Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

A trojan called "Catch Me"?

Started by otieatkins , Nov 30 2010 06:36 PM

  • Please log in to reply

#1
otieatkins
Posted 30 November 2010 - 06:36 PM

otieatkins

    Member

  • Member
  • PipPipPip
  • 105 posts
Good Evening,
I think I have a trojan (or something..). My computer has been very slow so I ran SuperAntiSpyware and that only showed a couple of adware things that I got rid of, so I ran OTL.
It came back with a temp file in Documents~1\...\...\Catch Me. I'm thinking that's probably the culpert of part of it anyway.
Here is my OTL results. Hope someone can help. Thanks, Dianne
OTL logfile created on: 11/29/2010 11:59:06 AM - Run 6
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Dianne\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 82.69 Gb Total Space | 17.76 Gb Free Space | 21.48% Space Free | Partition Type: NTFS
Drive D: | 465.65 Gb Total Space | 109.86 Gb Free Space | 23.59% Space Free | Partition Type: FAT32
Drive H: | 66.36 Gb Total Space | 31.75 Gb Free Space | 47.84% Space Free | Partition Type: NTFS
Drive K: | 488.61 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive P: | 473.63 Gb Total Space | 232.66 Gb Free Space | 49.12% Space Free | Partition Type: NTFS
Drive R: | 457.88 Gb Total Space | 445.79 Gb Free Space | 97.36% Space Free | Partition Type: NTFS
Drive S: | 341.80 Gb Total Space | 7.50 Gb Free Space | 2.19% Space Free | Partition Type: NTFS
Drive T: | 1055.46 Gb Total Space | 44.99 Gb Free Space | 4.26% Space Free | Partition Type: NTFS

Computer Name: MYOTIE-245E29DE | User Name: Dianne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/29 11:55:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dianne\Desktop\OTL.exe
PRC - [2010/11/21 06:43:04 | 001,113,600 | ---- | M] () -- C:\Program Files\Free Desktop Clock\DesktopClock.exe
PRC - [2010/10/23 09:30:36 | 002,836,656 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2010/09/25 05:19:54 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2010/09/25 05:19:53 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2010/09/20 19:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
PRC - [2010/09/20 19:25:04 | 000,913,552 | R--- | M] (Carbonite, Inc.) -- C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
PRC - [2010/09/18 05:45:58 | 000,066,040 | ---- | M] (Siber Systems) -- H:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/08/09 13:53:18 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2010/07/30 16:12:54 | 002,195,824 | ---- | M] (GFI Software Ltd.) -- H:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe
PRC - [2010/07/30 16:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) -- H:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe
PRC - [2010/07/30 16:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) -- H:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe
PRC - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 13:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/03/11 11:58:14 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\nlssrv32.exe
PRC - [2010/02/18 16:40:26 | 002,012,912 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () -- H:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/10/07 11:41:20 | 000,122,472 | ---- | M] () -- C:\Program Files\DriveSentry\DriveSentryService.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Documents and Settings\Dianne\Local Settings\Apps\F.lux\flux.exe
PRC - [2008/09/21 16:59:06 | 001,292,800 | ---- | M] (FSL - FreeSoftLand) -- C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2010/11/29 11:55:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dianne\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/26 05:46:32 | 000,018,200 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Ocster Backup\bin\backupService-ox.exe -- (ocster_backup)
SRV - [2010/10/28 12:02:14 | 000,240,976 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Zentimo\ZentimoService.exe -- (ZentimoService)
SRV - [2010/09/20 19:25:06 | 003,117,200 | R--- | M] (Carbonite, Inc. (www.carbonite.com)) [Auto | Running] -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe -- (CarboniteService)
SRV - [2010/08/09 13:53:18 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/07/30 16:12:52 | 000,858,480 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- H:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHInst.exe -- (GFIBckHAtt)
SRV - [2010/07/30 16:12:50 | 002,324,848 | ---- | M] (GFI Software Ltd.) [Auto | Running] -- H:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIHSched.exe -- (GFIBckHSched)
SRV - [2010/07/29 19:27:42 | 000,220,128 | ---- | M] () [Auto | Stopped] -- S:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV - [2010/06/24 13:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 15:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/11 11:58:14 | 000,063,488 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\nlssrv32.exe -- (nlsX86cc)
SRV - [2009/11/13 06:31:14 | 000,092,008 | ---- | M] (TomTom) [On_Demand | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/11/12 13:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- H:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/10/07 11:41:20 | 000,122,472 | ---- | M] () [Auto | Running] -- C:\Program Files\DriveSentry\DriveSentryService.exe -- (DriveSentryService)
SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dianne\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/07/29 19:28:02 | 000,015,328 | ---- | M] (Macrium Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\pssnap.sys -- (pssnap)
DRV - [2010/07/21 21:02:06 | 000,112,456 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2010/07/21 21:02:06 | 000,097,096 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/07/15 07:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 07:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/07/13 10:57:16 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2010/06/18 15:09:48 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2010/06/18 14:41:34 | 000,019,968 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2010/06/17 12:41:12 | 000,129,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2010/06/17 06:35:52 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/06/15 04:52:06 | 000,019,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wimmount.sys -- (wimmount)
DRV - [2010/05/27 17:39:32 | 000,141,384 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2010/05/22 19:42:07 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/04/30 12:46:52 | 000,111,624 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2010/04/21 16:00:32 | 000,385,544 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2010/04/21 16:00:32 | 000,034,392 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2010/04/01 13:31:50 | 000,023,424 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Motousbnet.sys -- (Motousbnet)
DRV - [2010/03/10 07:18:20 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ivusb.sys -- (ivusb)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/01/25 18:56:44 | 000,009,472 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motusbdevice.sys -- (motusbdevice)
DRV - [2010/01/04 13:50:02 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/01/04 13:50:02 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/01/04 13:50:02 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/01/04 13:50:02 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/01/04 13:50:02 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009/12/30 11:20:54 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/12/29 21:09:06 | 000,059,904 | ---- | M] (wj32) [Kernel | On_Demand | Stopped] -- C:\Program Files\Process Hacker\kprocesshacker.sys -- (KProcessHacker)
DRV - [2009/12/29 14:10:04 | 000,009,088 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nielgfx.sys -- (NielGfx)
DRV - [2009/12/29 14:09:44 | 000,024,192 | ---- | M] (The Nielsen Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - [2009/12/29 14:08:04 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2009/12/29 14:08:02 | 000,010,368 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2009/12/18 09:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/07 11:35:58 | 000,011,864 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DriveSentryKeeperDriver.sys -- (DriveSentryKeeperDriver)
DRV - [2009/10/07 11:35:47 | 000,016,856 | ---- | M] (DriveSentry Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DriveSentryRegHookDriver.sys -- (DriveSentryRegHookDriver)
DRV - [2009/10/07 11:35:38 | 000,019,800 | ---- | M] (DriveSentry Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DriveSentryFilterDriver2Lite.sys -- (DriveSentryFilterDriver2Lite)
DRV - [2009/10/07 11:35:32 | 000,023,768 | ---- | M] (DriveSentry Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DriveSentryCommsDriver.sys -- (DriveSentryCommsDriver)
DRV - [2009/09/28 18:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/06/30 08:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2009/03/15 15:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009/02/17 07:19:00 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/02/17 07:17:00 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/01/29 16:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/29 16:11:20 | 000,006,016 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motfilt.sys -- (BTCFilterService)
DRV - [2008/08/11 11:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/11/02 14:51:30 | 000,006,400 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2007/06/15 10:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/01/13 10:33:18 | 005,672,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2005/01/10 18:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 18:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/01/07 16:07:16 | 000,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004/10/26 10:22:50 | 000,002,410 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys -- (FreshIO)
DRV - [1999/03/08 13:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.facebook.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://thundercloud.net/start/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "Search The Web"
FF - prefs.js..browser.startup.homepage: "http://thundercloud.net/start/"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.0
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:6.9.1
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:5.2.4.10
FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.52
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.5
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:0.9.9.9
FF - prefs.js..extensions.enabledItems: {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}:1.0.0.0
FF - prefs.js..keyword.URL: "http://search.yahoo....=PCAFSI1143&p="

FF - HKLM\software\mozilla\Firefox\extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files\NetRatingsNetSight\NetSight\meter1\FFAddon\ [2010/08/12 08:39:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Panda Security\Panda ID Protect\Firefox [2010/09/08 14:19:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: H:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/02/18 09:43:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/26 15:43:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/17 04:56:23 | 000,000,000 | ---D | M]

[2010/08/23 17:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Extensions
[2010/04/05 17:41:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Extensions\[email protected]
[2010/03/11 09:30:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Extensions\[email protected]
[2010/11/28 13:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions
[2010/10/27 07:08:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/08/28 07:51:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/20 05:42:15 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/11/26 09:09:27 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/09/23 08:30:30 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/09/14 06:31:02 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/10/29 05:39:00 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2010/11/28 07:44:23 | 000,000,000 | ---D | M] (Somoto Toolbar) -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\{c3721e85-f0ac-4b7e-ae4c-3e738011dc9d}
[2010/11/04 14:41:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/11/26 09:09:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010/09/16 05:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\[email protected]
[2010/11/24 09:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\extensions\[email protected]
[2010/09/25 05:20:28 | 000,002,030 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\Mozilla\Firefox\Profiles\95aab36r.default\searchplugins\MyStart Search.xml
[2010/11/28 13:36:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/11 12:13:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/04 08:34:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/20 15:05:31 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/20 15:05:32 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010/11/28 07:44:33 | 000,002,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\search.xml

O1 HOSTS File: ([2010/07/07 13:00:58 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FlpLauncher Class) - {4401FDC3-7996-4774-8D2B-C1AE9CD6CC25} - C:\Program Files\E-Book Systems\FlipPublisher\FpLaunch.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O2 - BHO: (Somoto Toolbar) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O2 - BHO: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Somoto Toolbar) - {c3721e85-f0ac-4b7e-ae4c-3e738011dc9d} - C:\Program Files\somototoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Big Fish Games Toolbar) - {C7C9FC25-88B0-4682-9C9F-2608E9117647} - C:\Program Files\BfgBar\bfg.dll ()
O3 - HKLM\..\Toolbar: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - H:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Copernic Agent) - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Ocster Backup] C:\Program Files\Ocster Backup\bin\backupClient-ox.exe ()
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKCU..\Run: [360Amigo] H:\Program Files\360Amigo\360Amigo.exe (360 Amigo)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [EarthAlerts] H:\Program Files\Earth Alerts\EarthAlerts.exe (South Wind Technologies)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\Dianne\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [GFI Backup 2009 - Home Edition] H:\Program Files\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe (GFI Software Ltd.)
O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKCU..\Run: [RoboForm] H:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [SkinClock] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Calendar Magic.lnk = C:\EuroSoft\Calendar Magic\calendar.exe (EuroSoft)
O4 - Startup: C:\Documents and Settings\Dianne\Start Menu\Programs\Startup\FSL Launcher.lnk = C:\Program Files\FSL\FSL_Launcher\FSL_Launcher.exe (FSL - FreeSoftLand)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Fill Forms - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Logoff - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O8 - Extra context menu item: RoboForm Toolbar - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Search Using Copernic Agent - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O9 - Extra 'Tools' menuitem : Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O9 - Extra 'Tools' menuitem : Logoff - {320AF880-6646-11D3-ABEE-C5DBF3571F55} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html ()
O9 - Extra Button: Identities - {45DB34C3-955C-11D3-ABEF-444553540000} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O9 - Extra 'Tools' menuitem : Identities Editor - {45DB34C3-955C-11D3-ABEF-444553540000} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html ()
O9 - Extra Button: Passcards - {45DB34C3-955C-11D3-ABEF-444553540001} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra 'Tools' menuitem : Passcards Editor - {45DB34C3-955C-11D3-ABEF-444553540001} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html ()
O9 - Extra Button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\Program Files\Copernic Agent\CopernicAgent.exe (Copernic Technologies Inc.)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - H:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.micr...04/clearadj.cab (CTAdjust Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\copernicagent {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\copernicagentcache {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - File not found
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWNP.dll (CA)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - H:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Dianne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dianne\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/02/17 21:53:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/09/26 15:55:14 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2010/05/05 11:01:30 | 000,000,000 | ---D | M] - D:\AUTORUN_.INF -- [ FAT32 ]
O32 - AutoRun File - [2010/10/29 06:42:10 | 000,000,016 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2001/08/23 07:00:00 | 000,000,110 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/05/05 10:00:55 | 000,000,000 | ---D | M] - T:\AUTORUN_.INF -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/29 11:55:57 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dianne\Desktop\OTL.exe
[2010/11/29 07:35:24 | 000,163,696 | ---- | C] (Altiris) -- C:\WINDOWS\GFIBckHUnwise.EXE
[2010/11/28 13:30:24 | 000,688,640 | ---- | C] (3Planesoft) -- C:\WINDOWS\System32\3Planesoft_Screensaver_Manager.scr
[2010/11/28 13:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\3Planesoft Screensaver Manager
[2010/11/28 13:28:49 | 000,960,512 | ---- | C] (3Planesoft) -- C:\WINDOWS\System32\Autumn_Wonderland_3D_Screensaver.scr
[2010/11/28 13:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\Autumn Wonderland 3D Screensaver
[2010/11/28 11:40:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\LD Fonts
[2010/11/28 11:37:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Lovely Font Pack 39 fonts
[2010/11/28 11:36:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Calligraphics
[2010/11/28 07:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\LittleGamesCompany
[2010/11/28 07:51:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2010/11/28 07:50:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\JodieDrake
[2010/11/28 07:44:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\dtband
[2010/11/28 07:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\somototoolbar
[2010/11/28 07:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\somototoolbar
[2010/11/28 07:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Free Desktop Clock Toolbar
[2010/11/28 07:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Free Desktop Clock
[2010/11/27 15:34:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/11/27 07:38:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysResources Manager
[2010/11/27 07:38:21 | 000,000,000 | ---D | C] -- C:\Program Files\SysResources Manager
[2010/11/26 15:43:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Local Settings\Application Data\360Amigo
[2010/11/25 12:36:44 | 000,000,000 | ---D | C] -- C:\Temp
[2010/11/25 09:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\BrainsBreaker puzzles
[2010/11/24 07:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\My Web CEO Projects
[2010/11/19 10:44:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\lianscripts
[2010/11/19 08:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\DzSoft
[2010/11/18 10:49:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\DVDFab
[2010/11/17 08:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\Sothink
[2010/11/17 04:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Creative Home
[2010/11/17 04:28:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\Creative Home
[2010/11/17 04:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nova Development
[2010/11/16 14:02:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Teorex
[2010/11/16 13:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\Wipe 2011
[2010/11/16 13:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Local Settings\Application Data\MediaMonkey
[2010/11/16 12:51:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\letterkes
[2010/11/16 08:48:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\jellyka_western_princess
[2010/11/16 08:47:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\justice_by_dirt2
[2010/11/15 07:53:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\V CAST Media Manager
[2010/11/15 07:30:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\vlc
[2010/11/15 07:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2010/11/15 07:29:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Local Settings\Application Data\V CAST Media Manager
[2010/11/15 07:28:57 | 000,023,936 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys
[2010/11/15 07:26:41 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010/11/15 07:26:39 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/11/14 13:12:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2010/11/14 13:12:16 | 000,000,000 | ---D | C] -- C:\Program Files\Simple Internet Meter Lite
[2010/11/14 13:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\speedtestv13
[2010/11/14 07:00:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dianne\IECompatCache
[2010/11/14 07:00:06 | 000,000,000 | ---D | C] -- C:\Blogs
[2010/11/14 07:00:06 | 000,000,000 | ---D | C] -- C:\Bills
[2010/11/14 07:00:06 | 000,000,000 | ---D | C] -- C:\Banks
[2010/11/14 07:00:05 | 000,000,000 | ---D | C] -- C:\Design
[2010/11/14 07:00:04 | 000,000,000 | ---D | C] -- C:\Dogs
[2010/11/14 07:00:03 | 000,000,000 | ---D | C] -- C:\Geneaology
[2010/11/14 07:00:03 | 000,000,000 | ---D | C] -- C:\Games
[2010/11/14 07:00:03 | 000,000,000 | ---D | C] -- C:\FaceBook
[2010/11/14 07:00:02 | 000,000,000 | ---D | C] -- C:\MarbleHill
[2010/11/14 07:00:02 | 000,000,000 | ---D | C] -- C:\Low Carb
[2010/11/14 07:00:02 | 000,000,000 | ---D | C] -- C:\Icons
[2010/11/14 07:00:02 | 000,000,000 | ---D | C] -- C:\Groups
[2010/11/14 07:00:01 | 000,000,000 | ---D | C] -- C:\Music
[2010/11/14 07:00:00 | 000,000,000 | ---D | C] -- C:\RS
[2010/11/14 07:00:00 | 000,000,000 | ---D | C] -- C:\My Stuff
[2010/11/14 06:59:58 | 000,000,000 | ---D | C] -- C:\Techie
[2010/11/14 06:59:58 | 000,000,000 | ---D | C] -- C:\Software
[2010/11/14 06:59:57 | 000,000,000 | ---D | C] -- C:\WS4 Tutorials
[2010/11/14 06:59:57 | 000,000,000 | ---D | C] -- C:\WebStudio
[2010/11/14 06:59:57 | 000,000,000 | ---D | C] -- C:\Virus
[2010/11/14 06:59:57 | 000,000,000 | ---D | C] -- C:\Cloud
[2010/11/14 06:55:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dianne\PrivacIE
[2010/11/13 21:01:34 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dianne\IETldCache
[2010/11/13 20:47:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/11/13 20:46:55 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/11/13 20:44:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/11/13 20:14:39 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/11/13 20:14:04 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/11/13 20:12:35 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/11/13 20:12:26 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/11/13 14:08:14 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2010/11/13 14:08:12 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2010/11/13 14:07:40 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2010/11/13 14:04:10 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2010/11/13 09:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\The Revills Games
[2010/11/13 09:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\4 Score Games
[2010/11/13 06:35:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\My Kindle Content
[2010/11/13 06:35:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Local Settings\Application Data\Amazon
[2010/11/13 05:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/11/13 04:54:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/11/13 04:34:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/11/13 04:34:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/11/13 04:34:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/11/13 04:34:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/11/12 17:36:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/11/12 16:49:21 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/11/12 16:49:17 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/11/12 16:49:05 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/11/12 16:49:00 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/11/12 16:48:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/11/12 16:48:58 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/11/12 16:48:56 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/11/12 16:48:56 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/11/12 16:48:54 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/11/12 16:48:51 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/11/12 16:48:51 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/11/12 16:48:51 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/11/12 16:48:50 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/11/12 16:48:50 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/11/12 16:48:50 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2010/11/12 16:48:50 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/11/12 16:48:50 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/11/12 16:48:44 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/11/12 16:48:44 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/11/12 16:48:44 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/11/12 16:48:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/11/12 16:48:40 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/11/12 16:48:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/11/12 16:48:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/11/12 16:48:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/11/12 16:48:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/11/12 16:48:35 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010/11/12 16:48:35 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010/11/12 16:48:29 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/11/12 16:48:29 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/11/12 16:48:29 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/11/12 16:48:29 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/11/12 16:48:29 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/11/12 16:48:29 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/11/12 16:48:29 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/11/12 16:48:28 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/11/12 16:48:27 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/11/12 16:48:27 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/11/12 16:48:27 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/11/12 16:48:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/11/12 16:48:27 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/11/12 16:48:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/11/12 16:48:27 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/11/12 16:48:23 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/11/12 16:48:23 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/11/12 16:48:19 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/11/12 09:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\admintools
[2010/11/12 07:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\Fugazo
[2010/11/10 08:11:50 | 000,389,120 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\igxpun.exe
[2010/11/10 08:11:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/11/10 06:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\Animated Wallpaper Examples
[2010/11/07 08:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\Playrix Entertainment
[2010/11/07 06:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\Hulubulu
[2010/11/06 20:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/11/06 09:52:18 | 000,102,439 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\sipr3260.dll
[2010/11/06 09:52:17 | 001,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2010/11/06 09:52:17 | 000,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2010/11/06 09:52:17 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\Pncrt.dll
[2010/11/06 09:52:17 | 000,217,127 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv43260.dll
[2010/11/06 09:52:17 | 000,208,935 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv33260.dll
[2010/11/06 09:52:17 | 000,176,165 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drv23260.dll
[2010/11/06 09:52:17 | 000,065,602 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\cook3260.dll
[2010/11/06 09:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\VSO
[2010/11/06 09:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\ConvertXToDVD
[2010/11/06 09:17:16 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dianne\Application Data\pcouffin.sys
[2010/11/06 09:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\Vso
[2010/11/06 09:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\PcSetup
[2010/11/06 05:48:11 | 001,000,992 | ---- | C] (Bennet-Tec Information Systems, Inc) -- C:\WINDOWS\System32\TList8.ocx
[2010/11/06 05:48:11 | 000,450,560 | ---- | C] (LogicNP Software (http://www.ssware.com)) -- C:\WINDOWS\System32\fldrvw90.ocx
[2010/11/06 05:48:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\AllDup
[2010/11/06 05:48:10 | 002,344,880 | ---- | C] (Codejock Software) -- C:\WINDOWS\System32\Codejock.CommandBars.v13.2.1.ocx
[2010/11/06 05:48:10 | 000,171,752 | ---- | C] (Michael Thummerer Software Design) -- C:\WINDOWS\System32\mtRTF2.ocx
[2010/11/06 05:48:10 | 000,089,888 | ---- | C] (Michael Thummerer Software Design) -- C:\WINDOWS\System32\mtFrame.ocx
[2010/11/06 05:48:10 | 000,086,016 | ---- | C] (Michael Thummerer Software Design) -- C:\WINDOWS\System32\mtSplitter.ocx
[2010/11/06 05:48:10 | 000,044,736 | ---- | C] (Michael Thummerer Software Design) -- C:\WINDOWS\System32\mtSubclass.dll
[2010/11/05 19:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PhotoMail
[2010/11/05 19:53:54 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoMail Maker
[2010/11/04 16:34:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\Any Video Converter
[2010/11/04 16:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\AnvSoft
[2010/11/04 16:20:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\HamsterSoft
[2010/11/04 08:34:18 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/11/04 08:34:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/11/04 08:34:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/11/03 12:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\Rosie
[2010/11/03 09:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\Zentimo
[2010/11/03 09:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ZentimoService
[2010/11/03 09:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\Zentimo
[2010/11/02 15:30:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fonts\Christmas 2004-1
[2010/10/30 16:43:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Application Data\FontHit
[2010/10/30 16:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\My Documents\My Fonts
[2010/10/30 16:41:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dianne\Local Settings\Application Data\ApplicationHistory
[2010/10/30 16:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\FontHit Software
[2010/10/30 15:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\NexusFont
[2010/10/30 15:37:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2002/04/11 09:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/29 12:13:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/29 11:55:59 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dianne\Desktop\OTL.exe
[2010/11/29 11:55:57 | 000,001,130 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\My DAP Downloads.lnk
[2010/11/29 11:30:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-682003330-1801674531-1003UA.job
[2010/11/29 11:18:32 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2AD53E8D-64D5-4A08-A71F-F5F181E086A1}.job
[2010/11/29 07:35:38 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\GFI Backup 2009 - Home Edition.lnk
[2010/11/29 07:28:10 | 000,013,932 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\otieatkins.PW2
[2010/11/29 07:16:09 | 000,000,825 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ocster Backup Pro.lnk
[2010/11/29 01:13:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/28 16:30:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-602162358-682003330-1801674531-1003Core.job
[2010/11/28 13:31:55 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Play More Playrix Games!.lnk
[2010/11/28 13:31:55 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Atlantis Quest.lnk
[2010/11/28 13:30:24 | 000,688,640 | ---- | M] (3Planesoft) -- C:\WINDOWS\System32\3Planesoft_Screensaver_Manager.scr
[2010/11/28 13:28:53 | 000,000,889 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Autumn Wonderland 3D Wallpaper.lnk
[2010/11/28 13:28:53 | 000,000,883 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Autumn Wonderland 3D Screensaver.lnk
[2010/11/28 07:44:08 | 000,000,535 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\FreeDesktopClock.ini
[2010/11/28 07:43:44 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Free Desktop Clock.lnk
[2010/11/28 07:28:02 | 000,001,103 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Chronicles of Mystery The Legend of the Sacred Treasure.lnk
[2010/11/28 07:23:16 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Kings Smith 2.lnk
[2010/11/28 07:18:06 | 000,012,848 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\otieatkins.1.pw2-bak
[2010/11/27 15:56:58 | 000,001,064 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Mystery Case Files 13th Skull Collectors Edition.lnk
[2010/11/27 15:52:20 | 000,000,973 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Mystery Age 2 The Dark Priests.lnk
[2010/11/27 15:51:24 | 000,001,018 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Hidden Mysteries Salem Secrets.lnk
[2010/11/27 15:49:51 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Master Thief Skyscraping Sting.lnk
[2010/11/27 15:48:42 | 000,001,036 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Nightmare on the Pacific.lnk
[2010/11/27 15:39:53 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Puzzle Agent.lnk
[2010/11/27 15:25:14 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Downtown Secrets.lnk
[2010/11/27 15:23:54 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Dianne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 15:17:54 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pirate Mysteries.lnk
[2010/11/27 15:07:08 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Jodie Drake.lnk
[2010/11/27 15:05:32 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Jane Lucky .lnk
[2010/11/27 15:04:10 | 000,000,910 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\The Mystery of the Dragon Prince.lnk
[2010/11/27 08:19:01 | 000,015,620 | ---- | M] () -- C:\WINDOWS\System32\SystemRs11.sm.SYS
[2010/11/27 08:17:55 | 000,001,704 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\SysResources Manager.lnk
[2010/11/27 07:48:07 | 000,012,848 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\otieatkins.2.pw2-bak
[2010/11/26 15:43:35 | 000,000,583 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\360 Amigo System Speedup.lnk
[2010/11/26 10:50:59 | 000,012,848 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\otieatkins.3.pw2-bak
[2010/11/26 09:16:49 | 000,000,652 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Duplicate Cleaner.lnk
[2010/11/26 07:24:02 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
[2010/11/26 07:15:15 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Boxoft Flac to MP3 (freeware).lnk
[2010/11/26 07:12:51 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Boxoft CD to MP3 (freeware).lnk
[2010/11/26 07:02:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/26 07:00:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/25 18:36:42 | 004,346,504 | ---- | M] () -- C:\WINDOWS\TempCloudAV1125170642_396.csv
[2010/11/25 13:36:53 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
[2010/11/25 12:06:19 | 000,657,840 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/25 09:03:38 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BrainsBreaker.lnk
[2010/11/25 08:46:17 | 000,000,894 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Fishdom Seasons Under the Sea.lnk
[2010/11/25 08:44:46 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Cursed House.lnk
[2010/11/25 08:44:01 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Buried In Time.lnk
[2010/11/25 08:42:58 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Artifact Quest.lnk
[2010/11/24 07:59:30 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\WebCEO.lnk
[2010/11/23 17:09:44 | 524,288,012 | ---- | M] () -- C:\WINDOWS\TempCloudAV1123182743_5100.csv
[2010/11/23 13:27:27 | 000,029,098 | ---- | M] () -- C:\WINDOWS\TempCloudAV1123152516_436.csv
[2010/11/23 04:34:08 | 015,305,119 | ---- | M] () -- C:\WINDOWS\TempCloudAV1123061621_5236.csv
[2010/11/23 01:13:01 | 287,241,893 | ---- | M] () -- C:\WINDOWS\TempCloudAV1123005911_1712.csv
[2010/11/22 20:34:59 | 000,000,948 | ---- | M] () -- C:\WINDOWS\tasks\Paragon Archive name arc_290810150824531.job
[2010/11/22 20:34:33 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\Paragon File Archive name arc_231110012025734_11222010.job
[2010/11/22 19:56:57 | 467,680,110 | ---- | M] () -- C:\WINDOWS\TempCloudAV1122134249_1228.csv
[2010/11/22 19:49:05 | 000,008,192 | ---- | M] () -- C:\s-1-5-21-602162358-682003330-1801674531-1004.rrr
[2010/11/22 04:38:03 | 001,433,370 | ---- | M] () -- C:\WINDOWS\TempCloudAV1122054920_2180.csv
[2010/11/21 08:18:10 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Around the World in 80 Days.lnk
[2010/11/21 08:14:59 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Boxoft Photo Magic Maker.lnk
[2010/11/20 18:06:12 | 000,000,605 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Orgfinances.lnk
[2010/11/20 06:48:41 | 000,000,161 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2010/11/19 18:20:52 | 002,442,117 | ---- | M] () -- C:\WINDOWS\TempCloudAV1119134706_552.csv
[2010/11/19 08:41:40 | 000,000,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Quick Image Resizer.lnk
[2010/11/18 10:47:55 | 000,000,582 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\DVDFab 8.lnk
[2010/11/18 10:40:23 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Data Recovery Wizard 5.0.1.lnk
[2010/11/17 08:16:00 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Flash Menu.lnk
[2010/11/17 08:16:00 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sothink Flash Menu.lnk
[2010/11/16 17:39:39 | 000,581,586 | ---- | M] () -- C:\WINDOWS\TempCloudAV1116183111_992.csv
[2010/11/16 13:25:40 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaMonkey.lnk
[2010/11/16 13:16:34 | 000,000,768 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Booster.lnk
[2010/11/16 12:43:37 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\MiPony.lnk
[2010/11/16 12:43:37 | 000,000,561 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2010/11/15 09:16:21 | 000,926,783 | ---- | M] () -- C:\WINDOWS\TempCloudAV1115120855_2044.csv
[2010/11/15 07:17:07 | 000,493,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/15 07:17:07 | 000,084,052 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/15 03:04:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/11/13 21:01:38 | 000,000,828 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/11/12 17:44:19 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/11/12 15:13:18 | 000,001,886 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Carbonite InfoCenter.lnk
[2010/11/12 12:17:29 | 524,288,163 | ---- | M] () -- C:\WINDOWS\TempCloudAV1112120850_1604.csv
[2010/11/12 09:15:29 | 000,000,055 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Windows XP Tips - Ramesh.url
[2010/11/11 18:56:24 | 000,000,843 | ---- | M] () -- C:\Documents and Settings\Dianne\Start Menu\Programs\Startup\FSL Launcher.lnk
[2010/11/11 11:18:47 | 000,174,216 | ---- | M] () -- C:\WINDOWS\TempCloudAV1111112620_1984.csv
[2010/11/11 07:19:01 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2010/11/10 06:58:34 | 000,161,173 | ---- | M] () -- C:\WINDOWS\Animated Wallpaper Maker Uninstaller.exe
[2010/11/09 00:13:18 | 000,361,061 | ---- | M] () -- C:\WINDOWS\TempCloudAV1108121007_1640.csv
[2010/11/08 06:58:49 | 000,001,044 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\vso_ts_preview.xml
[2010/11/07 08:35:52 | 000,000,022 | ---- | M] () -- C:\WINDOWS\System32\msxml.p2i
[2010/11/07 08:35:52 | 000,000,022 | ---- | M] () -- C:\WINDOWS\msxml.p2i
[2010/11/06 09:52:28 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\inst.exe
[2010/11/06 09:52:28 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Dianne\Application Data\pcouffin.sys
[2010/11/06 09:52:28 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\pcouffin.cat
[2010/11/06 09:52:28 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\pcouffin.inf
[2010/11/05 07:40:18 | 000,000,585 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\burnaware.ini
[2010/11/04 20:31:10 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\Dianne\Desktop\Google Chrome.lnk
[2010/11/04 20:31:10 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/04 15:21:10 | 000,458,661 | ---- | M] () -- C:\Documents and Settings\Dianne\MyMoney.mmw
[2010/11/04 09:21:51 | 000,726,023 | ---- | M] () -- C:\WINDOWS\TempCloudAV1104125030_1528.csv
[2010/11/04 09:19:33 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\_WKERNEL.SYL
[2010/11/03 17:43:46 | 000,000,024 | ---- | M] () -- C:\WINDOWS\AM_D8.PRF
[2010/11/03 16:04:48 | 000,015,086 | ---- | M] () -- C:\WINDOWS\sfudoc.ico
[2010/11/03 12:02:06 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Leesburg VA.doc
[2010/11/03 12:02:06 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Boarding.doc
[2010/11/03 12:02:06 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Timonium MD.doc
[2010/11/03 12:02:06 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Harrisburg PA.doc
[2010/11/03 12:02:06 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita fitchburg jan.doc
[2010/11/03 12:02:06 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Boarding 09.doc
[2010/11/03 12:02:06 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding June 09.doc
[2010/11/03 12:02:06 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding 09.doc
[2010/11/03 12:02:06 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding 0712.doc
[2010/11/03 12:02:06 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Boarding 0803.doc
[2010/11/03 12:02:06 | 000,023,040 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Boarding 0713.doc
[2010/11/03 12:02:06 | 000,022,528 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding June 0705.doc
[2010/11/03 12:02:06 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding May 09.doc
[2010/11/03 12:02:06 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding June 0608.doc
[2010/11/03 09:08:42 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentimo.lnk
[2010/11/01 01:03:06 | 000,787,256 | ---- | M] () -- C:\WINDOWS\trashco.ttf
[2010/11/01 01:03:06 | 000,701,820 | ---- | M] () -- C:\WINDOWS\PANHEAD_.ttf
[2010/11/01 01:03:06 | 000,323,352 | ---- | M] () -- C:\WINDOWS\Jellyka_Castle_s_Queen.ttf
[2010/11/01 01:03:06 | 000,119,000 | ---- | M] () -- C:\WINDOWS\OlhodeBoi.ttf
[2010/11/01 01:03:06 | 000,103,176 | ---- | M] () -- C:\WINDOWS\VtksSonho.ttf
[2010/11/01 01:03:06 | 000,085,808 | ---- | M] () -- C:\WINDOWS\MINUS___.TTF
[2010/11/01 01:03:06 | 000,077,204 | ---- | M] () -- C:\WINDOWS\Waste.ttf
[2010/11/01 01:03:06 | 000,035,328 | ---- | M] () -- C:\WINDOWS\The_Chemical_Parade_by_ravenblackhardt.ttf
[2010/11/01 01:03:06 | 000,026,500 | ---- | M] () -- C:\WINDOWS\scrubble.ttf
[2010/10/30 20:50:54 | 000,296,724 | ---- | M] () -- C:\WINDOWS\TempCloudAV1030213651_1764.csv
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/29 07:35:38 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\GFI Backup 2009 - Home Edition.lnk
[2010/11/29 07:16:09 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ocster Backup Pro.lnk
[2010/11/28 13:31:55 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Atlantis Quest.lnk
[2010/11/28 13:28:53 | 000,000,889 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Autumn Wonderland 3D Wallpaper.lnk
[2010/11/28 13:28:53 | 000,000,883 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Autumn Wonderland 3D Screensaver.lnk
[2010/11/28 07:44:07 | 000,000,535 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\FreeDesktopClock.ini
[2010/11/28 07:43:44 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Free Desktop Clock.lnk
[2010/11/28 07:28:01 | 000,001,103 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Chronicles of Mystery The Legend of the Sacred Treasure.lnk
[2010/11/28 07:23:16 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Kings Smith 2.lnk
[2010/11/27 15:56:58 | 000,001,064 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Mystery Case Files 13th Skull Collectors Edition.lnk
[2010/11/27 15:52:19 | 000,000,973 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Mystery Age 2 The Dark Priests.lnk
[2010/11/27 15:51:24 | 000,001,018 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Hidden Mysteries Salem Secrets.lnk
[2010/11/27 15:49:51 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Master Thief Skyscraping Sting.lnk
[2010/11/27 15:48:42 | 000,001,036 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Nightmare on the Pacific.lnk
[2010/11/27 15:39:53 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Puzzle Agent.lnk
[2010/11/27 15:25:13 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Downtown Secrets.lnk
[2010/11/27 15:17:54 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pirate Mysteries.lnk
[2010/11/27 15:07:08 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Jodie Drake.lnk
[2010/11/27 15:05:32 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Jane Lucky .lnk
[2010/11/27 15:04:10 | 000,000,910 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\The Mystery of the Dragon Prince.lnk
[2010/11/27 08:19:01 | 000,015,620 | ---- | C] () -- C:\WINDOWS\System32\SystemRs11.sm.SYS
[2010/11/27 07:38:26 | 000,001,704 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\SysResources Manager.lnk
[2010/11/26 15:43:35 | 000,000,583 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\360 Amigo System Speedup.lnk
[2010/11/26 09:16:49 | 000,000,652 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Duplicate Cleaner.lnk
[2010/11/26 07:15:15 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Boxoft Flac to MP3 (freeware).lnk
[2010/11/26 07:12:51 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Boxoft CD to MP3 (freeware).lnk
[2010/11/25 13:36:53 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MediaMonkey.lnk
[2010/11/25 12:07:22 | 004,346,504 | ---- | C] () -- C:\WINDOWS\TempCloudAV1125170642_396.csv
[2010/11/25 09:03:38 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BrainsBreaker.lnk
[2010/11/25 08:46:17 | 000,000,894 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Fishdom Seasons Under the Sea.lnk
[2010/11/25 08:44:46 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Cursed House.lnk
[2010/11/25 08:44:01 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Buried In Time.lnk
[2010/11/25 08:42:58 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Artifact Quest.lnk
[2010/11/24 07:58:27 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\WebCEO.lnk
[2010/11/23 13:48:15 | 524,288,012 | ---- | C] () -- C:\WINDOWS\TempCloudAV1123182743_5100.csv
[2010/11/23 10:25:53 | 000,029,098 | ---- | C] () -- C:\WINDOWS\TempCloudAV1123152516_436.csv
[2010/11/23 01:18:18 | 015,305,119 | ---- | C] () -- C:\WINDOWS\TempCloudAV1123061621_5236.csv
[2010/11/22 20:34:33 | 000,000,966 | ---- | C] () -- C:\WINDOWS\tasks\Paragon File Archive name arc_231110012025734_11222010.job
[2010/11/22 20:04:07 | 287,241,893 | ---- | C] () -- C:\WINDOWS\TempCloudAV1123005911_1712.csv
[2010/11/22 19:49:05 | 000,008,192 | ---- | C] () -- C:\s-1-5-21-602162358-682003330-1801674531-1004.rrr
[2010/11/22 08:43:29 | 467,680,110 | ---- | C] () -- C:\WINDOWS\TempCloudAV1122134249_1228.csv
[2010/11/22 00:50:30 | 001,433,370 | ---- | C] () -- C:\WINDOWS\TempCloudAV1122054920_2180.csv
[2010/11/21 08:18:10 | 000,000,898 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Around the World in 80 Days.lnk
[2010/11/21 08:14:59 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Boxoft Photo Magic Maker.lnk
[2010/11/20 18:06:12 | 000,000,605 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Orgfinances.lnk
[2010/11/19 08:48:15 | 002,442,117 | ---- | C] () -- C:\WINDOWS\TempCloudAV1119134706_552.csv
[2010/11/19 08:41:40 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Quick Image Resizer.lnk
[2010/11/18 10:47:55 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\DVDFab 8.lnk
[2010/11/18 10:40:23 | 000,000,768 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Data Recovery Wizard 5.0.1.lnk
[2010/11/17 08:16:00 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Flash Menu.lnk
[2010/11/17 08:16:00 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sothink Flash Menu.lnk
[2010/11/17 08:15:46 | 000,015,086 | ---- | C] () -- C:\WINDOWS\sfudoc.ico
[2010/11/16 13:32:19 | 000,581,586 | ---- | C] () -- C:\WINDOWS\TempCloudAV1116183111_992.csv
[2010/11/16 13:25:40 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\MediaMonkey.lnk
[2010/11/16 13:16:34 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
[2010/11/15 07:26:41 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/11/15 07:10:16 | 000,926,783 | ---- | C] () -- C:\WINDOWS\TempCloudAV1115120855_2044.csv
[2010/11/14 07:00:14 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2AD53E8D-64D5-4A08-A71F-F5F181E086A1}.job
[2010/11/12 16:48:35 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/11/12 15:13:18 | 000,001,886 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Carbonite InfoCenter.lnk
[2010/11/12 09:15:28 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Windows XP Tips - Ramesh.url
[2010/11/12 07:12:06 | 524,288,163 | ---- | C] () -- C:\WINDOWS\TempCloudAV1112120850_1604.csv
[2010/11/11 18:56:24 | 000,000,843 | ---- | C] () -- C:\Documents and Settings\Dianne\Start Menu\Programs\Startup\FSL Launcher.lnk
[2010/11/11 06:27:11 | 000,174,216 | ---- | C] () -- C:\WINDOWS\TempCloudAV1111112620_1984.csv
[2010/11/10 08:39:40 | 000,012,848 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\otieatkins.3.pw2-bak
[2010/11/10 08:39:40 | 000,012,848 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\otieatkins.2.pw2-bak
[2010/11/10 08:39:40 | 000,012,848 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\otieatkins.1.pw2-bak
[2010/11/10 06:58:34 | 000,161,173 | ---- | C] () -- C:\WINDOWS\Animated Wallpaper Maker Uninstaller.exe
[2010/11/10 03:24:47 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sysres10.dat
[2010/11/08 07:42:11 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\MiPony.lnk
[2010/11/08 07:42:11 | 000,000,561 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk
[2010/11/08 07:10:57 | 000,361,061 | ---- | C] () -- C:\WINDOWS\TempCloudAV1108121007_1640.csv
[2010/11/07 08:37:26 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Dianne\Desktop\Play More Playrix Games!.lnk
[2010/11/07 08:35:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\msxml.p2i
[2010/11/07 08:35:52 | 000,000,022 | ---- | C] () -- C:\WINDOWS\msxml.p2i
[2010/11/06 09:17:41 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\vso_ts_preview.xml
[2010/11/06 09:17:26 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\pcouffin.log
[2010/11/06 09:17:16 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\inst.exe
[2010/11/06 09:17:16 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\pcouffin.cat
[2010/11/06 09:17:16 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\pcouffin.inf
[2010/11/04 07:52:39 | 000,726,023 | ---- | C] () -- C:\WINDOWS\TempCloudAV1104125030_1528.csv
[2010/11/03 17:43:46 | 000,000,024 | ---- | C] () -- C:\WINDOWS\AM_D8.PRF
[2010/11/03 12:06:12 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Leesburg VA.doc
[2010/11/03 12:06:12 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Boarding.doc
[2010/11/03 12:06:12 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Timonium MD.doc
[2010/11/03 12:06:12 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Harrisburg PA.doc
[2010/11/03 12:06:12 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita fitchburg jan.doc
[2010/11/03 12:06:12 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Boarding 09.doc
[2010/11/03 12:06:12 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding June 09.doc
[2010/11/03 12:06:12 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding 09.doc
[2010/11/03 12:06:12 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding 0712.doc
[2010/11/03 12:06:12 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Boarding 0803.doc
[2010/11/03 12:06:12 | 000,023,040 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rosalita Boarding 0713.doc
[2010/11/03 12:06:12 | 000,022,528 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding June 0705.doc
[2010/11/03 12:06:12 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding May 09.doc
[2010/11/03 12:06:12 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Dianne\My Documents\Rumor Rosalita Boarding June 0608.doc
[2010/11/03 09:08:42 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Zentimo.lnk
[2010/11/01 07:55:33 | 000,787,256 | ---- | C] () -- C:\WINDOWS\trashco.ttf
[2010/11/01 07:55:33 | 000,701,820 | ---- | C] () -- C:\WINDOWS\PANHEAD_.ttf
[2010/11/01 07:55:33 | 000,119,000 | ---- | C] () -- C:\WINDOWS\OlhodeBoi.ttf
[2010/11/01 07:55:33 | 000,103,176 | ---- | C] () -- C:\WINDOWS\VtksSonho.ttf
[2010/11/01 07:55:33 | 000,077,204 | ---- | C] () -- C:\WINDOWS\Waste.ttf
[2010/11/01 07:55:33 | 000,035,328 | ---- | C] () -- C:\WINDOWS\The_Chemical_Parade_by_ravenblackhardt.ttf
[2010/11/01 07:55:33 | 000,026,500 | ---- | C] () -- C:\WINDOWS\scrubble.ttf
[2010/11/01 07:55:32 | 000,323,352 | ---- | C] () -- C:\WINDOWS\Jellyka_Castle_s_Queen.ttf
[2010/11/01 07:55:32 | 000,085,808 | ---- | C] () -- C:\WINDOWS\MINUS___.TTF
[2010/10/30 16:38:20 | 000,296,724 | ---- | C] () -- C:\WINDOWS\TempCloudAV1030213651_1764.csv
[2010/10/30 09:47:14 | 000,002,686 | ---- | C] () -- C:\WINDOWS\ips.INI
[2010/10/30 09:24:25 | 000,855,641 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\PandaIDProtectHelp.chm
[2010/10/27 04:37:37 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\init.dll
[2010/10/27 04:37:37 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\SYSTEM32.dll
[2010/10/27 04:37:27 | 000,000,701 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\sound.dll
[2010/10/27 04:35:43 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/10/27 04:35:35 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2010/09/02 06:27:46 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2010/09/02 06:27:31 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2010/09/02 06:27:31 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2010/08/19 20:14:58 | 001,054,032 | ---- | C] () -- C:\WINDOWS\System32\cfgmig32.dll
[2010/08/19 18:57:12 | 002,385,136 | ---- | C] () -- C:\WINDOWS\System32\winsflt_x64.dll
[2010/08/17 17:32:12 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/08/17 17:32:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2010/08/17 17:32:02 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\Mp3Ctrl.dll
[2010/08/08 07:07:34 | 000,219,136 | ---- | C] () -- C:\WINDOWS\sqlite3_engine.dll
[2010/08/08 07:07:18 | 000,219,136 | ---- | C] () -- C:\WINDOWS\System32\sqlite3_engine.dll
[2010/07/21 08:17:46 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Winlogonevents.dll
[2010/07/21 08:17:46 | 000,011,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\DriveSentryKeeperDriver.sys
[2010/07/10 07:13:18 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2010/06/26 08:54:05 | 000,000,585 | ---- | C] () -- C:\Documents and Settings\Dianne\Application Data\burnaware.ini
[2010/06/24 10:58:26 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2010/06/24 10:56:21 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2010/06/24 10:56:21 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2010/05/28 20:02:16 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/05/08 10:37:03 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Rav.ini
[2010/04/29 08:08:30 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/29 08:08:12 | 000,231,976 | ---- | C] () -- C:\WINDOWS\System32\eDoc.Organizer_nat.dll
[2010/04/10 07:32:20 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ITNetUtils.dll
[2010/04/10 07:32:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\diffiedll.dll
[2010/03/25 07:56:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Curses.INI
[2010/03/17 17:49:10 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Dianne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/13 20:05:10 | 000,000,097 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2010/03/11 10:36:29 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2010/03/10 19:29:40 | 000,000,100 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2010/03/10 09:05:55 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2010/03/09 13:20:38 | 000,001,714 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2010/03/09 13:20:26 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2010/03/04 07:16:31 | 000,000,224 | ---- | C] () -- C:\WINDOWS\MP32WAV.INI
[2010/03/03 04:58:22 | 000,000,228 | ---- | C] () -- C:\WINDOWS\Q-Dir.ini
[2010/03/02 11:06:39 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/02/21 09:19:49 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\ludap17.ini
[2010/02/21 09:19:49 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/02/21 07:43:35 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010/02/21 05:49:49 | 000,004,925 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dnlfgmeo.zuz
[2010/02/17 12:14:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/12/23 10:29:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\KmxAgent.sys
[2009/10/03 12:36:01 | 011,476,992 | ---- | C] () -- C:\WINDOWS\System32\common_res.dll
[2009/09/30 15:51:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\KmxCfg.sys
[2009/06/08 09:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\kmxstart.sys
[2009/03/15 15:13:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2008/02/05 13:28:20 | 000,000,051 | ---- | C] () -- C:\Documents and Settings\Dianne\Local Settings\Application Data\setup.txt
[2007/02/06 23:58:00 | 000,000,525 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2005/05/03 19:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2005/02/05 14:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004/04/28 14:17:44 | 000,002,372 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/10/30 12:29:00 | 000,000,187 | ---- | C] () -- C:\WINDOWS\System32\lxbvcoin.ini
[2003/10/02 18:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2002/11/13 10:40:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbvvs.dll
[2002/07/01 09:13:30 | 000,000,229 | -HS- | C] () -- C:\Documents and Settings\Dianne\Application Data\matrox_drv16.dat
[2002/07/01 09:13:30 | 000,000,224 | -HS- | C] () -- C:\Documents and Settings\Dianne\Application Data\brun_nbeta12.dat
[1998/01/13 14:52:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\LOTRN13.DLL
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B50A605
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:72F57408
@Alternate Data Stream - 266 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF
@Alternate Data Stream - 254 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D74B6CF5
@Alternate Data Stream - 236 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918B7566
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5E90ED3
@Alternate Data Stream - 220 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98982C88
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:08D8BB20
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8944C195
@Alternate Data Stream - 217 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4CF76F21
@Alternate Data Stream - 211 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98DFF516
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0AC32449
@Alternate Data Stream - 208 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:090FB735
@Alternate Data Stream - 206 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC0A74A1
@Alternate Data Stream - 204 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0ED4AC2F
@Alternate Data Stream - 202 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93F3E4C9
@Alternate Data Stream - 199 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1E61D6A
@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7547DA5B
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F
@Alternate Data Stream - 185 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F68098AE
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B9D8E22
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FB65A4AA
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2398E95B
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B4F0E275
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0656FCD2
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F64FC07C
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1CD2545
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:75494C12
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:19823AC6
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:57B2B96C
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:242231A9
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DA424AA
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BFE23423
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E06C78F
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C43ED645
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4573A78F
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A296A63F
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F95AE81
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D507B5A8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61F0C8FB
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D853F961

< End of report >
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP