
[2010/08/17 21:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2010/08/17 21:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/08/17 21:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/08/17 21:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2010/08/17 20:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\HP
[2010/08/17 20:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\HP
[2010/08/17 20:02:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/08/17 20:01:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/08/17 20:00:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/08/17 20:00:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\yellowtail
[2010/08/17 19:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/08/17 19:58:53 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/08/17 16:14:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/08/17 15:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Verizon Wireless
[2010/08/17 15:19:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/08/17 15:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon Wireless
[2010/08/17 15:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\Novatel Wireless
[2010/08/17 15:17:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/08/17 13:49:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$xpsp1hfm$
[2010/08/17 02:17:03 | 000,000,000 | ---D | C] -- C:\Program Files\Super_DVD_Creator_9.5
[2010/08/17 02:16:07 | 010,363,547 | ---- | C] (MasterSoft, Inc. ) -- C:\Documents and Settings\Administrator\My Documents\Super.DVD.Creator.9.5.exe
[2010/08/17 02:15:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2010/08/17 02:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/08/17 01:30:11 | 000,281,104 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/08/17 01:30:11 | 000,100,880 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/08/17 01:30:11 | 000,050,704 | ---- | C] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/08/17 01:30:09 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/08/17 00:20:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
[2010/08/16 23:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/08/16 23:39:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/08/16 23:10:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\College
[2010/08/16 22:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Beatles
[2010/08/16 22:33:45 | 000,000,000 | ---D | C] -- C:\WUTemp
[2010/08/16 22:29:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windows media
[2010/08/16 22:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/08/16 22:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Notebook Content
[2010/08/16 22:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SMART Technologies Inc
[2010/08/16 22:02:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\SMART Notebook
[2010/08/16 21:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\SMART Technologies Inc
[2010/08/16 21:25:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/08/16 21:24:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\DVD Shrink Files
[2010/08/16 21:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
[2010/08/16 21:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\NeroVision
[2010/08/16 21:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NeroVision
[2010/08/16 21:11:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/08/16 20:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Music-to be done
[2010/08/16 20:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Test Prep Exams
[2010/08/16 20:40:02 | 000,038,912 | R--- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2010/08/16 20:39:56 | 000,569,344 | R--- | C] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll
[2010/08/16 20:39:56 | 000,544,768 | R--- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll
[2010/08/16 20:39:55 | 000,283,920 | R--- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll
[2010/08/16 20:39:53 | 000,155,648 | R--- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/08/16 20:39:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/08/16 20:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/08/16 20:36:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Webs
[2010/08/16 20:31:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/08/16 20:31:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2010/08/16 20:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft Web Folders
[2010/08/16 20:30:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/08/16 20:26:13 | 000,040,960 | R--- | C] (Easy Systems Japan Ltd.) -- C:\WINDOWS\System32\ezSP_Px.exe
[2010/08/16 20:26:01 | 000,417,792 | ---- | C] (VERITAS Software Corp.) -- C:\WINDOWS\System32\px.dll
[2010/08/16 20:26:01 | 000,393,216 | ---- | C] ( VERITAS Software Corp.) -- C:\WINDOWS\System32\pxwave.dll
[2010/08/16 20:26:01 | 000,126,976 | ---- | C] ( VERITAS Software Corp.) -- C:\WINDOWS\System32\pxmas.dll
[2010/08/16 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Drag'n Drop CD
[2010/08/16 20:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/08/16 20:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/08/16 20:07:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010/08/16 19:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2010/08/16 19:43:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/08/16 19:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2010/08/16 19:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2010/08/16 19:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/08/16 19:23:21 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData
[2010/08/16 19:14:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2010/08/16 19:11:53 | 000,000,000 | ---D | C] -- C:\temp
[2010/08/16 13:21:33 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/08/16 13:14:50 | 000,652,288 | R--- | C] (Intersil Americas Inc.) -- C:\WINDOWS\System32\drivers\PRISMNDS.sys
[2010/08/16 13:14:50 | 000,644,608 | R--- | C] (Intersil Americas Inc.) -- C:\WINDOWS\System32\drivers\PRISMUSB.sys
[2010/08/16 13:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2010/08/16 13:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My eBooks
[2010/08/16 13:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2010/08/16 13:03:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/08/16 13:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/08/16 13:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/08/16 13:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2010/08/16 12:48:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/08/16 12:43:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SMART Technologies Inc
[2010/08/16 12:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SMART Technologies Inc
[2010/08/16 12:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded
[2010/08/16 12:38:57 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/08/16 12:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/08/16 12:38:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2010/08/16 12:32:52 | 042,574,216 | ---- | C] (Smith Micro Software, Inc.) -- C:\Documents and Settings\Administrator\My Documents\VZAM_7.2.1_2420b_MiFi2200.exe
[2010/08/16 12:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\programs
[2010/08/16 12:30:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/08/16 12:25:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/08/16 12:25:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2010/08/16 12:25:20 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/08/16 12:25:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2010/08/16 12:25:14 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2010/08/16 12:25:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010/08/16 12:25:14 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2010/08/16 12:25:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2010/08/16 12:25:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2010/08/16 12:25:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2010/08/16 12:25:14 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010/08/16 12:25:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2010/08/16 12:25:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2010/08/16 12:25:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2010/08/16 12:25:14 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010/08/16 12:25:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2010/08/16 12:25:08 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/08/16 12:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/08/16 12:25:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/08/16 12:25:06 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/08/16 12:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/08/16 12:23:37 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/08/16 12:23:37 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/08/16 12:22:12 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/08/16 12:21:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/08/16 12:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/08/16 12:21:43 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/08/16 12:20:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/08/16 12:20:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/08/16 12:20:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/08/16 12:19:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/08/16 12:19:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/08/16 12:19:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/08/16 12:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/08/16 12:18:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/08/16 12:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/08/16 12:18:43 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/08/16 12:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/08/16 12:18:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2010/08/16 12:18:36 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/08/16 12:18:36 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/08/16 12:18:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/08/16 12:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/08/16 12:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/08/16 12:18:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/08/16 12:18:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/08/16 12:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/08/16 12:17:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/08/16 12:17:28 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/08/16 12:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/08/16 12:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/08/16 12:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/08/16 12:17:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/08/16 12:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/08/16 12:16:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/08/16 12:16:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/08/16 08:01:57 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\rtl8139.sys
[2010/08/16 08:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/08/16 08:00:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/08/16 08:00:32 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/08/16 08:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/08/16 08:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/08/16 08:00:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/08/16 08:00:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/08/16 08:00:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/08/16 08:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/08/16 08:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/08/16 07:59:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/08/16 07:59:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/08/16 07:59:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/08/16 07:59:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/08/16 07:59:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/08/16 07:54:29 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/08/16 07:54:29 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/08/16 07:54:29 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/08/16 07:54:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/08/16 07:54:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
========== Files - Modified Within 90 Days ==========
[2010/09/17 12:11:59 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/09/17 12:02:27 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/09/17 09:50:06 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/09/17 09:38:00 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/17 09:36:37 | 006,153,384 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2010/09/17 09:36:16 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/17 09:35:41 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/09/17 09:34:11 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Administrator\Desktop\erunt-setup.exe
[2010/09/17 09:32:04 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/17 09:30:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/17 09:30:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/17 09:30:07 | 003,670,016 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/09/17 09:30:07 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/09/17 09:20:36 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe
[2010/09/17 09:04:26 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/17 08:45:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/09/16 15:07:32 | 000,000,040 | ---- | M] () -- C:\WINDOWS\nero.INI
[2010/09/16 13:51:14 | 000,002,449 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft FrontPage.lnk
[2010/09/16 13:02:53 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/09/16 12:57:27 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/15 22:46:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 20:23:32 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/09/15 19:47:33 | 000,012,723 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\links.docx
[2010/09/15 11:04:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/14 15:49:18 | 004,808,154 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/09/14 09:09:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/09/13 20:25:48 | 007,080,521 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\scan0001.pdf
[2010/09/13 14:20:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/13 10:42:26 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FileZilla.lnk
[2010/09/08 12:11:27 | 000,000,913 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Internet Backgammon.lnk
[2010/09/08 08:17:59 | 000,030,424 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/08 08:15:51 | 000,156,360 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/07 19:55:56 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/07 11:39:47 | 000,123,791 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Noname.jpg
[2010/09/07 11:29:09 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Launch IBP.lnk
[2010/09/06 21:04:06 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/09/06 21:04:06 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/09/06 21:04:06 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/09/04 15:02:06 | 000,023,088 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/09/04 12:51:19 | 000,000,575 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/04 12:51:19 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/02 14:46:16 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/09/01 13:07:58 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Ÿ9Ÿ9
[2010/08/31 23:58:39 | 011,280,966 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\infinity is strange.wmv
[2010/08/31 23:20:02 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sound Recorder.lnk
[2010/08/26 18:24:57 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 16:39:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/26 16:26:12 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/08/26 16:19:16 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/26 16:19:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/26 15:52:01 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/26 15:03:22 | 000,012,922 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2010/08/22 19:58:51 | 000,007,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ebay ad.jpg
[2010/08/21 20:34:32 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk
[2010/08/21 20:06:16 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/08/21 19:41:37 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DVD Shrink 3.2.lnk
[2010/08/21 19:41:08 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DVD Decrypter.lnk
[2010/08/21 19:19:19 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\LogMeIn.lnk
[2010/08/21 13:30:12 | 015,916,032 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\LogMeIn.msi
[2010/08/17 21:48:45 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MWSnap 3.lnk
[2010/08/17 21:16:11 | 000,176,414 | ---- | M] () -- C:\WINDOWS\hpwins19.dat
[2010/08/17 21:12:34 | 000,001,858 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\HP Photosmart Essential 2.5.lnk
[2010/08/17 21:11:59 | 000,001,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\HP Document Manager.lnk
[2010/08/17 21:10:50 | 000,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/08/17 20:45:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ŸĂŸĂ
[2010/08/17 20:04:25 | 000,001,960 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Shop for HP Supplies.lnk
[2010/08/17 20:03:49 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\ŸÂŸÂ
[2010/08/17 16:12:02 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/17 16:12:02 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/17 02:17:17 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Super DVD Creator.lnk
[2010/08/17 01:30:11 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\wpcap.dll
[2010/08/17 01:30:11 | 000,100,880 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\Packet.dll
[2010/08/17 01:30:11 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) -- C:\WINDOWS\System32\drivers\npf.sys
[2010/08/16 22:30:19 | 000,001,835 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Encoder.lnk
[2010/08/16 21:53:08 | 000,002,024 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SMART Board Tools.lnk
[2010/08/16 21:53:08 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Notebook Software.lnk
[2010/08/16 20:45:55 | 000,001,239 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/08/16 20:32:16 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/08/16 20:32:09 | 000,000,059 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2010/08/16 20:27:50 | 000,000,763 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Drag'n Drop CD.lnk
[2010/08/16 20:11:28 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/08/16 19:30:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/08/16 19:30:23 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/16 12:25:26 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/08/16 12:24:51 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/16 12:24:14 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/08/16 12:21:18 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/16 12:21:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/16 12:21:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/16 12:21:18 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2010/08/16 12:21:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/16 12:21:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/16 12:21:12 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2010/08/16 12:21:05 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/16 12:20:04 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/08/16 12:20:04 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/08/16 12:17:51 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/16 12:17:39 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
========== Files Created - No Company Name ==========
[2010/09/17 09:50:20 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/09/17 09:50:05 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.zip
[2010/09/17 09:38:00 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/17 09:35:41 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ERUNT.lnk
[2010/09/17 09:09:44 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/09/17 09:09:43 | 000,000,374 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2010/09/17 09:04:26 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/09/16 13:02:53 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2010/09/16 12:57:27 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/15 22:45:30 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/09/15 20:23:32 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/09/15 19:47:32 | 000,012,723 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\links.docx
[2010/09/13 20:14:03 | 007,080,521 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\scan0001.pdf
[2010/09/13 10:42:26 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FileZilla.lnk
[2010/09/08 22:33:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/09/08 12:11:27 | 000,000,913 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Internet Backgammon.lnk
[2010/09/08 09:04:58 | 005,835,077 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IBP-Manual.pdf
[2010/09/07 11:35:09 | 000,123,791 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Noname.jpg
[2010/09/07 11:29:09 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Launch IBP.lnk
[2010/09/07 11:01:16 | 000,014,324 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\VERTICAL.PDF
[2010/09/07 11:01:16 | 000,014,100 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Math Video poster.PDF
[2010/09/07 11:01:16 | 000,009,700 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Poster20.PDF
[2010/09/06 00:19:04 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2010/09/04 14:58:30 | 000,023,088 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/09/03 14:22:07 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/02 14:46:16 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2010/09/01 13:07:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ÿ9Ÿ9
[2010/08/31 23:31:22 | 011,280,966 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\infinity is strange.wmv
[2010/08/31 23:20:02 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sound Recorder.lnk
[2010/08/26 18:24:57 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/08/26 16:24:41 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/08/26 16:24:41 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/08/26 16:24:41 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/08/26 16:24:41 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/08/26 16:24:41 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/08/26 16:24:41 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/08/26 16:24:41 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/08/26 16:24:41 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/08/26 16:24:41 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/08/26 16:24:41 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/08/26 16:24:41 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/08/26 16:24:41 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/08/26 16:24:41 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/08/26 16:24:41 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/08/26 16:24:41 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/08/26 16:24:41 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/08/26 16:24:41 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/08/26 16:24:41 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/08/26 16:24:40 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/08/26 16:24:40 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/08/26 16:24:40 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/08/26 16:24:40 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/08/26 16:24:40 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/08/26 16:24:40 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/08/26 16:24:40 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/08/26 16:24:40 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/08/26 16:24:40 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/08/26 16:24:40 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/08/26 16:24:40 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/08/26 16:24:40 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/08/26 16:24:40 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/08/26 16:24:40 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/08/26 16:24:40 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/08/26 16:24:40 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/08/26 16:24:40 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/08/26 16:24:40 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/08/26 16:24:40 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/08/26 16:24:40 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/08/26 16:24:40 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/08/26 16:24:40 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/08/26 16:24:40 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/08/26 16:24:40 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/08/26 16:24:40 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/08/26 16:24:40 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/08/26 16:24:40 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/08/26 16:24:40 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/08/26 16:24:40 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/08/26 16:24:40 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/08/26 16:24:40 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/08/26 16:24:40 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/08/26 16:24:40 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/08/26 16:24:40 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/08/26 16:24:40 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/08/26 16:24:40 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/08/26 16:24:40 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/08/26 16:24:40 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/08/26 16:24:40 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/08/26 16:24:40 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/08/26 16:24:40 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/08/26 16:24:40 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/08/26 16:24:40 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/08/26 16:24:40 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/08/26 16:24:39 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/08/26 16:24:39 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/08/26 16:24:39 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/08/26 16:24:39 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/08/26 16:24:39 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/08/26 16:24:39 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/08/26 16:24:39 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/08/26 16:24:39 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/08/26 16:24:39 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/08/26 16:24:39 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/08/26 16:24:39 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/08/26 16:24:39 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/08/26 16:24:39 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/08/26 16:24:39 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/08/26 16:24:38 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/08/26 16:24:38 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/08/26 16:24:38 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/08/26 16:24:38 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/08/26 16:24:38 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/08/26 16:24:38 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/08/26 16:24:29 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2010/08/26 16:24:29 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2010/08/26 16:24:29 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2010/08/26 16:21:34 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2010/08/26 16:21:32 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2010/08/26 16:21:32 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2010/08/26 16:19:36 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/08/26 16:19:35 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/08/26 15:20:31 | 001,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2010/08/26 15:19:22 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2010/08/26 15:19:07 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2010/08/26 15:18:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2010/08/26 15:18:04 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/08/26 15:16:40 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2010/08/26 15:13:53 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2010/08/26 15:13:51 | 000,056,700 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2010/08/26 15:13:51 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf
[2010/08/26 15:13:10 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010/08/26 15:03:23 | 000,012,922 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2010/08/22 19:58:51 | 000,007,456 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ebay ad.jpg
[2010/08/21 20:34:32 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Player Classic - Home Cinema.lnk
[2010/08/21 19:41:37 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DVD Shrink 3.2.lnk
[2010/08/21 19:41:07 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DVD Decrypter.lnk
[2010/08/21 19:19:19 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\LogMeIn.lnk
[2010/08/21 13:33:55 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/08/21 13:27:15 | 015,916,032 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\LogMeIn.msi
[2010/08/21 00:40:24 | 000,062,970 | ---- | C] () -- C:\WINDOWS\System32\igfxhkor.lhp
[2010/08/21 00:40:24 | 000,060,988 | ---- | C] () -- C:\WINDOWS\System32\igfxhhun.lhp
[2010/08/21 00:40:24 | 000,060,894 | ---- | C] () -- C:\WINDOWS\System32\igfxhdeu.lhp
[2010/08/21 00:40:24 | 000,060,770 | ---- | C] () -- C:\WINDOWS\System32\igfxhtha.lhp
[2010/08/21 00:40:24 | 000,060,400 | ---- | C] () -- C:\WINDOWS\System32\igfxhfrc.lhp
[2010/08/21 00:40:24 | 000,060,392 | ---- | C] () -- C:\WINDOWS\System32\igfxhheb.lhp
[2010/08/21 00:40:24 | 000,060,099 | ---- | C] () -- C:\WINDOWS\System32\igfxhfra.lhp
[2010/08/21 00:40:24 | 000,060,037 | ---- | C] () -- C:\WINDOWS\System32\igfxhplk.lhp
[2010/08/21 00:40:24 | 000,060,025 | ---- | C] () -- C:\WINDOWS\System32\igfxhell.lhp
[2010/08/21 00:40:24 | 000,059,819 | ---- | C] () -- C:\WINDOWS\System32\igfxhrus.lhp
[2010/08/21 00:40:24 | 000,059,052 | ---- | C] () -- C:\WINDOWS\System32\igfxhcht.lhp
[2010/08/21 00:40:24 | 000,058,967 | ---- | C] () -- C:\WINDOWS\System32\igfxhjpn.lhp
[2010/08/21 00:40:24 | 000,058,889 | ---- | C] () -- C:\WINDOWS\System32\igfxhfin.lhp
[2010/08/21 00:40:24 | 000,058,738 | ---- | C] () -- C:\WINDOWS\System32\igfxhnld.lhp
[2010/08/21 00:40:24 | 000,058,647 | ---- | C] () -- C:\WINDOWS\System32\igfxhcsy.lhp
[2010/08/21 00:40:24 | 000,058,518 | ---- | C] () -- C:\WINDOWS\System32\igfxhtrk.lhp
[2010/08/21 00:40:24 | 000,058,095 | ---- | C] () -- C:\WINDOWS\System32\igfxhesp.lhp
[2010/08/21 00:40:24 | 000,058,026 | ---- | C] () -- C:\WINDOWS\System32\igfxhdan.lhp
[2010/08/21 00:40:24 | 000,058,024 | ---- | C] () -- C:\WINDOWS\System32\igfxhsve.lhp
[2010/08/21 00:40:24 | 000,058,021 | ---- | C] () -- C:\WINDOWS\System32\igfxhnor.lhp
[2010/08/21 00:40:24 | 000,057,965 | ---- | C] () -- C:\WINDOWS\System32\igfxhptg.lhp
[2010/08/21 00:40:24 | 000,057,797 | ---- | C] () -- C:\WINDOWS\System32\igfxhita.lhp
[2010/08/21 00:40:24 | 000,057,434 | ---- | C] () -- C:\WINDOWS\System32\igfxhptb.lhp
[2010/08/21 00:40:24 | 000,056,845 | ---- | C] () -- C:\WINDOWS\System32\igfxharb.lhp
[2010/08/21 00:40:24 | 000,056,845 | ---- | C] () -- C:\WINDOWS\System32\igfxhara.lhp
[2010/08/21 00:40:24 | 000,056,835 | ---- | C] () -- C:\WINDOWS\System32\igfxhchs.lhp
[2010/08/21 00:40:24 | 000,056,580 | ---- | C] () -- C:\WINDOWS\System32\igfxheng.lhp
[2010/08/21 00:40:24 | 000,055,002 | ---- | C] () -- C:\WINDOWS\System32\igfxhenu.lhp
[2010/08/18 00:01:00 | 003,670,016 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/08/17 21:48:45 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MWSnap 3.lnk
[2010/08/17 21:12:34 | 000,001,858 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\HP Photosmart Essential 2.5.lnk
[2010/08/17 21:11:59 | 000,001,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\HP Document Manager.lnk
[2010/08/17 21:10:50 | 000,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2010/08/17 21:05:31 | 000,176,414 | ---- | C] () -- C:\WINDOWS\hpwins19.dat
[2010/08/17 21:05:31 | 000,000,997 | R--- | C] () -- C:\WINDOWS\hpwmdl19.dat
[2010/08/17 20:45:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ŸĂŸĂ
[2010/08/17 20:04:25 | 000,001,960 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Shop for HP Supplies.lnk
[2010/08/17 20:03:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ŸÂŸÂ
[2010/08/17 20:00:09 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2010/08/17 02:17:17 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Super DVD Creator.lnk
[2010/08/16 23:44:25 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/16 23:41:28 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV
[2010/08/16 22:56:07 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/16 22:39:10 | 000,001,939 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/08/16 22:31:35 | 000,002,449 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft FrontPage.lnk
[2010/08/16 22:30:19 | 000,001,835 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Windows Media Encoder.lnk
[2010/08/16 21:53:08 | 000,002,024 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SMART Board Tools.lnk
[2010/08/16 21:53:08 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Notebook Software.lnk
[2010/08/16 21:18:34 | 000,066,418 | ---- | C] () -- C:\WINDOWS\UNNeroVision.cfg
[2010/08/16 21:11:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/08/16 21:11:03 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2010/08/16 21:11:03 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2010/08/16 21:11:03 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2010/08/16 21:11:01 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2010/08/16 20:45:55 | 000,001,239 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2010/08/16 20:45:37 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/08/16 20:32:16 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/16 20:27:50 | 000,000,763 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Drag'n Drop CD.lnk
[2010/08/16 20:26:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2010/08/16 20:25:55 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
[2010/08/16 20:11:28 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2010/08/16 19:44:02 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/08/16 19:30:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/08/16 19:30:23 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/08/16 12:25:33 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/08/16 12:25:15 | 000,024,576 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2010/08/16 12:25:15 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/08/16 12:24:51 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/08/16 12:24:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/16 12:23:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/08/16 12:22:55 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/08/16 12:22:45 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/08/16 12:22:38 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/08/16 12:21:18 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/16 12:21:18 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010/08/16 12:21:18 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010/08/16 12:21:18 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/08/16 12:21:18 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2010/08/16 12:21:14 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2010/08/16 12:21:14 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/08/16 12:21:14 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/08/16 12:21:12 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2010/08/16 12:20:04 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/08/16 12:20:04 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/08/16 12:19:58 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/08/16 12:19:39 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/08/16 12:18:53 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/08/16 12:18:53 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/08/16 12:18:48 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/08/16 12:17:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/08/16 12:16:57 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/08/16 12:16:56 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/08/16 12:16:56 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/08/16 12:16:56 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/08/16 12:16:56 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/08/16 12:16:56 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/08/16 12:16:56 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/08/16 12:16:56 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/08/16 12:16:56 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/08/16 12:16:56 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/08/16 12:16:56 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/08/16 12:16:55 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2010/08/16 12:16:55 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2010/08/16 12:16:55 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2010/08/16 12:16:55 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2010/08/16 12:16:55 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2010/08/16 12:16:55 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2010/08/16 12:16:55 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2010/08/16 12:16:55 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2010/08/16 12:16:51 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/08/16 12:16:51 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/08/16 12:16:49 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/08/16 12:16:35 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/08/16 08:00:34 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/08/16 08:00:34 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/08/16 08:00:33 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/08/16 08:00:33 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/08/16 08:00:30 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2010/08/16 08:00:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2010/08/16 08:00:30 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2010/08/16 08:00:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2010/08/16 08:00:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2010/08/16 08:00:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2010/08/16 08:00:26 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2010/08/16 08:00:26 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2010/08/16 08:00:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2010/08/16 08:00:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2010/08/16 08:00:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2010/08/16 08:00:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2010/08/16 08:00:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2010/08/16 08:00:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2010/08/16 08:00:23 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2010/08/16 08:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2010/08/16 08:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2010/08/16 08:00:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2010/08/16 08:00:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2010/08/16 08:00:16 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/08/16 08:00:08 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/08/16 08:00:08 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/08/16 08:00:08 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/08/16 08:00:08 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/08/16 08:00:07 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/08/16 08:00:07 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/08/16 07:59:34 | 000,156,360 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/16 07:58:59 | 000,000,211 | RHS- | C] () -- C:\boot.ini
[2010/08/16 07:58:57 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2004/09/01 07:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll
[2004/09/01 07:42:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\BiImg.dll
[2004/09/01 07:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2004/09/01 07:42:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\JPeg32.dll
[2004/09/01 07:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\BiEResNT.dll
[2004/09/01 07:42:44 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\Bic_Res.dll
[2004/09/01 07:42:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\bi_group.ini
========== LOP Check ==========
[2010/08/16 21:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Drag'n Drop CD
[2010/09/16 14:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2010/09/15 18:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBP
[2010/08/16 13:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2010/08/16 12:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SMART Technologies Inc
[2010/08/20 19:20:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Smith Micro
[2010/08/27 21:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/09/14 09:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/09/13 09:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010/09/17 09:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/08/21 20:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/08/17 15:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WEngineLite
[2010/09/04 13:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/13 14:20:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/17 09:36:16 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/09/17 12:11:59 | 000,000,374 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/08/21 20:06:16 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/09/04 12:41:11 | 000,000,417 | ---- | M] () -- C:\aaw7boot.log
[2010/08/16 12:21:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/26 16:26:12 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/08/16 12:21:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/08/16 12:21:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/08/16 12:21:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/08/26 16:19:16 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/08/26 16:19:15 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/09/17 09:30:41 | 402,653,184 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2010/08/16 07:58:59 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/08/16 07:58:59 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/08/16 07:58:59 | 000,393,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-09-17 13:01:55
< End of report >
OTL Extras logfile created on: 9/17/2010 12:08:01 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 43.87 Gb Free Space | 58.86% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: MATHONDV-LMITH1
Current User Name: Administrator
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (TODO: <Company name>)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120409-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000 SR-1
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{4475560E-9418-4908-A158-472D873AE139}" = LogMeIn
"{46486451-E60F-42C3-92D7-796D8594688A}" = SMART Board Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{C4A6405B-F37D-42F7-B317-D277BBD47D15}" = Drag'n Drop CD
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA846E79-1C13-4AB0-8DEB-77935469CD9A}" = Mobile Broadband Generic Drivers
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.4.1
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IBP11_is1" = IBP 11.7.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"KeyFinder_is1" = Magical Jelly Bean KeyFinder
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MWSnap 3" = MWSnap 3
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Shop for HP Supplies" = Shop for HP Supplies
"Super DVD Creator_is1" = Super DVD Creator 9.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 8/20/2010 2:18:06 PM | Computer Name = MATHONDV-LMITH1 | Source = Application Error | ID = 1000
Description = Faulting application _is3.exe, version 12.0.0.49974, faulting module
_is3.exe, version 12.0.0.49974, fault address 0x0001e48b.
Error - 8/20/2010 2:18:13 PM | Computer Name = MATHONDV-LMITH1 | Source = Application Error | ID = 1000
Description = Faulting application _is5.exe, version 12.0.0.49974, faulting module
_is5.exe, version 12.0.0.49974, fault address 0x0001e48b.
Error - 8/20/2010 2:18:19 PM | Computer Name = MATHONDV-LMITH1 | Source = Application Error | ID = 1000
Description = Faulting application _is7.exe, version 12.0.0.49974, faulting module
_is7.exe, version 12.0.0.49974, fault address 0x0001e48b.
Error - 8/20/2010 2:19:21 PM | Computer Name = MATHONDV-LMITH1 | Source = Application Error | ID = 1000
Description = Faulting application aircfg.exe, version 3.1.6.30923, faulting module
aircfg.exe, version 3.1.6.30923, fault address 0x00003626.
Error - 8/20/2010 2:21:05 PM | Computer Name = MATHONDV-LMITH1 | Source = Application Error | ID = 1000
Description = Faulting application _isa.exe, version 12.0.0.49974, faulting module
_isa.exe, version 12.0.0.49974, fault address 0x0001e48b.
Error - 8/20/2010 2:21:45 PM | Computer Name = MATHONDV-LMITH1 | Source = Application Error | ID = 1000
Description = Faulting application _isc.exe, version 12.0.0.49974, faulting module
_isc.exe, version 12.0.0.49974, fault address 0x0001e48b.
Error - 8/26/2010 3:03:18 PM | Computer Name = MATHONDV-LMITH1 | Source = Windows Product Activation | ID = 1010
Description = The Windows license was restored due to a system error. You might
need to reactivate your Windows product.
Error - 8/26/2010 6:00:56 PM | Computer Name = MATHONDV-LMITH1 | Source = Application Hang | ID = 1002
Description = Hanging application iesetup.exe, version 7.0.5730.13, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
Error - 9/3/2010 2:17:06 PM | Computer Name = MATHONDV-LMITH1 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 9/3/2010 2:57:18 PM | Computer Name = MATHONDV-LMITH1 | Source = Application Hang | ID = 1002
Description = Hanging application Ad-AwareAdmin.exe, version 8.0.0.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.
[ System Events ]
Error - 9/15/2010 9:20:51 AM | Computer Name = MATHONDV-LMITH1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.102 for the Network Card with network
address 00402B64B8B5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 9/15/2010 9:23:22 AM | Computer Name = MATHONDV-LMITH1 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.100.10
on the Network Card with network address 00402B64B8B5.
Error - 9/15/2010 11:19:56 AM | Computer Name = MATHONDV-LMITH1 | Source = Dhcp | ID = 1002
Description = The IP address lease 76.15.19.155 for the Network Card with network
address 00402B64B8B5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 9/15/2010 11:23:26 AM | Computer Name = MATHONDV-LMITH1 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.0.103 for the Network Card with network
address 00402B64B8B5 has been denied by the DHCP server 24.29.137.74 (The DHCP Server
sent a DHCPNACK message).
Error - 9/15/2010 11:52:26 AM | Computer Name = MATHONDV-LMITH1 | Source = Dhcp | ID = 1002
Description = The IP address lease 76.15.19.155 for the Network Card with network
address 00402B64B8B5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).
Error - 9/15/2010 9:52:19 PM | Computer Name = MATHONDV-LMITH1 | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.
Error - 9/17/2010 9:26:37 AM | Computer Name = MATHONDV-LMITH1 | Source = Service Control Manager | ID = 7034
Description = The LogMeIn Maintenance Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 9/17/2010 9:26:38 AM | Computer Name = MATHONDV-LMITH1 | Source = Service Control Manager | ID = 7031
Description = The Emsisoft Anti-Malware 5.0 - Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
0 milliseconds: Restart the service.
Error - 9/17/2010 9:26:38 AM | Computer Name = MATHONDV-LMITH1 | Source = Service Control Manager | ID = 7034
Description = The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
Error - 9/17/2010 9:26:38 AM | Computer Name = MATHONDV-LMITH1 | Source = Service Control Manager | ID = 7031
Description = The Microsoft Antimalware Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
15000 milliseconds: Restart the service.
< End of report >
Sign In
Create Account
