Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multimedia Card Reader Resource is not enough [Solved]

Started by mid01 , Apr 22 2010 01:04 PM

  • This topic is locked This topic is locked

#1
mid01
Posted 22 April 2010 - 01:04 PM

mid01

    Member

  • Member
  • PipPip
  • 11 posts
Greetings,
I am writing this posting on my laptop as my desktop currently has no internet connection as a result of what I think is an infection. I received the following message yesterday:
This system is shutting down. Please save all work in progress and log off. Any unsaved changes will be lost. This shutdown initiated by NT Authority\System."
"Windows must now restart because the DCOM Server Process Launcher Service terminated unexpectedly."
After rebooting the system several times with the same result this message stopped and I then received the following : “Multimedia Card Reader Resource is not enough”
which has continued to show up after I turn on the pc.
Since then I have noticed that my taskbar has changed color on the desktop, there is no sound, no internet access, and I cannot copy and paste files within windows (I was able to do this at the MSDOS level however). If I open a word document I get the following message: “ This document could not be registered. It will not be possible to create links
from other documents to this document.” I also cannot print to the printer. In addition, McAfee virus protection cannot be opened, and never gave me any type of warning at any time.
I have just completed running the Microsoft Malicious Software Tool which stated it found no malicious software including “netsky” which my symptoms appear to resemble.
I have tried running in windows safe mode with networking and still could not connect
to the internet.
I hope I have been clear enough in describing the symptoms. My main concern now is since I have no internet connection to the desktop, any files sent to me or logs posted back by me will have to go through my laptop and then copied via a disk or memory stick to/from the desktop. I don’t want to infect the laptop while trying to fix the desktop. Any help or suggestions will be appreciated.

Regards, mid01
  • 0

Advertisements

#2
mpascal
Posted 24 April 2010 - 03:37 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi mid01,

Welcome to Geeks To Go!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.
First on your laptop with the USB stick plugged in, run the following:

Download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you run it. Don't delete this folder...it will help protect your drives from future infection.

Are you still getting automatic shut downs on your desktop?
  • 0

#3
mid01
Posted 24 April 2010 - 05:53 PM

mid01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello mpascal,

Thank you for the reply. I was not sure how soon I would get a reply so I decided to try doing a system recovery with the disks that I made when I first bought this pc. I have done that today and have been able to get internet access back directly to the desktop along with reinstalling McAfee. I have done what you suggested in terms of using the flash disinfector on the flash drives but can now work directly on the desktop. The symptoms I mentioned have all stopped since the the system recovery and the desktop appears to be working as before. I am guessing now the next steps would involve using some of the tools listed on you website to ensure this problem will not reappear. I will not doing anything more until I hear from you regarding next steps.

Thanks again, mid01
  • 0

#4
mpascal
Posted 24 April 2010 - 07:03 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi mid01,

I'd like to get a few logs first just to make sure that there is nothing hiding on your system.

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.

  • 0

#5
mid01
Posted 25 April 2010 - 07:39 AM

mid01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello mpascal,

I just completed the scan with otl as you requested. Here are the two files OTListIt.Txt and Extras.txt:

OTListIt.Txt
OTL logfile created on: 4/25/2010 8:30:57 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 83.49 Gb Free Space | 57.46% Space Free | Partition Type: NTFS
Drive D: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.83% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNNYBOY
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\zHotkey.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\HKNTDLL.dll ()


========== Win32 Services (SafeList) ==========

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/24 17:29:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100424171314.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/24 19:09:30 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/26 14:03:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/25 08:20:24 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/04/24 21:22:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/24 21:13:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/24 20:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/24 20:15:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/24 20:15:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/24 20:15:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/24 20:09:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/24 20:04:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/24 19:58:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/04/24 19:09:30 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/24 19:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\U3
[2010/04/24 18:54:39 | 000,000,000 | ---D | C] -- C:\d9717a6c62027bca62e7
[2010/04/24 17:40:39 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/24 17:40:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/04/24 17:40:37 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/24 17:40:37 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/24 17:40:37 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/24 17:40:37 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/24 17:40:37 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/24 17:40:37 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/24 17:40:36 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/04/24 17:40:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/24 17:40:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/04/24 17:40:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/04/24 17:40:29 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/24 17:40:29 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/04/24 17:40:29 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/04/24 17:40:29 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/04/24 17:40:29 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/24 17:40:29 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/04/24 17:40:28 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/24 17:40:28 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/04/24 17:40:28 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/04/24 17:40:28 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/24 17:40:28 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/04/24 17:40:28 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/04/24 17:40:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/24 17:40:25 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/04/24 17:40:25 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/24 17:40:25 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/24 17:40:25 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/24 17:40:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/24 17:40:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/24 17:40:24 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/24 17:40:23 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/24 17:40:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/24 17:40:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/24 17:40:18 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/24 17:40:15 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/24 17:40:15 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/24 17:40:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/24 17:40:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/24 17:40:15 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/04/24 17:40:14 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/04/24 17:40:14 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/24 17:40:14 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/24 17:40:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2010/04/24 17:40:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/04/24 17:40:13 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/24 17:40:12 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/24 17:40:12 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/24 17:39:59 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/24 17:39:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/24 17:39:59 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/24 17:39:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/24 17:39:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/24 17:39:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/24 17:39:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/24 17:39:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/24 17:39:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/24 17:39:42 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/04/24 17:39:40 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/04/24 17:39:39 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/04/24 17:39:37 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/04/24 17:39:35 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/24 17:39:35 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/24 17:39:35 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/24 17:39:35 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/24 17:39:35 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/24 17:39:35 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/24 17:39:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/24 17:39:33 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/24 17:39:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/24 17:39:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/24 17:39:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/24 17:39:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/24 17:39:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/24 17:39:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/24 17:39:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/24 17:39:26 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/04/24 17:39:25 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/24 17:39:25 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/04/24 17:39:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/24 17:39:24 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/24 17:39:24 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/24 17:39:24 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/24 17:39:24 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/24 17:39:24 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/24 17:39:24 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/04/24 17:39:24 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/24 17:39:24 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/24 17:39:24 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/04/24 17:39:24 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/04/24 17:39:24 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/04/24 17:39:24 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/04/24 17:39:24 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/24 17:39:24 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/04/24 17:39:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/24 17:39:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/24 17:39:24 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/04/24 17:39:24 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/04/24 17:39:23 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/04/24 17:39:23 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/04/24 17:39:23 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/24 17:39:23 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/24 17:39:23 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/24 17:39:23 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/24 17:39:23 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/24 17:39:23 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/24 17:39:23 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/24 17:39:23 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/24 17:39:23 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/24 17:39:23 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/24 17:39:23 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/24 17:39:23 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/24 17:39:23 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/04/24 17:39:23 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/04/24 17:39:23 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/04/24 17:39:23 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/04/24 17:39:23 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/04/24 17:39:23 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/04/24 17:39:23 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/04/24 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/04/24 17:15:14 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/04/24 17:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/04/24 17:13:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/24 17:13:05 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/24 17:13:04 | 000,312,584 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/24 17:13:04 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/24 17:13:04 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/24 17:13:04 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/24 17:13:04 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/24 17:13:04 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/24 17:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/04/24 17:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/04/24 17:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/04/24 16:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/04/24 16:27:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/24 16:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/24 16:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2010/04/24 16:08:28 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/04/24 15:31:59 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/24 15:31:05 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/24 15:25:42 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/24 15:23:42 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/24 15:19:57 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/24 15:19:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/24 15:19:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/24 15:19:35 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/24 15:05:44 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/24 15:05:31 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/24 15:05:24 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/24 15:05:10 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/24 14:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/04/24 14:55:52 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2010/04/24 14:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/24 14:54:23 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/24 14:53:26 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2010/04/24 14:53:17 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2010/04/24 14:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Yahoo
[2010/04/24 14:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Google
[2010/04/24 14:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/04/24 14:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/24 14:46:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John\PrivacIE
[2010/04/24 14:37:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/04/24 14:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/24 14:29:03 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2010/04/24 14:29:03 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/04/24 14:29:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2010/04/24 14:29:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/04/24 14:28:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/04/24 14:12:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John\IETldCache
[2010/04/24 14:11:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\StartHtmico
[2010/04/24 14:10:56 | 000,139,776 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM75.DLL
[2010/04/24 14:10:54 | 000,090,112 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMCP75.exe
[2010/04/24 14:10:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/24 14:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/04/24 14:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/24 14:09:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/04/24 14:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/04/24 14:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/04/24 14:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Yahoo!
[2010/04/24 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/24 14:08:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/24 14:06:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/24 14:06:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/04/24 14:03:05 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/24 14:03:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/24 14:03:03 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/24 13:46:35 | 000,033,340 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsqlgc.dll
[2010/04/24 13:46:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsgnet.dll
[2010/04/24 13:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/04/24 13:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\ApplicationHistory
[2010/04/24 13:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2010/04/24 13:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2010/04/24 13:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Small Business
[2010/04/24 13:22:27 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010/04/24 13:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/04/24 13:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Google
[2010/04/24 13:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/24 13:20:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/24 13:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/24 13:19:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\John\Application Data\Microsoft
[2010/04/24 13:19:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Application Data
[2010/04/24 13:19:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\Favorites
[2010/04/24 13:19:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John\Cookies
[2010/04/24 13:19:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John\Local Settings
[2010/04/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\SampleView
[2010/04/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Microsoft
[2010/04/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\McAfee
[2010/04/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Identities
[2010/04/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop
[2010/04/24 13:19:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\SendTo
[2010/04/24 13:19:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Recent
[2010/04/24 13:19:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\Start Menu
[2010/04/24 13:19:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\My Documents\My Pictures
[2010/04/24 13:19:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\My Documents\My Music
[2010/04/24 13:19:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\My Documents
[2010/04/24 13:19:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John\Templates
[2010/04/24 13:19:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John\PrintHood
[2010/04/24 13:19:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John\NetHood
[2010/04/24 13:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\WINDOWS
[2010/04/24 13:14:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/24 13:13:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/24 13:00:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/24 12:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/24 12:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2010/04/24 12:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Linksys_LLC_-_A_Division_
[2010/04/24 12:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2010/04/24 12:58:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
[2010/04/24 12:58:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/04/24 12:57:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\POWERCFG.EXE
[2010/04/24 12:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
[2010/04/24 12:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2005
[2010/04/24 12:57:01 | 000,020,480 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2010/04/24 12:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2010/04/24 12:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/04/24 12:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/24 12:55:44 | 000,351,526 | ---- | C] (Wilson WindowWare, Inc.) -- C:\WINDOWS\WBDDA34I.DLL
[2010/04/24 12:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/24 12:52:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/04/24 12:52:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/24 12:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/24 12:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/04/24 12:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/04/24 12:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/04/24 12:52:01 | 000,018,000 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2010/04/24 12:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\BigFix
[2010/04/24 12:51:50 | 001,658,880 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\UNNeroBurnRights.exe
[2010/04/24 12:51:50 | 000,057,344 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\NeroBurnRights.cpl
[2010/04/24 12:51:50 | 000,053,248 | ---- | C] (Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: [email protected]) -- C:\WINDOWS\System32\NeroCo.dll
[2010/04/24 12:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/24 12:51:31 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010/04/24 12:51:07 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/04/24 12:51:05 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll
[2010/04/24 12:51:05 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll
[2010/04/24 12:51:05 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll
[2010/04/24 12:51:05 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/04/24 12:51:05 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2010/04/24 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/04/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/04/24 12:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/04/24 12:50:49 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSComCt2.ocx
[2010/04/24 12:50:49 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RichTx32.ocx
[2010/04/24 12:50:49 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msstdfmt.dll
[2010/04/24 12:50:49 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSInet.ocx
[2010/04/24 12:50:49 | 000,102,400 | ---- | C] (4Developers LLC) -- C:\WINDOWS\System32\SimpleRegistry.dll
[2010/04/24 12:50:49 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2010/04/24 12:50:48 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2010/04/24 12:50:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2010/04/24 12:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2010/04/24 12:50:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2010/04/24 12:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Learn2.com
[2010/04/24 12:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/04/24 12:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/24 12:50:42 | 001,483,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.bak
[2010/04/24 12:50:35 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010/04/24 12:50:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/04/24 12:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/24 12:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/04/24 12:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2010/04/24 12:50:01 | 000,008,552 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys
[2010/04/24 12:50:01 | 000,000,000 | ---D | C] -- C:\My Music
[2010/04/24 12:49:59 | 000,157,696 | ---- | C] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/04/24 12:49:59 | 000,024,576 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\prefscpl.cpl
[2010/04/24 12:49:59 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/04/24 12:49:59 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/04/24 12:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/04/24 12:49:58 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/24 12:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/04/24 12:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2010/04/24 12:49:31 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010/04/24 12:49:31 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2010/04/24 12:49:31 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx
[2010/04/24 12:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/04/24 12:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/04/24 12:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Media Reader
[2010/04/24 12:48:04 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/04/24 12:48:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/04/24 12:47:59 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/04/24 12:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/24 12:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/24 12:47:19 | 000,487,424 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/04/24 12:47:19 | 000,344,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010/04/24 12:47:19 | 000,212,480 | R--- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL
[2010/04/24 12:47:19 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2010/04/24 12:47:19 | 000,076,288 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PUBOLE32.DLL
[2010/04/24 12:47:19 | 000,037,888 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ochlp30e.dll
[2010/04/24 12:47:18 | 000,133,904 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcans32.dll
[2010/04/24 12:47:18 | 000,091,136 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msls2.dll
[2010/04/24 12:47:18 | 000,054,784 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvci70.dll
[2010/04/24 12:47:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcuia32.dll
[2010/04/24 12:47:17 | 000,716,288 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltwvc11n.dll
[2010/04/24 12:47:17 | 000,392,192 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTKRN11N.DLL
[2010/04/24 12:47:17 | 000,127,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTIMG11N.DLL
[2010/04/24 12:47:17 | 000,118,784 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil11n.DLL
[2010/04/24 12:47:16 | 000,285,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP11n.DLL
[2010/04/24 12:47:16 | 000,262,656 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTDIS11n.dll
[2010/04/24 12:47:16 | 000,172,032 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfpng11n.dll
[2010/04/24 12:47:16 | 000,152,064 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFTIF11N.DLL
[2010/04/24 12:47:16 | 000,081,408 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFFAX11N.DLL
[2010/04/24 12:47:16 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFWMF11N.DLL
[2010/04/24 12:47:16 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPSD11N.DLL
[2010/04/24 12:47:16 | 000,041,472 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfgif11n.dll
[2010/04/24 12:47:16 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFBMP11N.DLL
[2010/04/24 12:47:16 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPCX11N.DLL
[2010/04/24 12:47:16 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFEPS11N.DLL
[2010/04/24 12:47:16 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFTGA11N.DLL
[2010/04/24 12:47:16 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPCD11N.DLL
[2010/04/24 12:47:15 | 000,031,744 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlp95en.dll
[2010/04/24 12:47:01 | 000,023,984 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2010/04/24 12:46:57 | 000,025,264 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2010/04/24 12:46:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/24 12:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/04/24 12:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/24 12:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/24 12:46:25 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/24 12:46:25 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/24 12:46:25 | 000,069,632 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/24 12:46:24 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/24 12:46:09 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/04/24 12:46:09 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/04/24 12:46:09 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/04/24 12:46:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/04/24 12:46:01 | 002,297,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS
[2010/04/24 12:46:01 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/04/24 12:45:56 | 009,319,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.EXE
[2010/04/24 12:45:54 | 016,162,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/04/24 12:45:54 | 000,208,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2010/04/24 12:45:54 | 000,139,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2010/04/24 12:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Sun
[2010/04/24 12:45:00 | 000,939,368 | R--- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\myflash.ocx
[2010/04/24 12:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Adobe
[2010/04/24 12:40:07 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2010/04/24 12:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/04/24 12:39:56 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/24 12:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/24 12:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2010/04/24 12:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\New Boundary
[2010/04/24 12:35:00 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/04/24 12:35:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/04/24 12:34:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/04/24 12:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/04/24 12:33:15 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2010/04/24 12:33:14 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2010/04/24 12:33:08 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2010/04/24 12:32:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2010/04/24 12:30:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/24 12:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\creator
[2010/04/24 12:23:17 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/04/24 12:23:16 | 001,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DP.sys
[2010/04/24 12:23:16 | 000,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_CNXT.sys
[2010/04/24 12:23:16 | 000,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSFHWBS2.sys
[2010/04/24 12:23:16 | 000,039,018 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\HSFCI011.dll
[2010/04/24 12:23:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2010/04/24 12:22:22 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/04/24 12:22:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/04/24 12:22:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/04/24 12:22:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/04/24 12:22:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/04/24 12:22:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/04/24 12:21:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/04/24 12:17:00 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/24 12:12:59 | 000,000,000 | ---D | C] -- C:\My Backup -- 24-04-10 0912
[2010/04/24 12:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Macromedia
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/25 08:20:25 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/04/25 08:16:25 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/04/25 08:14:58 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/25 08:14:56 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/25 08:14:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/25 08:14:20 | 3353,923,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/24 21:53:06 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\John\NTUSER.DAT
[2010/04/24 21:53:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/04/24 21:27:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/24 21:18:24 | 000,548,112 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/24 21:18:24 | 000,459,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/24 21:18:24 | 000,079,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/24 21:15:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/24 21:13:25 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 21:12:08 | 000,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/24 20:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 20:09:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/24 19:08:08 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Flash_Disinfector.exe
[2010/04/24 16:38:25 | 005,336,516 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2010/04/24 16:15:22 | 000,002,127 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk
[2010/04/24 16:08:30 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Battle for Middle-earth ™ II.lnk
[2010/04/24 14:42:38 | 000,046,976 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 14:35:54 | 000,000,598 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/24 14:35:45 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/04/24 14:12:24 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
[2010/04/24 14:11:14 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iP1600 On-screen Manual.lnk
[2010/04/24 13:56:07 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/04/24 13:46:36 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2010/04/24 13:45:14 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2010/04/24 13:45:07 | 000,000,466 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/04/24 13:22:43 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/24 13:19:56 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Windows Media Player.lnk
[2010/04/24 13:19:20 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/24 13:19:18 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/24 13:19:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/24 13:08:08 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/24 13:00:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\emachines_T6212__.MRK
[2010/04/24 13:00:35 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/04/24 13:00:15 | 000,001,182 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/04/24 13:00:15 | 000,000,490 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
[2010/04/24 12:59:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/24 12:59:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/24 12:58:23 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Linksys EasyLink Advisor.lnk
[2010/04/24 12:52:27 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk
[2010/04/24 12:50:59 | 000,000,850 | -H-- | M] () -- C:\IPH.PH
[2010/04/24 12:50:03 | 000,157,696 | ---- | M] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/04/24 12:50:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys
[2010/04/24 12:49:59 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\prefscpl.cpl
[2010/04/24 12:49:59 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/04/24 12:49:59 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/04/24 12:49:58 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/24 12:49:00 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/24 12:35:50 | 000,000,867 | ---- | M] () -- C:\WINDOWS\System32\VGASwitcher.lnk
[2010/04/24 12:31:12 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/24 12:15:01 | 000,000,060 | ---- | M] () -- C:\MOVE_RECOVERY
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/24 21:14:47 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/04/24 19:08:08 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Flash_Disinfector.exe
[2010/04/24 17:40:16 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/24 17:39:41 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/24 17:39:30 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/24 17:39:24 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/24 16:15:22 | 000,002,127 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk
[2010/04/24 16:08:30 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Battle for Middle-earth ™ II.lnk
[2010/04/24 14:50:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 14:50:19 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 14:35:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/04/24 14:20:25 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\John\LuResult.txt
[2010/04/24 14:12:24 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
[2010/04/24 14:11:14 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iP1600 On-screen Manual.lnk
[2010/04/24 14:10:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2010/04/24 13:56:07 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/04/24 13:46:36 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2010/04/24 13:45:14 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2010/04/24 13:45:07 | 000,000,466 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/04/24 13:22:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/24 13:19:56 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Windows Media Player.lnk
[2010/04/24 13:19:44 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\John\NTUSER.DAT
[2010/04/24 13:19:44 | 000,020,480 | -H-- | C] () -- C:\Documents and Settings\John\ntuser.dat.LOG
[2010/04/24 13:19:44 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\John\ntuser.ini
[2010/04/24 13:08:08 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/24 13:01:45 | 3353,923,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/24 13:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\emachines_T6212__.MRK
[2010/04/24 13:00:35 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/04/24 13:00:07 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd
[2010/04/24 12:58:23 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Linksys EasyLink Advisor.lnk
[2010/04/24 12:52:35 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/24 12:52:35 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/04/24 12:52:27 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk
[2010/04/24 12:52:19 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2010/04/24 12:52:19 | 000,030,056 | ---- | C] () -- C:\WINDOWS\System32\oemlogo.bmp
[2010/04/24 12:52:16 | 000,003,126 | ---- | C] () -- C:\WINDOWS\emachines_32.bmp
[2010/04/24 12:51:50 | 000,023,512 | ---- | C] () -- C:\WINDOWS\UNNeroBurnRights.cfg
[2010/04/24 12:49:01 | 000,000,850 | -H-- | C] () -- C:\IPH.PH
[2010/04/24 12:49:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/24 12:46:01 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/04/24 12:46:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/04/24 12:45:55 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV
[2010/04/24 12:39:56 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2010/04/24 12:39:56 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2010/04/24 12:39:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2010/04/24 12:39:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2010/04/24 12:39:56 | 000,005,280 | ---- | C] () -- C:\WINDOWS\hotbtnv.vxd
[2010/04/24 12:39:56 | 000,003,927 | ---- | C] () -- C:\WINDOWS\mHotkey.reg
[2010/04/24 12:23:16 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2010/04/24 12:15:01 | 000,000,060 | ---- | C] () -- C:\MOVE_RECOVERY
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 000,001,182 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,490 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/23 11:18:15 | 023,852,652 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/23 11:18:15 | 023,852,652 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\My Backup -- 24-04-10 0912\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/23 11:18:15 | 023,852,652 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/23 11:18:15 | 023,852,652 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 24-04-10 0912\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\My Backup -- 24-04-10 0912\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\My Backup -- 24-04-10 0912\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\My Backup -- 24-04-10 0912\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/26 06:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 06:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 06:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/24 12:50:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys
[2010/02/05 21:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) -- C:\WINDOWS\system32\drivers\MOBK.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >




Extras.txt
OTL Extras logfile created on: 4/25/2010 8:30:57 AM - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 83.49 Gb Free Space | 57.46% Space Free | Partition Type: NTFS
Drive D: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.83% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JOHNNYBOY
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"67:UDP" = 67:UDP:0.0.0.0/255.255.255.255:Enabled:DHCP Discovery Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat" = C:\Program Files\Electronic Arts\The Battle for Middle-earth ™ II\game.dat:*:Enabled:The Battle for Middle-earth™ II -- (Electronic Arts Inc.)
"C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat" = C:\Program Files\Electronic Arts\The Lord of the Rings, The Rise of the Witch-king\game.dat:*:Enabled:The Lord of the Rings, The Rise of the Witch-king -- (Electronic Arts Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe" = C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet:Enabled:Pure Networks Platform Service -- (Cisco Systems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth ™ II
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{8BCAFB73-49AE-4AC4-00A1-70E4EC38BD4E}" = The Lord of the Rings, The Rise of the Witch-king
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{BA68600E-96D9-4E92-80F2-26B9681B5A63}" = Microsoft Office Outlook 2003 with Business Contact Manager Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BF2A74BF-8D12-47F1-8B19-22B30AF6B0D1}" = Linksys EasyLink Advisor
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C34FAEF3-4241-4C4E-9CFF-7BBD8BCEABE7}" = WebEx Support Manager for Internet Explorer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFF4500E-C5D6-695D-A027-B3D4DDED2CC3}" = McAfee Online Backup
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBDBC490-089D-4476-BF72-1F7A6368200A}" = Pure Networks Platform
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CANONBJ_Deinstall_CNMCP75.DLL" = Canon iP1600
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-WebPrint" = Easy-WebPrint
"ie8" = Windows Internet Explorer 8
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"Linksys EasyLink Advisor" = Linksys EasyLink Advisor
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2005b" = Microsoft Money 2005
"MSC" = McAfee Total Protection
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/24/2010 1:52:55 PM | Computer Name = JOHNNYBOY | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft SQL Server Desktop Engine -- A strong SA password
is required for security reasons. Please use SAPWD switch to supply the same. Refer
to readme for more details. Setup will now exit.

Error - 4/24/2010 4:54:07 PM | Computer Name = JOHNNYBOY | Source = MsiInstaller | ID = 11404
Description = Product: McAfee AntiSpyware -- Error 1404.Could not delete key \SOFTWARE\McAfee\McAfee
Shared Components\Centralv3\Settings. System error . Verify that you have sufficient
access to that key, or contact your support personnel.

[ System Events ]
Error - 4/24/2010 4:55:32 PM | Computer Name = JOHNNYBOY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2010 4:55:32 PM | Computer Name = JOHNNYBOY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2010 4:55:32 PM | Computer Name = JOHNNYBOY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2010 4:55:32 PM | Computer Name = JOHNNYBOY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2010 4:55:32 PM | Computer Name = JOHNNYBOY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2010 4:55:32 PM | Computer Name = JOHNNYBOY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2010 4:55:32 PM | Computer Name = JOHNNYBOY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2010 4:55:32 PM | Computer Name = JOHNNYBOY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2010 4:55:33 PM | Computer Name = JOHNNYBOY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2010 4:55:33 PM | Computer Name = JOHNNYBOY | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

Hopefully I did this correctly and you can see if something is still present.Please let me know the next step.
Thanks for your help,
mid01
  • 0

#6
mpascal
Posted 25 April 2010 - 08:28 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi mid01,

STEP 1 - MBAM

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.
Download Link 1
Download Link 2
MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 3 - Reply

Please reply with the following logs:
  • MBAM Log
  • Kaspersky Log

  • 0

#7
mid01
Posted 25 April 2010 - 10:45 AM

mid01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello mpascal,

I completed MBAM and here are the contents of the log:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4034

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/25/2010 11:53:31 AM
mbam-log-2010-04-25 (11-53-31).txt

Scan type: Quick scan
Objects scanned: 107592
Time elapsed: 7 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I am having a problem installing Kaspersky Online Scanner. If I use the link you provided I click accept and first get information messages about the page using Java but then internet explorer blocks installation of ActiveX control. If I select to allow it, Windows blocks it with no option to allow it and the process stops. If I go to directly to Kaspersky I launch the Online Scanner and go to the welcome page where I click accept. Once again internet explorer blocks installation of ActiveX control and when I select to allow it, I am returned to the welcome screen but the download has stopped with no other options.

Please let me know what I should to get around this.

Thanks, mid01
  • 0

#8
mpascal
Posted 25 April 2010 - 01:18 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
OK, I'll give you another program to try instead.

Download Dr.Web CureIt to the desktop.
  • Doubleclick the drweb-cureit.exe file, then on Start and allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, chose the Complete Scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow Posted Image at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look and see if you can click the following icon next to the files found:
    Posted Image
  • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Posted Image
  • This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new OTL log.
NOTE: During the scan, a pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.
  • 0

#9
mid01
Posted 26 April 2010 - 06:46 AM

mid01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hello mpascal,

Here is the report from the DRWeb scan (the short scan showed no viruses):

Flash_Disinfector.exe/data002\nircmd.exe;C:\Documents and Settings\John\Desktop\Flash_Disinfector.exe/data002;Tool.NirCmd.1;;
data002;C:\Documents and Settings\John\Desktop;Archive contains infected objects;;
Flash_Disinfector.exe;C:\Documents and Settings\John\Desktop;Container contains infected objects;Moved.;
A0007268.exe/data002\nircmd.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP32\A0007268.exe/data002;Tool.NirCmd.1;;
data002;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP32;Archive contains infected objects;;
A0007268.exe;C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP32;Container contains infected objects;Moved.;

Here is the new OTL log:

OTL logfile created on: 4/26/2010 8:09:54 AM - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\John\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.29 Gb Total Space | 83.31 Gb Free Space | 57.34% Space Free | Partition Type: NTFS
Drive D: | 3.75 Gb Total Space | 1.68 Gb Free Space | 44.83% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 3.74 Gb Total Space | 3.48 Gb Free Space | 93.04% Space Free | Partition Type: FAT32

Computer Name: JOHNNYBOY
Current User Name: John
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
PRC - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\zHotkey.exe ()


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\John\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\HKNTDLL.dll ()


========== Win32 Services (SafeList) ==========

SRV - (PrismXL) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MOBKbackup) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (MSSQL$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$MICROSOFTSMLBIZ) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (MOBKFilter) -- C:\WINDOWS\system32\drivers\MOBK.sys (Mozy, Inc.)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Cisco Systems, Inc.)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (SunkFilt) -- C:\WINDOWS\system32\drivers\Sunkfilt.sys (Alcor Micro Corp.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/04/24 17:29:41 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 15:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20100424171314.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\zHotkey.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [ShowWnd] C:\WINDOWS\ShowWnd.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconEM.exe (Alcor Micro, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_93C8148BBB233F43.dll (Google Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\John\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 14:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/04/24 19:09:30 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 08:26:23 | 000,000,309 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/04/24 19:09:32 | 000,000,000 | RHSD | M] - L:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- [2007/10/23 03:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/08/26 14:03:54 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/04/26 07:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/04/25 15:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\DoctorWeb
[2010/04/25 12:00:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/25 11:40:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Malwarebytes
[2010/04/25 11:40:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/25 11:40:08 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/25 11:40:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/25 11:40:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/25 11:35:26 | 005,918,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\John\Desktop\mbam-setup.exe
[2010/04/25 08:20:24 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/04/24 21:13:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/24 20:15:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/24 20:15:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/04/24 20:15:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/24 20:15:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/04/24 20:09:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010/04/24 20:04:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/04/24 19:58:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/04/24 19:09:30 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010/04/24 19:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\U3
[2010/04/24 18:54:39 | 000,000,000 | ---D | C] -- C:\d9717a6c62027bca62e7
[2010/04/24 17:40:39 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010/04/24 17:40:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2010/04/24 17:40:37 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010/04/24 17:40:37 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010/04/24 17:40:37 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010/04/24 17:40:37 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010/04/24 17:40:37 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010/04/24 17:40:37 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010/04/24 17:40:36 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010/04/24 17:40:34 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010/04/24 17:40:31 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdwxp.exe
[2010/04/24 17:40:31 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spdwnwxp.exe
[2010/04/24 17:40:29 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010/04/24 17:40:29 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010/04/24 17:40:29 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010/04/24 17:40:29 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010/04/24 17:40:29 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010/04/24 17:40:29 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010/04/24 17:40:28 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010/04/24 17:40:28 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010/04/24 17:40:28 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010/04/24 17:40:28 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010/04/24 17:40:28 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010/04/24 17:40:28 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010/04/24 17:40:26 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010/04/24 17:40:25 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010/04/24 17:40:25 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010/04/24 17:40:25 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010/04/24 17:40:25 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010/04/24 17:40:24 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010/04/24 17:40:24 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010/04/24 17:40:24 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010/04/24 17:40:23 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010/04/24 17:40:22 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010/04/24 17:40:20 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010/04/24 17:40:18 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010/04/24 17:40:15 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010/04/24 17:40:15 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010/04/24 17:40:15 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010/04/24 17:40:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010/04/24 17:40:15 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010/04/24 17:40:14 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010/04/24 17:40:14 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010/04/24 17:40:14 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010/04/24 17:40:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2010/04/24 17:40:14 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/04/24 17:40:13 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/04/24 17:40:12 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010/04/24 17:40:12 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010/04/24 17:39:59 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010/04/24 17:39:59 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010/04/24 17:39:59 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010/04/24 17:39:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010/04/24 17:39:46 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010/04/24 17:39:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010/04/24 17:39:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010/04/24 17:39:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010/04/24 17:39:45 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010/04/24 17:39:42 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2010/04/24 17:39:40 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010/04/24 17:39:39 | 000,144,384 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\drivers\hdaudbus.sys
[2010/04/24 17:39:37 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\faxpatch.exe
[2010/04/24 17:39:35 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010/04/24 17:39:35 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010/04/24 17:39:35 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010/04/24 17:39:35 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010/04/24 17:39:35 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010/04/24 17:39:35 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010/04/24 17:39:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010/04/24 17:39:33 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010/04/24 17:39:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010/04/24 17:39:33 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010/04/24 17:39:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010/04/24 17:39:33 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010/04/24 17:39:33 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010/04/24 17:39:32 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010/04/24 17:39:31 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010/04/24 17:39:26 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010/04/24 17:39:25 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010/04/24 17:39:25 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010/04/24 17:39:25 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010/04/24 17:39:24 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010/04/24 17:39:24 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010/04/24 17:39:24 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010/04/24 17:39:24 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010/04/24 17:39:24 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010/04/24 17:39:24 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010/04/24 17:39:24 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010/04/24 17:39:24 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010/04/24 17:39:24 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010/04/24 17:39:24 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010/04/24 17:39:24 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010/04/24 17:39:24 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010/04/24 17:39:24 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010/04/24 17:39:24 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010/04/24 17:39:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010/04/24 17:39:24 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010/04/24 17:39:24 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010/04/24 17:39:24 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010/04/24 17:39:23 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010/04/24 17:39:23 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010/04/24 17:39:23 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010/04/24 17:39:23 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010/04/24 17:39:23 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010/04/24 17:39:23 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010/04/24 17:39:23 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010/04/24 17:39:23 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010/04/24 17:39:23 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010/04/24 17:39:23 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010/04/24 17:39:23 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010/04/24 17:39:23 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010/04/24 17:39:23 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010/04/24 17:39:23 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010/04/24 17:39:23 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010/04/24 17:39:23 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010/04/24 17:39:23 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010/04/24 17:39:23 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010/04/24 17:39:23 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010/04/24 17:39:23 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010/04/24 17:39:23 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010/04/24 17:15:34 | 000,000,000 | ---D | C] -- C:\Program Files\McAfeeMOBK
[2010/04/24 17:15:14 | 000,054,776 | ---- | C] (Mozy, Inc.) -- C:\WINDOWS\System32\drivers\MOBK.sys
[2010/04/24 17:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Online Backup
[2010/04/24 17:13:12 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/04/24 17:13:05 | 000,082,952 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/04/24 17:13:04 | 000,312,584 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/04/24 17:13:04 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/04/24 17:13:04 | 000,088,480 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/04/24 17:13:04 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/04/24 17:13:04 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/04/24 17:13:04 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/04/24 17:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/04/24 17:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/04/24 17:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/04/24 16:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/04/24 16:27:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010/04/24 16:24:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/04/24 16:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\My The Lord of the Rings, The Rise of the Witch-king Files
[2010/04/24 16:08:28 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_27.dll
[2010/04/24 15:31:59 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/24 15:31:05 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/24 15:25:42 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/24 15:23:42 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/24 15:19:57 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010/04/24 15:19:44 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/24 15:19:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/24 15:19:35 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010/04/24 15:05:44 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010/04/24 15:05:31 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/24 15:05:24 | 002,189,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010/04/24 15:05:10 | 002,024,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/24 14:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Electronic Arts
[2010/04/24 14:55:52 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2010/04/24 14:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/04/24 14:54:23 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010/04/24 14:53:26 | 000,286,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gdi32.dll
[2010/04/24 14:53:17 | 000,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2010/04/24 14:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Yahoo
[2010/04/24 14:50:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Google
[2010/04/24 14:50:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/04/24 14:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2010/04/24 14:46:42 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John\PrivacIE
[2010/04/24 14:37:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2010/04/24 14:37:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/24 14:29:03 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avifil32.dll
[2010/04/24 14:29:03 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iyuv_32.dll
[2010/04/24 14:29:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrle32.dll
[2010/04/24 14:29:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsbyuv.dll
[2010/04/24 14:28:53 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2010/04/24 14:12:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John\IETldCache
[2010/04/24 14:11:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\StartHtmico
[2010/04/24 14:10:56 | 000,139,776 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM75.DLL
[2010/04/24 14:10:54 | 000,090,112 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMCP75.exe
[2010/04/24 14:10:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/04/24 14:10:10 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/04/24 14:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010/04/24 14:09:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2010/04/24 14:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/04/24 14:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2010/04/24 14:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Yahoo!
[2010/04/24 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/04/24 14:08:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/24 14:06:52 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/04/24 14:06:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp
[2010/04/24 14:03:05 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010/04/24 14:03:05 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010/04/24 14:03:03 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010/04/24 13:46:35 | 000,033,340 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsqlgc.dll
[2010/04/24 13:46:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dbmsgnet.dll
[2010/04/24 13:45:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2010/04/24 13:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\ApplicationHistory
[2010/04/24 13:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio .NET 2003
[2010/04/24 13:42:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Crystal Decisions
[2010/04/24 13:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Small Business
[2010/04/24 13:22:27 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mdimon.dll
[2010/04/24 13:21:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/04/24 13:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Google
[2010/04/24 13:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/24 13:20:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/24 13:20:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/24 13:19:45 | 000,000,000 | --SD | C] -- C:\Documents and Settings\John\Application Data\Microsoft
[2010/04/24 13:19:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Application Data
[2010/04/24 13:19:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\Favorites
[2010/04/24 13:19:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John\Cookies
[2010/04/24 13:19:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John\Local Settings
[2010/04/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\SampleView
[2010/04/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Microsoft
[2010/04/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\McAfee
[2010/04/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Identities
[2010/04/24 13:19:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Desktop
[2010/04/24 13:19:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\SendTo
[2010/04/24 13:19:44 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\John\Recent
[2010/04/24 13:19:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\Start Menu
[2010/04/24 13:19:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\My Documents\My Pictures
[2010/04/24 13:19:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\My Documents\My Music
[2010/04/24 13:19:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\John\My Documents
[2010/04/24 13:19:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John\Templates
[2010/04/24 13:19:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John\PrintHood
[2010/04/24 13:19:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\John\NetHood
[2010/04/24 13:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\WINDOWS
[2010/04/24 13:14:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/04/24 13:13:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/24 13:00:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/24 12:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/04/24 12:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2010/04/24 12:59:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Local Settings\Application Data\Linksys_LLC_-_A_Division_
[2010/04/24 12:58:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Linksys
[2010/04/24 12:58:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{35ACA973-70F0-495F-9092-74A130711865}
[2010/04/24 12:58:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2010/04/24 12:57:56 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\POWERCFG.EXE
[2010/04/24 12:57:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Encarta Plus
[2010/04/24 12:57:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Money 2005
[2010/04/24 12:57:01 | 000,020,480 | ---- | C] (Gateway) -- C:\WINDOWS\System32\Marker32.exe
[2010/04/24 12:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2010/04/24 12:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\WebEx
[2010/04/24 12:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/04/24 12:55:44 | 000,351,526 | ---- | C] (Wilson WindowWare, Inc.) -- C:\WINDOWS\WBDDA34I.DLL
[2010/04/24 12:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2010/04/24 12:52:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/04/24 12:52:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/24 12:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2010/04/24 12:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2010/04/24 12:52:22 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/04/24 12:52:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/04/24 12:52:01 | 000,018,000 | ---- | C] (BigFix, Inc.) -- C:\WINDOWS\BigFixClientOverride.dll
[2010/04/24 12:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\BigFix
[2010/04/24 12:51:50 | 001,658,880 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\UNNeroBurnRights.exe
[2010/04/24 12:51:50 | 000,057,344 | ---- | C] (Ahead Software AG) -- C:\WINDOWS\System32\NeroBurnRights.cpl
[2010/04/24 12:51:50 | 000,053,248 | ---- | C] (Ahead Software AG
im Stoeckmaedle 18
76307 Karlsbad, Germany
Fax: ++49-7248-911-888
e-mail: [email protected]) -- C:\WINDOWS\System32\NeroCo.dll
[2010/04/24 12:51:50 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2010/04/24 12:51:31 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2010/04/24 12:51:07 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2010/04/24 12:51:05 | 000,569,344 | ---- | C] (Pegasus Software,LLC) -- C:\WINDOWS\System32\imagr5.dll
[2010/04/24 12:51:05 | 000,544,768 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\imagx5.dll
[2010/04/24 12:51:05 | 000,283,920 | ---- | C] (Pegasus Software, LLC) -- C:\WINDOWS\System32\ImagXpr5.dll
[2010/04/24 12:51:05 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINDOWS\System32\NeroCheck.exe
[2010/04/24 12:51:05 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\picn20.dll
[2010/04/24 12:51:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/04/24 12:51:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2010/04/24 12:50:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2010/04/24 12:50:49 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSComCt2.ocx
[2010/04/24 12:50:49 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RichTx32.ocx
[2010/04/24 12:50:49 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msstdfmt.dll
[2010/04/24 12:50:49 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSInet.ocx
[2010/04/24 12:50:49 | 000,102,400 | ---- | C] (4Developers LLC) -- C:\WINDOWS\System32\SimpleRegistry.dll
[2010/04/24 12:50:49 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2010/04/24 12:50:48 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2010/04/24 12:50:48 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX
[2010/04/24 12:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2010/04/24 12:50:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\occache
[2010/04/24 12:50:46 | 000,000,000 | ---D | C] -- C:\Program Files\Learn2.com
[2010/04/24 12:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2010/04/24 12:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/04/24 12:50:42 | 001,483,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.bak
[2010/04/24 12:50:35 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010/04/24 12:50:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/04/24 12:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/24 12:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/04/24 12:50:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2010/04/24 12:50:01 | 000,008,552 | ---- | C] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys
[2010/04/24 12:50:01 | 000,000,000 | ---D | C] -- C:\My Music
[2010/04/24 12:49:59 | 000,157,696 | ---- | C] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/04/24 12:49:59 | 000,024,576 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\prefscpl.cpl
[2010/04/24 12:49:59 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/04/24 12:49:59 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/04/24 12:49:59 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/04/24 12:49:58 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/24 12:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/04/24 12:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\AOL Downloads
[2010/04/24 12:49:31 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\roboex32.dll
[2010/04/24 12:49:31 | 000,054,784 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\Inetwh32.dll
[2010/04/24 12:49:31 | 000,029,184 | ---- | C] (Blue Sky Software) -- C:\WINDOWS\System32\popup.ocx
[2010/04/24 12:49:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL
[2010/04/24 12:49:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/04/24 12:48:08 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Media Reader
[2010/04/24 12:48:04 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/04/24 12:48:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2010/04/24 12:47:59 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2010/04/24 12:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/24 12:47:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/04/24 12:47:19 | 000,487,424 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010/04/24 12:47:19 | 000,344,064 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2010/04/24 12:47:19 | 000,212,480 | R--- | C] (Eastman Kodak) -- C:\WINDOWS\System32\PCDLIB32.DLL
[2010/04/24 12:47:19 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2010/04/24 12:47:19 | 000,076,288 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PUBOLE32.DLL
[2010/04/24 12:47:19 | 000,037,888 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ochlp30e.dll
[2010/04/24 12:47:18 | 000,133,904 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcans32.dll
[2010/04/24 12:47:18 | 000,091,136 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msls2.dll
[2010/04/24 12:47:18 | 000,054,784 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvci70.dll
[2010/04/24 12:47:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcuia32.dll
[2010/04/24 12:47:17 | 000,716,288 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltwvc11n.dll
[2010/04/24 12:47:17 | 000,392,192 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTKRN11N.DLL
[2010/04/24 12:47:17 | 000,127,488 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTIMG11N.DLL
[2010/04/24 12:47:17 | 000,118,784 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil11n.DLL
[2010/04/24 12:47:16 | 000,285,184 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP11n.DLL
[2010/04/24 12:47:16 | 000,262,656 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTDIS11n.dll
[2010/04/24 12:47:16 | 000,172,032 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfpng11n.dll
[2010/04/24 12:47:16 | 000,152,064 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFTIF11N.DLL
[2010/04/24 12:47:16 | 000,081,408 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFFAX11N.DLL
[2010/04/24 12:47:16 | 000,059,392 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFWMF11N.DLL
[2010/04/24 12:47:16 | 000,056,320 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPSD11N.DLL
[2010/04/24 12:47:16 | 000,041,472 | R--- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfgif11n.dll
[2010/04/24 12:47:16 | 000,036,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFBMP11N.DLL
[2010/04/24 12:47:16 | 000,033,280 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPCX11N.DLL
[2010/04/24 12:47:16 | 000,031,232 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFEPS11N.DLL
[2010/04/24 12:47:16 | 000,027,648 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFTGA11N.DLL
[2010/04/24 12:47:16 | 000,026,112 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFPCD11N.DLL
[2010/04/24 12:47:15 | 000,031,744 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hlp95en.dll
[2010/04/24 12:47:01 | 000,023,984 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2010/04/24 12:46:57 | 000,025,264 | ---- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2010/04/24 12:46:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/24 12:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2010/04/24 12:46:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/24 12:46:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/24 12:46:25 | 000,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/04/24 12:46:25 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/04/24 12:46:25 | 000,069,632 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/04/24 12:46:24 | 000,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/04/24 12:46:09 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2010/04/24 12:46:09 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2010/04/24 12:46:09 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2010/04/24 12:46:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2010/04/24 12:46:01 | 002,297,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS
[2010/04/24 12:46:01 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2010/04/24 12:45:56 | 009,319,936 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTLCPL.EXE
[2010/04/24 12:45:54 | 016,162,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2010/04/24 12:45:54 | 000,208,896 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcupd.exe
[2010/04/24 12:45:54 | 000,139,264 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\alcrmv.exe
[2010/04/24 12:45:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Sun
[2010/04/24 12:45:00 | 000,939,368 | R--- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\myflash.ocx
[2010/04/24 12:45:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Adobe
[2010/04/24 12:40:07 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2010/04/24 12:40:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/04/24 12:39:56 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/24 12:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/24 12:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Prism Deploy
[2010/04/24 12:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\New Boundary
[2010/04/24 12:35:00 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/04/24 12:35:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/04/24 12:34:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/04/24 12:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2010/04/24 12:33:15 | 000,006,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\enum1394.sys
[2010/04/24 12:33:14 | 000,053,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\1394bus.sys
[2010/04/24 12:33:08 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2010/04/24 12:32:48 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hccoin.dll
[2010/04/24 12:30:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/24 12:23:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\creator
[2010/04/24 12:23:17 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010/04/24 12:23:16 | 001,041,536 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DP.sys
[2010/04/24 12:23:16 | 000,685,056 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_CNXT.sys
[2010/04/24 12:23:16 | 000,220,032 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSFHWBS2.sys
[2010/04/24 12:23:16 | 000,039,018 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\HSFCI011.dll
[2010/04/24 12:23:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\SMINST
[2010/04/24 12:22:22 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/04/24 12:22:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/04/24 12:22:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/04/24 12:22:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/04/24 12:22:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/04/24 12:22:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/04/24 12:21:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2010/04/24 12:17:00 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/24 12:12:59 | 000,000,000 | ---D | C] -- C:\My Backup -- 24-04-10 0912
[2010/04/24 12:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John\Application Data\Macromedia
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/04/26 07:57:24 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/04/26 07:57:15 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/26 07:57:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/26 07:57:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/26 07:56:35 | 3353,923,584 | -HS- | M] () -- C:\hiberfil.sys
[2010/04/26 07:55:16 | 001,572,864 | -H-- | M] () -- C:\Documents and Settings\John\NTUSER.DAT
[2010/04/26 07:55:16 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\John\ntuser.ini
[2010/04/26 07:55:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/26 07:50:51 | 000,000,733 | ---- | M] () -- C:\Documents and Settings\John\Desktop\DrWeb.csv
[2010/04/25 15:45:09 | 038,378,528 | ---- | M] () -- C:\Documents and Settings\John\Desktop\drweb-cureit.exe
[2010/04/25 11:40:12 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/25 11:35:29 | 005,918,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\John\Desktop\mbam-setup.exe
[2010/04/25 08:20:25 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John\Desktop\OTL.exe
[2010/04/24 21:27:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/24 21:18:24 | 000,548,112 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/24 21:18:24 | 000,459,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/24 21:18:24 | 000,079,016 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/24 21:15:31 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/24 21:13:25 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/24 21:12:08 | 000,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/24 20:09:30 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/04/24 16:38:25 | 005,336,516 | -H-- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\IconCache.db
[2010/04/24 16:15:22 | 000,002,127 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk
[2010/04/24 16:08:30 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Battle for Middle-earth ™ II.lnk
[2010/04/24 14:42:38 | 000,046,976 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/04/24 14:35:54 | 000,000,598 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/24 14:35:45 | 000,000,002 | ---- | M] () -- C:\WINDOWS\msoffice.ini
[2010/04/24 14:12:24 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
[2010/04/24 14:11:14 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iP1600 On-screen Manual.lnk
[2010/04/24 13:56:07 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/04/24 13:46:36 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2010/04/24 13:45:14 | 000,000,127 | ---- | M] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2010/04/24 13:45:07 | 000,000,466 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/04/24 13:22:43 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/24 13:19:56 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\John\Desktop\Windows Media Player.lnk
[2010/04/24 13:19:20 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/24 13:19:18 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/24 13:19:16 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/24 13:08:08 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/24 13:00:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\emachines_T6212__.MRK
[2010/04/24 13:00:35 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/04/24 13:00:15 | 000,001,182 | ---- | M] () -- C:\WINDOWS\System32\oeminfo.ini
[2010/04/24 13:00:15 | 000,000,490 | ---- | M] () -- C:\WINDOWS\System32\emver.ini
[2010/04/24 12:59:00 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/24 12:59:00 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/24 12:58:23 | 000,001,946 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Linksys EasyLink Advisor.lnk
[2010/04/24 12:52:27 | 000,001,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk
[2010/04/24 12:50:59 | 000,000,850 | -H-- | M] () -- C:\IPH.PH
[2010/04/24 12:50:03 | 000,157,696 | ---- | M] (RealNetworks) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/04/24 12:50:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys
[2010/04/24 12:49:59 | 000,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\prefscpl.cpl
[2010/04/24 12:49:59 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/04/24 12:49:59 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/04/24 12:49:58 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/24 12:49:00 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/04/24 12:35:50 | 000,000,867 | ---- | M] () -- C:\WINDOWS\System32\VGASwitcher.lnk
[2010/04/24 12:31:12 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/24 12:15:01 | 000,000,060 | ---- | M] () -- C:\MOVE_RECOVERY
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/26 07:50:51 | 000,000,733 | ---- | C] () -- C:\Documents and Settings\John\Desktop\DrWeb.csv
[2010/04/25 15:45:06 | 038,378,528 | ---- | C] () -- C:\Documents and Settings\John\Desktop\drweb-cureit.exe
[2010/04/25 15:29:42 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/04/25 11:40:12 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/24 17:40:16 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010/04/24 17:39:41 | 000,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2010/04/24 17:39:30 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010/04/24 17:39:24 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010/04/24 16:15:22 | 000,002,127 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Lord of the Rings, The Rise of the Witch-king.lnk
[2010/04/24 16:08:30 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Battle for Middle-earth ™ II.lnk
[2010/04/24 14:50:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 14:50:19 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 14:35:45 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/04/24 14:20:25 | 000,000,075 | ---- | C] () -- C:\Documents and Settings\John\LuResult.txt
[2010/04/24 14:12:24 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Easy-PhotoPrint.lnk
[2010/04/24 14:11:14 | 000,001,860 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iP1600 On-screen Manual.lnk
[2010/04/24 14:10:56 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2010/04/24 13:56:07 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/04/24 13:46:36 | 000,001,908 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
[2010/04/24 13:45:14 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\John\Local Settings\Application Data\fusioncache.dat
[2010/04/24 13:45:07 | 000,000,466 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2010/04/24 13:22:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/24 13:19:56 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\John\Desktop\Windows Media Player.lnk
[2010/04/24 13:19:44 | 001,572,864 | -H-- | C] () -- C:\Documents and Settings\John\NTUSER.DAT
[2010/04/24 13:19:44 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\John\ntuser.dat.LOG
[2010/04/24 13:19:44 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\John\ntuser.ini
[2010/04/24 13:08:08 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/24 13:01:45 | 3353,923,584 | -HS- | C] () -- C:\hiberfil.sys
[2010/04/24 13:00:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\emachines_T6212__.MRK
[2010/04/24 13:00:35 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2010/04/24 13:00:07 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd
[2010/04/24 12:58:23 | 000,001,946 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Linksys EasyLink Advisor.lnk
[2010/04/24 12:52:35 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT
[2010/04/24 12:52:35 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\NTUSER.DAT.LOG
[2010/04/24 12:52:27 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerDVD.lnk
[2010/04/24 12:52:19 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2010/04/24 12:52:19 | 000,030,056 | ---- | C] () -- C:\WINDOWS\System32\oemlogo.bmp
[2010/04/24 12:52:16 | 000,003,126 | ---- | C] () -- C:\WINDOWS\emachines_32.bmp
[2010/04/24 12:51:50 | 000,023,512 | ---- | C] () -- C:\WINDOWS\UNNeroBurnRights.cfg
[2010/04/24 12:49:01 | 000,000,850 | -H-- | C] () -- C:\IPH.PH
[2010/04/24 12:49:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/24 12:46:01 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/04/24 12:46:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/04/24 12:45:55 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV
[2010/04/24 12:39:56 | 000,543,232 | ---- | C] () -- C:\WINDOWS\zHotkey.exe
[2010/04/24 12:39:56 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2010/04/24 12:39:56 | 000,036,864 | ---- | C] () -- C:\WINDOWS\ShowWnd.exe
[2010/04/24 12:39:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2010/04/24 12:39:56 | 000,005,280 | ---- | C] () -- C:\WINDOWS\hotbtnv.vxd
[2010/04/24 12:39:56 | 000,003,927 | ---- | C] () -- C:\WINDOWS\mHotkey.reg
[2010/04/24 12:23:16 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\HSFProf.cty
[2010/04/24 12:15:01 | 000,000,060 | ---- | C] () -- C:\MOVE_RECOVERY
[2004/08/27 06:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 12:12:43 | 000,001,182 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 12:12:43 | 000,000,490 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/23 11:18:15 | 023,852,652 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\I386\sp2.cab:AGP440.sys
[2008/08/23 11:18:15 | 023,852,652 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\My Backup -- 24-04-10 0912\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 09:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/23 11:18:15 | 023,852,652 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/23 11:18:15 | 023,852,652 | ---- | M] () .cab file -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 15:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010/04/24 19:58:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 02:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 24-04-10 0912\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/04 01:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\My Backup -- 24-04-10 0912\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 15:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\78cf8552430e25a8f24bc1e4dfb1970e\sp2qfe\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\My Backup -- 24-04-10 0912\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004/08/04 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\My Backup -- 24-04-10 0912\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2004/08/04 15:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\My Backup -- 24-04-10 0912\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\My Backup -- 24-04-10 0912\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/26 06:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/26 06:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/26 06:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/04/24 12:50:01 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\drivers\asctrm.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/05 21:13:48 | 000,054,776 | ---- | M] (Mozy, Inc.) -- C:\WINDOWS\system32\drivers\MOBK.sys
[2010/02/24 09:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >


I think that is everything you asked for. Please let me know what the next step is.

Regards, mid01
  • 0

#10
mpascal
Posted 26 April 2010 - 07:46 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Looks good, I assume everything is still running well?
  • 0

#11
mid01
Posted 26 April 2010 - 08:26 AM

mid01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Hi mpascal,

Everything seems to be fine now thanks. Is there anything else for me to do at this point? I have one memory stick that was attached to the desktop during the DrWeb scan but could not tell if the scan had looked at it or not. Do you have suggestions going forward on tools to use to better help prevent this in the future? My experience with McAfee has shown me it does not provide enough protection. I know this forum has guides that I can use but anything else you can suggest would be appreciated. Any guess as to how this happened to begin with?

Regards, mid01
  • 0

#12
mpascal
Posted 26 April 2010 - 09:14 AM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Hi mid01,

Now that your system appears to be clean, I'll give you some instructions to remove the tools we have used and I'll offer some advice to help prevent future infection.

STEP 1 - Clear Restore Points

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
[CLEARALLRESTOREPOINTS]
  • Then click the Run Fix button at the top.
STEP 2 - Uninstall ComboFix
  • Rename the Combo-Fix file on your desktop to Uninstall.
  • Double click on Uninstall to uninstall the program.
STEP 3 - Remove Tools

Run OTL
  • Click Clean Up in the upper right corner.
  • This will remove most if not all the tools we used while we were fixing your computer. Feel free to delete any others it leaves behind.
Now that you have a clean system, I would like to share with you some advice to help reduce the risk of future infection.

+++++++++++++++++++++++++++++++++++++++++++++++

I recommend that you install both of the following free programs if you haven''t already, as they can greatly increase the security of your system. It is not essential that you have these programs installed, but they do a very good job at preventing infection if your system is scanned regularly.+++++++++++++++++++++++++++++++++++++++++++++++

A good firewall is also useful for keeping a system infection free. You should only have ONE firewall installed on your computer - having more than one will not increase the security of your system. Here is a small list of some free firewalls if you don't already have one installed:An antivirus program is also a program that should be installed on all computers. These will help reduce the risk that your computer gets infected by viruses or trojans in the future. Keep in mind that you only need ONE antivirus program installed on your computer. If you have more than one installed, they can often conflict and leave your system unprotected. Here are a few free antivirus programs if you don't have one installed:Having up to date Antivirus and Firewall software is vital to keeping a healthy, infection free system

+++++++++++++++++++++++++++++++++++++++++++++++

I also suggest you take a look at Preventing Malware and Safe Computing, a guide by Rorschach112 which contains more great information about protecting your system.

To find out more information on how your system got infected, or how to protect yourself on the internet in the future, this article by Tony Klein provides some great information.

Good luck and safe surfing!

-mpascal
  • 0

#13
mid01
Posted 26 April 2010 - 04:17 PM

mid01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Thanks again for your help. This is a great forum to have as a resource. Good luck to you as well.

Regards, mid01
  • 0

#14
mpascal
Posted 26 April 2010 - 05:56 PM

mpascal

    Math Nerd

  • Retired Staff
  • 3,644 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP