[code] OTScanIt2 logfile created on: 12/3/2008 8:31:43 PM - Run 1 OTScanIt2 by OldTimer - Version 1.0.2.1 Folder = C:\Documents and Settings\David Nyczepir\Desktop\OTScanIt2 Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.39 Gb Available Physical Memory | 69.45% Memory free 3.85 Gb Paging File | 3.42 Gb Available in Paging File | 88.83% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 87.87 Gb Total Space | 39.88 Gb Free Space | 45.39% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 245.73 Mb Total Space | 74.90 Mb Free Space | 30.48% Space Free | Partition Type: FAT F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DAVID Current User Name: David Nyczepir Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 90 Days [Processes - Safe List] almon.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> [2007/08/02 08:25:30 | 00,245,760 | ---- | M] (Sophos Plc) alsvc.exe -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> [2008/09/30 13:18:21 | 00,172,032 | ---- | M] (Sophos Plc) aolsoftware.exe -> %ProgramFiles%\AIM6\aolsoftware.exe -> [2007/05/25 12:16:08 | 00,042,032 | ---- | M] (AOL LLC) applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) creativelicensing.exe -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> [2006/07/17 14:42:17 | 00,069,632 | ---- | M] (Creative Labs) ctdetect.exe -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe -> [2004/12/02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) ctsvccda.exe -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/12 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) dlcccoms.exe -> %SystemRoot%\system32\dlcccoms.exe -> [2005/10/27 16:41:52 | 00,491,520 | ---- | M] ( ) dlccmon.exe -> %ProgramFiles%\Dell Photo AIO Printer 924\dlccmon.exe -> [2005/10/20 19:40:26 | 00,430,080 | ---- | M] (Dell) dlg.exe -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) dmxlauncher.exe -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe -> [2005/01/27 01:02:00 | 00,086,016 | ---- | M] () dsagnt.exe -> %ProgramFiles%\DellSupport\DSAgnt.exe -> [2007/03/15 10:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2005/12/28 11:45:02 | 00,114,753 | ---- | M] (Intel Corporation) ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> [2005/12/28 11:56:16 | 00,602,182 | ---- | M] (Intel Corporation) ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) logitechdesktopmessenger.exe -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> [2007/02/22 16:34:19 | 00,067,128 | ---- | M] (Logitech Inc.) mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) msmpeng.exe -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) msmsgs.exe -> %ProgramFiles%\Messenger\msmsgs.exe -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) nicconfigsvc.exe -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> [2006/04/06 14:57:54 | 00,380,928 | ---- | M] (Dell Inc.) nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2006/03/21 05:03:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/12/01 10:28:50 | 00,477,184 | ---- | M] (OldTimer Tools) regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2005/12/28 11:44:24 | 00,217,164 | ---- | M] (Intel Corporation) s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2005/12/28 11:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) savadminservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> [2008/10/23 09:29:41 | 00,069,632 | ---- | M] (Sophos Plc) savservice.exe -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> [2008/09/30 14:19:59 | 00,098,304 | ---- | M] (Sophos Plc) sprtcmd.exe -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe -> [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) sprtsvc.exe -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) stsystra.exe -> %SystemRoot%\stsystra.exe -> [2006/03/24 16:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) syntpenh.exe -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe -> [2006/03/08 11:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) tfswctrl.exe -> %SystemRoot%\system32\dla\tfswctrl.exe -> [2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) wdfmgr.exe -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> [2005/12/28 12:04:56 | 00,262,217 | ---- | M] (Intel(R) Corporation) wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> [2005/12/28 11:55:40 | 00,667,718 | ---- | M] (Intel Corporation) [Win32 Services - Safe List] (Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) (aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -> [2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) (Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) (Creative Labs Licensing Service) Creative Labs Licensing Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Creative Labs Shared\Service\CreativeLicensing.exe -> [2006/07/17 14:42:17 | 00,069,632 | ---- | M] (Creative Labs) (Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %SystemRoot%\system32\CTSVCCDA.EXE -> [1999/12/12 10:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) (dlcc_device) dlcc_device [Win32_Own | On_Demand | Running] -> %SystemRoot%\system32\dlcccoms.exe -> [2005/10/27 16:41:52 | 00,491,520 | ---- | M] ( ) (DSBrokerService) DSBrokerService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\DellSupport\brkrsvc.exe -> [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () (EvtEng) Intel(R) PROSet/Wireless Event Log [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2005/12/28 11:45:02 | 00,114,753 | ---- | M] (Intel Corporation) (helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) (IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) (iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) (MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) (NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\QuickSet\NicConfigSvc.exe -> [2006/04/06 14:57:54 | 00,380,928 | ---- | M] (Dell Inc.) (NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2006/03/21 05:03:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) (ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) (RegSrvc) Intel(R) PROSet/Wireless Registry Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2005/12/28 11:44:24 | 00,217,164 | ---- | M] (Intel Corporation) (S24EventMonitor) Intel(R) PROSet/Wireless Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2005/12/28 11:47:10 | 00,540,745 | ---- | M] (Intel Corporation ) (SAVAdminService) Sophos Anti-Virus status reporter [Win32_Own | Unknown | Running] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SAVAdminService.exe -> [2008/10/23 09:29:41 | 00,069,632 | ---- | M] (Sophos Plc) (SAVService) Sophos Anti-Virus [Win32_Own | Unknown | Stop_Pending] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> [2008/09/30 14:19:59 | 00,098,304 | ---- | M] (Sophos Plc) (Sophos AutoUpdate Service) Sophos AutoUpdate Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Sophos\AutoUpdate\ALsvc.exe -> [2008/09/30 13:18:21 | 00,172,032 | ---- | M] (Sophos Plc) (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell Support Center\bin\sprtsvc.exe -> [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) (UMWdf) Windows User Mode Driver Framework [Win32_Own | Auto | Running] -> %SystemRoot%\system32\wdfmgr.exe -> [2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) (WinDefend) Windows Defender [Win32_Own | Auto | Running] -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) (WLANKEEPER) Intel(R) PROSet/Wireless SSO Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> [2005/12/28 12:04:56 | 00,262,217 | ---- | M] (Intel(R) Corporation) [Driver Services - Safe List] (AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.9.0 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> [2006/07/17 14:38:24 | 00,021,275 | ---- | M] (Meetinghouse Data Communications) (AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) (APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> [2005/08/12 17:50:46 | 00,016,128 | ---- | M] (Dell Inc) (asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) (asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) (ASCTRM) ASCTRM [Kernel | Auto | Running] -> %SystemRoot%\System32\drivers\asctrm.sys -> [2006/07/17 14:52:20 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) (bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> [2005/08/05 09:32:16 | 00,045,312 | ---- | M] (Broadcom Corporation) (CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) (ctsfm2k) Creative SoundFont Management Device Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctsfm2k.sys -> [2005/01/10 03:15:00 | 00,138,752 | ---- | M] (Creative Technology Ltd) (CTUSFSYN) Creative SoundFont Synthesizer [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctusfsyn.sys -> [2005/05/25 02:34:00 | 00,158,464 | ---- | M] (Creative Technology Ltd.) (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) (drvmcdb) drvmcdb [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\drvmcdb.sys -> [2004/12/01 03:22:00 | 00,087,488 | ---- | M] (Sonic Solutions) (drvnddm) drvnddm [File_System | Auto | Running] -> %SystemRoot%\system32\drivers\drvnddm.sys -> [2004/11/23 02:56:00 | 00,040,480 | ---- | M] (Sonic Solutions) (DSproct) DSproct [Kernel | On_Demand | Running] -> %ProgramFiles%\DellSupport\GTAction\triggers\DSproct.sys -> [2006/10/05 15:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) (dsunidrv) DellSupport UniDriver [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\dsunidrv.sys -> [2007/02/25 11:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation) (GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_DPV.sys -> [2005/12/01 00:40:56 | 00,936,960 | ---- | M] (Conexant Systems, Inc.) (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSXHWAZL.sys -> [2005/12/01 00:40:12 | 00,192,512 | ---- | M] (Conexant Systems, Inc.) (LHidKe) Logitech SetPoint HID Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidKE.Sys -> [2004/10/21 12:30:38 | 00,024,671 | ---- | M] (Logitech, Inc.) (LHidUsbK) Logitech SetPoint USB Receiver device driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LHidUsbK.sys -> [2004/10/21 12:31:14 | 00,038,691 | ---- | M] (Logitech, Inc.) (LMouKE) Logitech SetPoint Mouse Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\LMOUKE.sys -> [2004/10/21 12:30:56 | 00,071,535 | ---- | M] (Logitech, Inc.) (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2005/10/04 21:57:08 | 00,012,544 | ---- | M] (Conexant) (monfilt) monfilt [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\monfilt.sys -> [2006/01/04 00:41:48 | 01,389,056 | ---- | M] (Creative Technology Ltd.) (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) (nv) nv [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2006/03/21 05:03:00 | 03,652,128 | ---- | M] (NVIDIA Corporation) (omci) OMCI WDM Device Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\omci.sys -> [2004/02/13 09:46:00 | 00,017,153 | ---- | M] (Dell Inc) (ossrv) Creative OS Services Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ctoss2k.sys -> [2005/01/10 03:15:00 | 00,106,496 | ---- | M] (Creative Technology Ltd.) (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/04/25 02:03:00 | 00,020,640 | ---- | M] (Sonic Solutions) (ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) (ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) (ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) (rimmptsk) rimmptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimmptsk.sys -> [2005/07/14 16:58:14 | 00,028,544 | ---- | M] (REDC) (rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rimsptsk.sys -> [2005/07/12 17:00:30 | 00,051,328 | ---- | M] (REDC) (rismxdp) Ricoh xD-Picture Card Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rixdptsk.sys -> [2005/07/14 15:28:38 | 00,307,968 | ---- | M] (REDC) (s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> [2005/12/28 13:22:08 | 00,013,568 | ---- | M] (Intel Corporation) (SAVOnAccessControl) SAVOnAccessControl [File_System | System | Running] -> %SystemRoot%\system32\drivers\savonaccesscontrol.sys -> [2008/09/30 14:20:03 | 00,104,704 | ---- | M] (Sophos Plc) (SAVOnAccessFilter) SAVOnAccessFilter [File_System | System | Running] -> %SystemRoot%\system32\drivers\savonaccessfilter.sys -> [2008/09/30 14:20:03 | 00,035,584 | ---- | M] (Sophos Plc) (sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation) (Secdrv) Secdrv [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) (SophosBootDriver) SophosBootDriver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\SophosBootDriver.sys -> [2008/09/30 14:20:04 | 00,014,976 | ---- | M] (Sophos Plc) (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) (sscdbhk5) sscdbhk5 [File_System | System | Running] -> %SystemRoot%\system32\drivers\sscdbhk5.sys -> [2004/07/14 11:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) (ssrtln) ssrtln [File_System | System | Running] -> %SystemRoot%\system32\drivers\ssrtln.sys -> [2004/07/14 11:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sthda.sys -> [2006/03/24 16:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) (symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\SynTP.sys -> [2006/03/08 11:35:10 | 00,191,872 | ---- | M] (Synaptics, Inc.) (tfsnboio) tfsnboio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnboio.sys -> [2004/12/06 01:05:00 | 00,025,883 | ---- | M] (Sonic Solutions) (tfsncofs) tfsncofs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsncofs.sys -> [2004/12/06 01:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) (tfsndrct) tfsndrct [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndrct.sys -> [2004/12/06 01:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) (tfsndres) tfsndres [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsndres.sys -> [2004/12/06 01:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) (tfsnifs) tfsnifs [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnifs.sys -> [2004/12/06 01:05:00 | 00,086,586 | ---- | M] (Sonic Solutions) (tfsnopio) tfsnopio [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnopio.sys -> [2004/12/06 01:05:00 | 00,015,227 | ---- | M] (Sonic Solutions) (tfsnpool) tfsnpool [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnpool.sys -> [2004/12/06 01:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) (tfsnudf) tfsnudf [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudf.sys -> [2004/12/06 01:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> %SystemRoot%\system32\dla\tfsnudfa.sys -> [2004/12/06 01:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) (ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) (USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaudio.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) (w39n51) Intel(R) PRO/Wireless 3945ABG Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\w39n51.sys -> [2005/12/04 09:55:30 | 01,428,096 | ---- | M] (Intel® Corporation) (winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> [2005/12/01 00:40:08 | 00,669,696 | ---- | M] (Conexant Systems, Inc.) (WmiAcpi) Microsoft Windows Management Interface for ACPI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\wmiacpi.sys -> [2008/04/13 13:36:38 | 00,008,832 | ---- | M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> -> HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us -> HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> HKEY_LOCAL_MACHINE\: Search\\"Start Page" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us -> HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> -> HKEY_CURRENT_USER\: Main\\"Search Page" -> http://www.google.com -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultName" -> Google -> HKEY_CURRENT_USER\: Main\\"SearchMigratedDefaultURL" -> http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 -> HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.yahoo.com/ -> HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie -> HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s -> HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> HKEY_CURRENT_USER\: "ProxyOverride" -> localhost;*.local -> < FireFox Settings [Default Profile] > -> C:\Documents and Settings\David Nyczepir\Application Data\Mozilla\FireFox\Profiles\m6wrph45.default\prefs.js -> browser.search.defaultenginename -> "AOL Search" -> browser.search.defaulturl -> "http://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=" -> browser.search.selectedEngine -> "AOL Search" -> browser.startup.homepage -> "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" -> browser.startup.homepage_override.mstone -> "rv:1.8.1.11" -> < HOSTS File > (288517 bytes and 9986 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 www.1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 www.100888290cs.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 www.10sek.com 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2004/12/14 00:56:50 | 00,063,136 | ---- | M] (Adobe Systems Incorporated) {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} [HKLM] -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SophosBHO.dll [Sophos Web Content Scanner] -> [2008/11/19 11:39:03 | 00,240,696 | ---- | M] (Sophos Plc) {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> %SystemRoot%\system32\dla\tfswshx.dll [DriveLetterAccess] -> [2004/12/06 01:05:00 | 00,118,842 | ---- | M] (Sonic Solutions) {6b44f4e9-310c-4b57-b6c7-836e4f27a9f7} [HKLM] -> %SystemRoot%\system32\topapope.dll [Reg Error: Value does not exist or could not be read.] -> File not found {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\ssv.dll [SSVHelper Class] -> [2008/02/22 03:25:19 | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> ShellBrowser\\"{07AA283A-43D7-4CBE-A064-32A21112D94D}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "a831dc4a" -> %SystemRoot%\system32\sebiniha.dll [rundll32.exe "C:\WINDOWS\system32\sebiniha.dll",b] -> [2008/12/03 10:11:01 | 00,085,557 | -HS- | M] () "bekabaguyu" -> %SystemRoot%\system32\fefiyiri.DLL [Rundll32.exe "C:\WINDOWS\system32\fefiyiri.dll",s] -> File not found "CPMab02efd6" -> %SystemRoot%\system32\kabehize.dll [Rundll32.exe "c:\windows\system32\kabehize.dll",a] -> [2008/12/02 14:33:08 | 00,093,749 | ---- | M] () "CTSysVol" -> %ProgramFiles%\Creative\SBAudigy\Surround Mixer\CTSysVol.exe [C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r] -> [2005/10/31 10:51:52 | 00,057,344 | ---- | M] (Creative Technology Ltd) "DellSupportCenter" -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) "dla" -> %SystemRoot%\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2004/12/06 01:05:00 | 00,127,035 | ---- | M] (Sonic Solutions) "DLCCCATS" -> %SystemRoot%\system32\spool\drivers\w32x86\3\dlcctime.dll [rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16] -> [2005/09/13 17:50:38 | 00,073,728 | ---- | M] () "dlccmon.exe" -> %ProgramFiles%\Dell Photo AIO Printer 924\dlccmon.exe ["C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"] -> [2005/10/20 19:40:26 | 00,430,080 | ---- | M] (Dell) "DMXLauncher" -> %ProgramFiles%\Dell\Media Experience\DMXLauncher.exe [C:\Program Files\Dell\Media Experience\DMXLauncher.exe] -> [2005/01/27 01:02:00 | 00,086,016 | ---- | M] () "dscactivate" -> %ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/11/15 09:24:00 | 00,016,384 | ---- | M] ( ) "DVDLauncher" -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> [2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) "IntelWireless" -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe ["C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless] -> [2005/12/28 11:56:16 | 00,602,182 | ---- | M] (Intel Corporation) "IntelZeroConfig" -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe ["C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"] -> [2005/12/28 11:55:40 | 00,667,718 | ---- | M] (Intel Corporation) "ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup] -> [2005/06/10 10:44:02 | 00,249,856 | ---- | M] (InstallShield Software Corporation) "ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2005/06/10 10:44:02 | 00,081,920 | ---- | M] (InstallShield Software Corporation) "iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) "Logitech Hardware Abstraction Layer" -> %SystemRoot%\KHALMNPR.Exe [KHALMNPR.EXE] -> [2004/10/21 12:28:40 | 00,029,696 | ---- | M] (Logitech Inc.) "MSKDetectorExe" -> [C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall] -> File not found "nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /installquiet] -> [2006/03/21 05:03:00 | 01,519,616 | ---- | M] () "QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\QTTask.exe" -atboottime] -> [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.) "SigmatelSysTrayApp" -> %SystemRoot%\stsystra.exe [stsystra.exe] -> [2006/03/24 16:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) "SynTPEnh" -> %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2006/03/08 11:48:02 | 00,761,947 | ---- | M] (Synaptics, Inc.) "UpdReg" -> %SystemRoot%\Updreg.EXE [C:\WINDOWS\UpdReg.EXE] -> [2000/05/11 01:00:00 | 00,090,112 | ---- | M] (Creative Technology Ltd.) "Windows Defender" -> %ProgramFiles%\Windows Defender\MSASCui.exe ["C:\Program Files\Windows Defender\MSASCui.exe" -hide] -> [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) < Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Aim6" -> %ProgramFiles%\AIM6\aim6.exe ["C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp] -> [2008/01/03 11:15:06 | 00,050,528 | ---- | M] (AOL LLC) "Comrade.exe" -> %ProgramFiles%\GameSpy\Comrade\Comrade.exe [C:\Program Files\GameSpy\Comrade\Comrade.exe] -> [2008/03/08 02:20:12 | 00,036,864 | ---- | M] (IGN Entertainment Inc.) "Creative Detector" -> %ProgramFiles%\Creative\MediaSource\Detector\CTDetect.exe ["C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R] -> [2004/12/02 18:23:34 | 00,102,400 | ---- | M] (Creative Technology Ltd) "DellSupport" -> ["C:\Program Files\DellSupport\DSAgnt.exe" /startup] -> File not found "DellSupportCenter" -> %ProgramFiles%\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2007/11/15 09:23:56 | 00,202,544 | ---- | M] (SupportSoft, Inc.) "EA Core" -> %ProgramFiles%\Electronic Arts\EADM\Core.exe [C:\Program Files\Electronic Arts\EADM\Core.exe -silent] -> [2008/07/21 13:07:44 | 02,752,512 | ---- | M] (Electronic Arts) "LDM" -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe] -> [2007/02/22 16:34:19 | 00,067,128 | ---- | M] (Logitech Inc.) "ModemOnHold" -> %ProgramFiles%\NetWaiting\netwaiting.exe [C:\Program Files\NetWaiting\netWaiting.exe] -> [2003/09/10 02:24:00 | 00,020,480 | ---- | M] () "MSMSGS" -> %ProgramFiles%\Messenger\msmsgs.exe ["C:\Program Files\Messenger\msmsgs.exe" /background] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) "SetDefaultMIDI" -> %SystemRoot%\MIDIDEF.EXE [MIDIDef.exe] -> [2004/12/22 04:40:02 | 00,024,576 | ---- | M] (Creative Technology Ltd) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2004/12/14 03:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) %AllUsersProfile%\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk -> %ProgramFiles%\Sophos\AutoUpdate\ALMon.exe -> [2007/08/02 08:25:30 | 00,245,760 | ---- | M] (Sophos Plc) %AllUsersProfile%\Start Menu\Programs\Startup\Digital Line Detect.lnk -> %ProgramFiles%\Digital Line Detect\DLG.exe -> [2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) %AllUsersProfile%\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe -> [2007/02/22 16:34:19 | 00,067,128 | ---- | M] (Logitech Inc.) %AllUsersProfile%\Start Menu\Programs\Startup\Logitech SetPoint.lnk -> %ProgramFiles%\Logitech\SetPoint\KEM.exe -> [2004/10/28 08:29:48 | 00,581,632 | ---- | M] (Logitech Inc.) < David Nyczepir Startup Folder > -> C:\Documents and Settings\David Nyczepir\Start Menu\Programs\Startup -> < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found < CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [145] -> File not found < Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ -> E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000] -> [2005/05/27 01:06:54 | 10,095,808 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Menu: Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) {e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) CmdMapping\\"{39FD89BF-D3F1-45b6-BB56-3582CCF489E1}" [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [Research] -> [2003/07/14 22:57:08 | 00,040,512 | ---- | M] (Microsoft Corporation) CmdMapping\\"{e2e2dd38-d088-4134-82b7-f2ba38496583}" [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 19:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5200 domain(s) found. -> online_musicmatch.com [https] -> Trusted sites -> 51 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5199 domain(s) found. -> objects_aol.com [*] -> Out of zone range - ( 5 ) -> 50 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {549F957E-2F89-11D6-8CFE-00C04F52B225} [HKLM] -> http://coupons.smartsource.com/download/cscmv5X.cab[CMV5 Class] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab[Reg Error: Key does not exist or could not be opened.] -> {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab[Java Plug-in 1.4.2_03] -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab[Java Plug-in 1.6.0_01] -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab[Java Plug-in 1.6.0_05] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab[Shockwave Flash Object] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {30E946FD-EB96-477B-A683-01725590D286} -> (Intel(R) PRO/Wireless 3945ABG Network Connection) -> {697B57E4-E4CC-4D2E-8774-08F10A8535D2} -> (1394 Net Adapter) -> {9B1EFC2B-B662-4EC1-BBF6-7835F862CD97} -> (Broadcom 440x 10/100 Integrated Controller) -> {C0CFE950-13EB-4F5B-B665-6C28C4973CF3} -> (1394 Net Adapter) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL -> %ProgramFiles%\Sophos\Sophos Anti-Virus\sophos_detoured.dll -> [2008/01/31 18:18:34 | 00,173,056 | ---- | M] (Sophos Plc) c:\windows\system32\hohazoye.dll -> %SystemRoot%\system32\hohazoye.dll -> File not found c:\windows\system32\sawigewe.dll -> %SystemRoot%\system32\sawigewe.dll -> File not found C:\WINDOWS\system32\nadusajo.dll -> %SystemRoot%\system32\nadusajo.dll -> [2008/09/02 01:32:54 | 00,065,076 | ---- | M] () c:\windows\system32\kabehize.dll -> %SystemRoot%\system32\kabehize.dll -> [2008/12/02 14:33:08 | 00,093,749 | ---- | M] () c:\windows\system32\hozegupo.dll -> %SystemRoot%\system32\hozegupo.dll -> [2008/12/03 10:11:01 | 00,094,261 | -HS- | M] () *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> NavLogon -> -> File not found < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\hozegupo.dll [SSODL] -> [2008/12/03 10:11:01 | 00,094,261 | -HS- | M] () < SharedTaskScheduler [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler -> "{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}" [HKLM] -> %SystemRoot%\system32\hozegupo.dll [STS] -> [2008/12/03 10:11:01 | 00,094,261 | -HS- | M] () < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" [HKLM] -> %ProgramFiles%\Windows Defender\MpShHook.dll [Microsoft AntiMalware ShellExecuteHook] -> [2006/11/03 19:20:00 | 00,083,224 | ---- | M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> [2004/09/01 11:56:56 | 00,259,184 | ---- | M] (America Online, Inc.) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2007/02/22 16:34:19 | 00,067,128 | ---- | M] (Logitech Inc.) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation) "C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0] -> [2004/09/01 11:56:56 | 00,259,184 | ---- | M] (America Online, Inc.) "C:\Program Files\BitTorrent\bittorrent.exe" -> C:\Program Files\BitTorrent\bittorrent.exe [C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent] -> File not found "C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) "C:\Program Files\Common Files\AOL\1153535136\ee\aim6.exe" -> C:\Program Files\Common Files\AOL\1153535136\ee\aim6.exe [C:\Program Files\Common Files\AOL\1153535136\ee\aim6.exe:*:Enabled:AIM] -> File not found "C:\Program Files\Common Files\AOL\1153535136\ee\aolsoftware.exe" -> C:\Program Files\Common Files\AOL\1153535136\ee\aolsoftware.exe [C:\Program Files\Common Files\AOL\1153535136\ee\aolsoftware.exe:*:Enabled:AOL Services] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found "C:\Program Files\Common Files\AOL\Loader\aolload.exe" -> C:\Program Files\Common Files\AOL\Loader\aolload.exe [C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader] -> [2006/11/03 02:17:27 | 00,010,800 | ---- | M] (AOL LLC) "C:\Program Files\Electronic Arts\EADM\Core.exe" -> C:\Program Files\Electronic Arts\EADM\Core.exe [C:\Program Files\Electronic Arts\EADM\Core.exe:*:Enabled:EA Download Manager] -> [2008/07/21 13:07:44 | 02,752,512 | ---- | M] (Electronic Arts) "C:\Program Files\GameSpy Arcade\Aphex.exe" -> C:\Program Files\GameSpy Arcade\Aphex.exe [C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade] -> File not found "C:\Program Files\GameSpy\Comrade\Comrade.exe" -> C:\Program Files\GameSpy\Comrade\Comrade.exe [C:\Program Files\GameSpy\Comrade\Comrade.exe:*:Enabled:Comrade] -> [2008/03/08 02:20:12 | 00,036,864 | ---- | M] (IGN Entertainment Inc.) "C:\Program Files\Intel\Wireless\Bin\EvtEng.exe" -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [C:\Program Files\Intel\Wireless\Bin\EvtEng.exe:*:Enabled:EvtEng] -> [2005/12/28 11:45:02 | 00,114,753 | ---- | M] (Intel Corporation) "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer] -> [2008/08/23 00:56:15 | 00,635,848 | ---- | M] (Microsoft Corporation) "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire] -> [2006/08/22 10:45:55 | 00,159,744 | ---- | M] () "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger] -> [2007/02/22 16:34:19 | 00,067,128 | ---- | M] (Logitech Inc.) "C:\Program Files\QuickTime\QuickTimePlayer.exe" -> C:\Program Files\QuickTime\QuickTimePlayer.exe [C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player] -> [2008/11/04 10:31:14 | 07,685,424 | ---- | M] (Apple Inc.) "C:\Program Files\SEGA\Medieval II Total War\medieval2.exe" -> C:\Program Files\SEGA\Medieval II Total War\medieval2.exe [C:\Program Files\SEGA\Medieval II Total War\medieval2.exe:*:Enabled:Medieval 2: Total War] -> File not found "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> File not found "C:\Program Files\SPSSInc\SPSS16EV\spss.com" -> C:\Program Files\SPSSInc\SPSS16EV\spss.com [C:\Program Files\SPSSInc\SPSS16EV\spss.com:*:Disabled:SPSS 16.0 Evaluation Version (1033:com)] -> [2007/11/14 22:56:36 | 00,069,632 | ---- | M] (SPSS Inc) "C:\Program Files\SPSSInc\SPSS16EV\spss.exe" -> C:\Program Files\SPSSInc\SPSS16EV\spss.exe [C:\Program Files\SPSSInc\SPSS16EV\spss.exe:*:Disabled:SPSS 16.0 Evaluation Version (1033:exe)] -> [2007/11/14 22:55:46 | 00,056,320 | ---- | M] (SPSS Inc) "C:\Program Files\SPSSInc\SPSS16EV\SPSSWinWrapIDE.exe" -> C:\Program Files\SPSSInc\SPSS16EV\SPSSWinWrapIDE.exe [C:\Program Files\SPSSInc\SPSS16EV\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033)] -> [2007/09/06 07:16:38 | 00,061,440 | ---- | M] (SPSS Inc.) "C:\Program Files\Xfire\Xfire.exe" -> C:\Program Files\Xfire\Xfire.exe [C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire] -> File not found "C:\WINDOWS\explorer.exe" -> C:\WINDOWS\explorer.exe [C:\WINDOWS\explorer.exe:*:Enabled:Explorer] -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\logonui.exe" -> C:\WINDOWS\system32\logonui.exe [C:\WINDOWS\system32\logonui.exe:*:Enabled:logonui] -> [2008/04/13 19:12:24 | 00,514,560 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\rundll32.exe" -> C:\WINDOWS\system32\rundll32.exe [C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32] -> [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) "C:\WINDOWS\system32\winlogon.exe" -> C:\WINDOWS\system32\winlogon.exe [C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon] -> [2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation) < Drives with AutoRun files > -> -> C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Registry - Additional Scans - Safe List] < ColumnHandlers - Folder [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\ -> {F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> [2004/12/14 01:20:02 | 00,110,592 | ---- | M] (Adobe Systems, Inc.) < Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\ -> 0 -> [Key] -> 0 -> FriendlyName = -> 0 -> Source = http://www1.istockphoto.com/file_thumbview_approve/1332415/2/istockphoto_1332415_american_soldier.jpg -> 0 -> SubscribedURL = http://www1.istockphoto.com/file_thumbview_approve/1332415/2/istockphoto_1332415_american_soldier.jpg -> 1 -> [Key] -> 1 -> FriendlyName = My Current Home Page -> 1 -> Source = About:Home -> 1 -> SubscribedURL = About:Home -> < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ -> .bat [@ = batfile] -> "%1" %* -> .chm [@ = chm.file] -> %SystemRoot%\hh.exe -> [2008/04/13 19:12:21 | 00,010,752 | ---- | M] (Microsoft Corporation) .cmd [@ = cmdfile] -> "%1" %* -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> .hlp [@ = hlpfile] -> %SystemRoot%\system32\winhlp32.exe -> [2004/08/04 05:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) .hta [@ = htafile] -> %SystemRoot%\system32\mshta.exe -> [2007/08/13 18:32:30 | 00,045,568 | ---- | M] (Microsoft Corporation) .html [@ = FirefoxHTML] -> %SystemDrive%\PROGRA~1\MOZILL~1\FIREFOX.EXE -> File not found .inf [@ = inffile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .ini [@ = inifile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .js [@ = JSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .jse [@ = JSEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .pif [@ = piffile] -> "%1" %* -> .reg [@ = regfile] -> %SystemRoot%\regedit.exe -> [2008/04/13 19:12:32 | 00,146,432 | ---- | M] (Microsoft Corporation) .scr [@ = scrfile] -> "%1" /S -> .txt [@ = txtfile] -> %SystemRoot%\system32\notepad.exe -> [2008/04/13 19:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) .vbe [@ = VBEFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .vbs [@ = VBSFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .wsf [@ = WSFFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) .wsh [@ = WSHFile] -> %SystemRoot%\system32\wscript.exe -> [2008/05/08 06:24:44 | 00,155,648 | ---- | M] (Microsoft Corporation) < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> 6to4 -> [] -> Ias -> [] -> Iprip -> [] -> Irmon -> [] -> NWCWorkstation -> [] -> Nwsapagent -> [] -> WmdmPmSp -> [] -> helpsvc -> C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll [C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll] -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> < Protocol Filters [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ -> text/xml:{807553E5-5146-11D5-A672-00B0D022E945} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\OFFICE11\MSOXMLMF.DLL[Reg Error: Value does not exist or could not be read.] -> [2003/07/14 22:45:12 | 00,039,488 | ---- | M] (Microsoft Corporation) < Protocol Handlers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ -> bwfile-8876480:{9462A756-7B47-47BC-8C80-C34B9B80B32B} [HKLM] -> %ProgramFiles%\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll[BackWeb GA Pluggable Protocol] -> [2007/02/22 16:34:19 | 00,028,711 | ---- | M] (Logitech Inc.) ipp: [HKLM] -> No CLSID value ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) msdaipp: [HKLM] -> No CLSID value msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] -> %CommonProgramFiles%\System\Ole DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2003/07/11 02:25:22 | 00,842,816 | ---- | M] (Microsoft Corporation) ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Information Retrieval\MSITSS.DLL[Microsoft Infotech Storage Protocol for IE 4.0] -> [2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Components\11\OWC11.DLL[Data Page Plugable Protocal mso-offdap11 Handler] -> [2005/04/25 13:29:56 | 08,071,360 | ---- | M] (Microsoft Corporation) < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) PCI Configuration -> Driver Group PNP Filter -> Driver Group Primary disk -> Driver Group SAVService -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> [2008/09/30 14:19:59 | 00,098,304 | ---- | M] (Sophos Plc) SCSI Class -> Driver Group sermouse.sys -> Driver System Bus Extender -> Driver Group vds -> Service vga.sys -> Driver WinDefend -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) < SafeBoot-Network Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E972-E325-11CE-BFC1-08002BE10318} -> Net {4D36E973-E325-11CE-BFC1-08002BE10318} -> NetClient {4D36E974-E325-11CE-BFC1-08002BE10318} -> NetService {4D36E975-E325-11CE-BFC1-08002BE10318} -> NetTrans {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) NDIS Wrapper -> Driver Group NetBIOSGroup -> Driver Group NetDDEGroup -> Driver Group Network -> Driver Group NetworkProvider -> Driver Group PCI Configuration -> Driver Group PNP Filter -> Driver Group PNP_TDI -> Driver Group Primary disk -> Driver Group rdpdd.sys -> %SystemRoot%\System32\rdpdd.dll -> [2008/04/13 19:13:22 | 00,092,424 | ---- | M] (Microsoft Corporation) SAVService -> %ProgramFiles%\Sophos\Sophos Anti-Virus\SavService.exe -> [2008/09/30 14:19:59 | 00,098,304 | ---- | M] (Sophos Plc) SCSI Class -> Driver Group sermouse.sys -> Driver Streams Drivers -> Driver Group System Bus Extender -> Driver Group TDI -> Driver Group vga.sys -> Driver WinDefend -> %ProgramFiles%\Windows Defender\MsMpEng.exe -> [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) < Session Manager Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager -> "BootExecute" -> autocheck autochk *; -> "ExcludeFromKnownDlls" -> -> *ObjectDirectories* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\ObjectDirectories -> \Windows -> -> File not found \RPC Control -> -> File not found *MultiFile Done* -> -> *PendingFileRenameOperations* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\\PendingFileRenameOperations -> \??\c:\program files\viewpoint [\??\c:\program files\viewpoint] -> %ProgramFiles%\Viewpoint [%ProgramFiles%\Viewpoint] -> [2008/12/03 19:23:32 | 00,000,000 | ---D | M] *MultiFile Done* -> -> < Session Manager Environment Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment -> "ComSpec" -> C:\WINDOWS\system32\cmd.exe -> [2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation) "TEMP" -> %SystemRoot%\TEMP -> "TMP" -> %SystemRoot%\TEMP -> "windir" -> %SystemRoot% -> *Path* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\Path -> %SystemRoot%\system32 -> %SystemRoot%\system32 -> [2008/12/03 18:34:09 | 00,000,000 | ---D | M] %SystemRoot% -> %SystemRoot% -> [2008/12/03 18:34:47 | 00,000,000 | ---D | M] %SystemRoot%\System32\Wbem -> %SystemRoot%\system32\wbem -> [2008/10/18 19:35:35 | 00,000,000 | ---D | M] C:\Program Files\iTunes\Plug-Ins\Qloud\ -> %ProgramFiles%\iTunes\Plug-Ins\Qloud -> [2008/12/03 10:16:35 | 00,000,000 | ---D | M] C:\Program Files\QuickTime\QTSystem\ -> %ProgramFiles%\QuickTime\QTSystem -> [2008/11/28 01:57:50 | 00,000,000 | ---D | M] *MultiFile Done* -> -> *PATHEXT* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\\PATHEXT -> .COM -> -> File not found .EXE -> -> File not found .BAT -> -> File not found .CMD -> -> File not found .VBS -> -> File not found .VBE -> -> File not found .JS -> -> File not found .JSE -> -> File not found .WSF -> -> File not found .WSH -> -> File not found *MultiFile Done* -> -> < Session Manager FileRenameOperations Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations -> < Session Manager KnownDlls Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDlls -> "advapi32" -> C:\WINDOWS\system32\advapi32.dll -> [2008/04/13 19:11:48 | 00,617,472 | ---- | M] (Microsoft Corporation) "comdlg32" -> C:\WINDOWS\system32\comdlg32.dll -> [2008/04/13 19:11:51 | 00,276,992 | ---- | M] (Microsoft Corporation) "DllDirectory" -> C:\WINDOWS\system32 -> [2008/12/03 18:34:09 | 00,000,000 | ---D | M] "gdi32" -> C:\WINDOWS\system32\gdi32.dll -> [2008/04/13 19:11:54 | 00,285,184 | ---- | M] (Microsoft Corporation) "imagehlp" -> C:\WINDOWS\system32\imagehlp.dll -> [2008/04/13 19:11:54 | 00,144,384 | ---- | M] (Microsoft Corporation) "kernel32" -> C:\WINDOWS\system32\kernel32.dll -> [2008/04/13 19:11:56 | 00,989,696 | ---- | M] (Microsoft Corporation) "lz32" -> C:\WINDOWS\system32\lz32.dll -> [2004/08/04 05:00:00 | 00,002,560 | ---- | M] (Microsoft Corporation) "ole32" -> C:\WINDOWS\system32\ole32.dll -> [2008/04/13 19:12:02 | 01,287,168 | ---- | M] (Microsoft Corporation) "oleaut32" -> C:\WINDOWS\system32\oleaut32.dll -> [2008/04/13 19:12:02 | 00,551,936 | ---- | M] (Microsoft Corporation) "olecli32" -> C:\WINDOWS\system32\olecli32.dll -> [2008/04/13 19:12:02 | 00,074,752 | ---- | M] (Microsoft Corporation) "olecnv32" -> C:\WINDOWS\system32\olecnv32.dll -> [2008/04/13 19:12:02 | 00,037,376 | ---- | M] (Microsoft Corporation) "olesvr32" -> C:\WINDOWS\system32\olesvr32.dll -> [2004/08/04 05:00:00 | 00,022,016 | ---- | M] (Microsoft Corporation) "olethk32" -> C:\WINDOWS\system32\olethk32.dll -> [2004/08/04 05:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) "rpcrt4" -> C:\WINDOWS\system32\rpcrt4.dll -> [2008/04/13 19:12:04 | 00,584,704 | ---- | M] (Microsoft Corporation) "shell32" -> C:\WINDOWS\system32\shell32.dll -> [2008/04/13 19:12:05 | 08,461,312 | ---- | M] (Microsoft Corporation) "url" -> C:\WINDOWS\system32\url.dll -> [2008/08/26 02:24:30 | 00,105,984 | ---- | M] (Microsoft Corporation) "urlmon" -> C:\WINDOWS\system32\urlmon.dll -> [2008/08/26 02:24:31 | 01,159,680 | ---- | M] (Microsoft Corporation) "user32" -> C:\WINDOWS\system32\user32.dll -> [2008/04/13 19:12:08 | 00,578,560 | ---- | M] (Microsoft Corporation) "version" -> C:\WINDOWS\system32\version.dll -> [2008/04/13 19:12:08 | 00,018,944 | ---- | M] (Microsoft Corporation) "wininet" -> C:\WINDOWS\system32\wininet.dll -> [2008/08/26 02:24:31 | 00,826,368 | ---- | M] (Microsoft Corporation) "wldap32" -> C:\WINDOWS\system32\wldap32.dll -> [2008/04/13 19:12:09 | 00,172,032 | ---- | M] (Microsoft Corporation) < Session Manager SFC Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SFC -> "CommonFilesDir" -> C:\Program Files\Common Files -> [2008/09/17 18:23:16 | 00,000,000 | ---D | M] "ProgramFilesDir" -> C:\Program Files -> [2008/12/03 18:37:13 | 00,000,000 | ---D | M] < Winsock2 Catalogs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\ -> NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -> %ProgramFiles%\Bonjour\mdnsNSP.dll -> [2008/08/29 09:53:50 | 00,147,456 | ---- | M] (Apple Inc.) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 12/2/2008 11:14:13 PM Computer Name = DAVID | Source = Sophos Anti-Virus | ID = 4915208 -> Description = The attempt to delete the infected file "C:\WINDOWS\system32\nadusajo.dll" failed. The user does not have the rights to perform the action on the infected file. Application [ Error ] 12/2/2008 11:14:19 PM Computer Name = DAVID | Source = Sophos Anti-Virus | ID = 4915208 -> Description = The attempt to delete the infected file "C:\WINDOWS\system32\topapope.dll" failed. The user does not have the rights to perform the action on the infected file. Application [ Error ] 12/2/2008 11:14:19 PM Computer Name = DAVID | Source = Sophos Anti-Virus | ID = 4915208 -> Description = The attempt to delete the infected file "C:\WINDOWS\system32\topapope.dll" failed. The user does not have the rights to perform the action on the infected file. Application [ Error ] 12/2/2008 11:14:20 PM Computer Name = DAVID | Source = Sophos Anti-Virus | ID = 4915208 -> Description = The attempt to delete the infected file "C:\WINDOWS\system32\topapope.dll" failed. The user does not have the rights to perform the action on the infected file. Application [ Error ] 12/2/2008 11:14:22 PM Computer Name = DAVID | Source = Sophos Anti-Virus | ID = 4915208 -> Description = The attempt to delete the infected file "C:\WINDOWS\system32\topapope.dll" failed. The user does not have the rights to perform the action on the infected file. Application [ Error ] 12/2/2008 11:14:24 PM Computer Name = DAVID | Source = Sophos Anti-Virus | ID = 4915208 -> Description = The attempt to delete the infected file "C:\WINDOWS\system32\nadusajo.dll" failed. The user does not have the rights to perform the action on the infected file. Application [ Error ] 12/2/2008 11:14:31 PM Computer Name = DAVID | Source = Sophos Anti-Virus | ID = 4915208 -> Description = The attempt to delete the infected file "C:\WINDOWS\system32\topapope.dll" failed. The user does not have the rights to perform the action on the infected file. Application [ Error ] 12/2/2008 11:14:35 PM Computer Name = DAVID | Source = Sophos Anti-Virus | ID = 4915208 -> Description = The attempt to delete the infected file "C:\WINDOWS\system32\nadusajo.dll" failed. The user does not have the rights to perform the action on the infected file. Application [ Error ] 12/3/2008 12:59:51 AM Computer Name = DAVID | Source = Sophos Anti-Virus | ID = 4915208 -> Description = The attempt to delete the infected file "C:\WINDOWS\system32\nadusajo.dll" failed. The user does not have the rights to perform the action on the infected file. Application [ Error ] 12/3/2008 11:10:11 AM Computer Name = DAVID | Source = Sophos Anti-Virus | ID = 4915208 -> Description = The attempt to delete the infected file "C:\WINDOWS\system32\nadusajo.dll" failed. The user does not have the rights to perform the action on the infected file. System [ Error ] 12/3/2008 12:51:43 AM Computer Name = DAVID | Source = SAVOnAccessControl | ID = 3997750 -> Description = The on-access driver failed to check file \Device\HarddiskVolume2\windows\system32\kabehize.d. System [ Error ] 12/3/2008 12:51:43 AM Computer Name = DAVID | Source = SAVOnAccessControl | ID = 3998257 -> Description = Communication error between on-access driver and service for a file modification. System [ Error ] 12/3/2008 12:51:48 AM Computer Name = DAVID | Source = SAVOnAccessControl | ID = 3997750 -> Description = The on-access driver failed to check file \Device\HarddiskVolume2\WINDOWS\system32\nadusajo.d. System [ Error ] 12/3/2008 12:51:48 AM Computer Name = DAVID | Source = SAVOnAccessControl | ID = 3998257 -> Description = Communication error between on-access driver and service for a file modification. System [ Error ] 12/3/2008 7:03:44 PM Computer Name = DAVID | Source = SAVOnAccessControl | ID = 3998225 -> Description = Communication error between on-access driver and service for a registry value access. System [ Error ] 12/3/2008 7:03:44 PM Computer Name = DAVID | Source = SAVOnAccessControl | ID = 3998225 -> Description = Communication error between on-access driver and service for a registry value access. System [ Error ] 12/3/2008 7:03:44 PM Computer Name = DAVID | Source = SAVOnAccessControl | ID = 3998225 -> Description = Communication error between on-access driver and service for a registry value access. System [ Error ] 12/3/2008 7:03:44 PM Computer Name = DAVID | Source = SAVOnAccessControl | ID = 3998225 -> Description = Communication error between on-access driver and service for a registry value access. System [ Error ] 12/3/2008 7:03:46 PM Computer Name = DAVID | Source = SAVOnAccessControl | ID = 3998225 -> Description = Communication error between on-access driver and service for a registry value access. System [ Error ] 12/3/2008 7:03:46 PM Computer Name = DAVID | Source = SAVOnAccessControl | ID = 3998225 -> Description = Communication error between on-access driver and service for a registry value access. [Files/Folders - Created Within 90 Days] 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/12/03 20:21:45 | 00,000,000 | ---D | C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/03 20:20:51 | 00,647,651 | ---- | C] () VirtumundoBeGone.exe -> %UserProfile%\Desktop\VirtumundoBeGone.exe -> [2008/12/03 19:41:08 | 00,096,978 | ---- | C] (Business Information Solutions) VundoFix Backups -> %SystemDrive%\VundoFix Backups -> [2008/12/03 18:59:53 | 00,000,000 | ---D | C] HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/03 18:37:13 | 00,001,734 | ---- | C] () Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/12/03 18:37:13 | 00,000,000 | ---D | C] ~$nduism Class Notes.doc -> %UserProfile%\My Documents\~$nduism Class Notes.doc -> [2008/12/03 13:43:16 | 00,000,162 | -H-- | C] () ahinibes.ini -> %SystemRoot%\System32\ahinibes.ini -> [2008/12/03 10:11:19 | 00,000,120 | -HS- | C] () ivehihaw.ini -> %SystemRoot%\System32\ivehihaw.ini -> [2008/12/02 14:33:09 | 00,000,120 | -HS- | C] () UnmanagedComputerScan.job -> %SystemRoot%\tasks\UnmanagedComputerScan.job -> [2008/12/02 08:48:28 | 00,000,530 | ---- | C] () MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/12/02 02:34:05 | 00,000,330 | -H-- | C] () etekahob.ini -> %SystemRoot%\System32\etekahob.ini -> [2008/12/02 02:32:58 | 00,000,120 | -HS- | C] () Windows Defender -> %ProgramFiles%\Windows Defender -> [2008/12/02 02:30:58 | 00,000,000 | ---D | C] owojusiv.ini -> %SystemRoot%\System32\owojusiv.ini -> [2008/12/02 01:32:52 | 00,000,120 | -HS- | C] () France in Africa A Muslim Power.doc -> %UserProfile%\My Documents\France in Africa A Muslim Power.doc -> [2008/12/01 21:42:13 | 00,041,472 | ---- | C] () NYCZEP07.doc -> %UserProfile%\My Documents\NYCZEP07.doc -> [2008/12/01 15:24:24 | 00,025,088 | ---- | C] () MCR Project 7.doc -> %UserProfile%\My Documents\MCR Project 7.doc -> [2008/12/01 14:34:46 | 00,025,088 | ---- | C] () ehunolam.ini -> %SystemRoot%\System32\ehunolam.ini -> [2008/12/01 13:32:25 | 00,000,120 | -HS- | C] () itirafiw.ini -> %SystemRoot%\System32\itirafiw.ini -> [2008/12/01 00:56:52 | 00,000,120 | -HS- | C] () The Hindu Center of Virginia Site Visit and Analysis.doc -> %UserProfile%\My Documents\The Hindu Center of Virginia Site Visit and Analysis.doc -> [2008/11/30 19:45:13 | 00,032,256 | ---- | C] () Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2008/11/30 17:11:40 | 00,000,000 | ---D | C] Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [2008/11/30 17:11:40 | 00,000,000 | ---D | C] ijovuvup.ini -> %SystemRoot%\System32\ijovuvup.ini -> [2008/11/30 12:56:25 | 01,296,222 | -HS- | C] () ahagusut.ini -> %SystemRoot%\System32\ahagusut.ini -> [2008/11/30 00:40:50 | 01,296,240 | -HS- | C] () Christmas List 2008.doc -> %UserProfile%\My Documents\Christmas List 2008.doc -> [2008/11/29 22:39:03 | 00,027,648 | ---- | C] () MCR 7 Proposal.doc -> %UserProfile%\My Documents\MCR 7 Proposal.doc -> [2008/11/24 14:22:10 | 00,024,576 | ---- | C] () The Global Color Line Take Home Essays 2.doc -> %UserProfile%\My Documents\The Global Color Line Take Home Essays 2.doc -> [2008/11/23 16:05:29 | 00,062,464 | ---- | C] () iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2008/11/22 22:22:51 | 00,002,137 | ---- | C] () iPod -> %ProgramFiles%\iPod -> [2008/11/22 22:22:22 | 00,000,000 | ---D | C] {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> %AllUsersProfile%\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/11/22 22:22:18 | 00,000,000 | ---D | C] Bonjour -> %ProgramFiles%\Bonjour -> [2008/11/22 22:20:48 | 00,000,000 | ---D | C] QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [2008/11/22 22:20:22 | 00,001,604 | ---- | C] () Completed Stuff.doc -> %UserProfile%\My Documents\Completed Stuff.doc -> [2008/11/20 04:07:26 | 03,949,056 | ---- | C] () Group Reflection.doc -> %UserProfile%\My Documents\Group Reflection.doc -> [2008/11/20 02:26:33 | 00,315,904 | ---- | C] () NYCZEP06.doc -> %UserProfile%\My Documents\NYCZEP06.doc -> [2008/11/19 00:41:30 | 00,025,088 | ---- | C] () MCR 6 Part II.doc -> %UserProfile%\My Documents\MCR 6 Part II.doc -> [2008/11/18 22:12:36 | 00,019,968 | ---- | C] () Edenton Buildings.doc -> %UserProfile%\My Documents\Edenton Buildings.doc -> [2008/11/18 16:17:46 | 00,031,232 | ---- | C] () What to Do When Visiting Old Homes.doc -> %UserProfile%\My Documents\What to Do When Visiting Old Homes.doc -> [2008/11/18 14:46:40 | 00,317,440 | ---- | C] () NYCZEP06-1.doc -> %UserProfile%\My Documents\NYCZEP06-1.doc -> [2008/11/17 14:48:22 | 00,066,048 | ---- | C] () Term Paper MCH.doc -> %UserProfile%\My Documents\Term Paper MCH.doc -> [2008/11/15 14:28:38 | 00,066,048 | ---- | C] () mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/11/12 09:21:46 | 00,455,296 | ---- | C] (Microsoft Corporation) msxml3.dll -> %SystemRoot%\System32\dllcache\msxml3.dll -> [2008/11/12 09:21:35 | 01,106,944 | ---- | C] (Microsoft Corporation) Payne Quotes.doc -> %UserProfile%\My Documents\Payne Quotes.doc -> [2008/11/11 21:21:39 | 00,024,576 | ---- | C] () Class Notes.doc -> %UserProfile%\My Documents\Class Notes.doc -> [2008/11/11 18:36:37 | 00,030,208 | ---- | C] () ~$ligion to 1840 Class Notes.doc -> %UserProfile%\My Documents\~$ligion to 1840 Class Notes.doc -> [2008/11/11 11:17:14 | 00,000,162 | -H-- | C] () CANNINxx.doc -> %UserProfile%\My Documents\CANNINxx.doc -> [2008/11/03 02:23:27 | 00,033,792 | ---- | C] () NYCZEP05.doc -> %UserProfile%\My Documents\NYCZEP05.doc -> [2008/11/02 16:18:15 | 00,033,792 | ---- | C] () 2008 Edit 2.doc -> %UserProfile%\My Documents\2008 Edit 2.doc -> [2008/10/30 02:01:22 | 00,134,656 | ---- | C] () 2008 Review 2.doc -> %UserProfile%\My Documents\2008 Review 2.doc -> [2008/10/30 02:01:01 | 00,030,720 | ---- | C] () Hinduism Take Home Essay 2.doc -> %UserProfile%\My Documents\Hinduism Take Home Essay 2.doc -> [2008/10/28 14:35:42 | 00,029,696 | ---- | C] () Edit 2008 1.doc -> %UserProfile%\My Documents\Edit 2008 1.doc -> [2008/10/26 23:38:12 | 00,067,584 | ---- | C] () Review 2008 1.doc -> %UserProfile%\My Documents\Review 2008 1.doc -> [2008/10/26 23:37:53 | 00,029,696 | ---- | C] () netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/24 10:56:48 | 00,337,408 | ---- | C] (Microsoft Corporation) MCR 4.doc -> %UserProfile%\My Documents\MCR 4.doc -> [2008/10/20 04:10:45 | 00,031,232 | ---- | C] () The Global Color Line Take Home Essays.doc -> %UserProfile%\My Documents\The Global Color Line Take Home Essays.doc -> [2008/10/19 14:58:17 | 00,053,760 | ---- | C] () Prefetch -> %SystemRoot%\Prefetch -> [2008/10/18 19:36:45 | 00,000,000 | ---D | C] scripting -> %SystemRoot%\System32\scripting -> [2008/10/18 13:03:51 | 00,000,000 | ---D | C] l2schemas -> %SystemRoot%\l2schemas -> [2008/10/18 13:03:50 | 00,000,000 | ---D | C] en -> %SystemRoot%\System32\en -> [2008/10/18 13:03:50 | 00,000,000 | ---D | C] bits -> %SystemRoot%\System32\bits -> [2008/10/18 13:03:50 | 00,000,000 | ---D | C] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2008/10/18 13:00:45 | 00,000,000 | ---D | C] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2008/10/18 12:54:10 | 00,000,000 | -H-D | C] Kaffir Boy.doc -> %UserProfile%\My Documents\Kaffir Boy.doc -> [2008/10/15 19:22:57 | 00,022,528 | ---- | C] () Monitor Form.doc -> %UserProfile%\My Documents\Monitor Form.doc -> [2008/10/15 18:46:52 | 00,025,088 | ---- | C] () srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/10/15 18:11:44 | 00,333,824 | ---- | C] (Microsoft Corporation) win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/10/15 18:11:01 | 01,846,400 | ---- | C] (Microsoft Corporation) ntkrnlmp.exe -> %SystemRoot%\System32\dllcache\ntkrnlmp.exe -> [2008/10/15 18:10:51 | 02,145,280 | ---- | C] (Microsoft Corporation) ntoskrnl.exe -> %SystemRoot%\System32\dllcache\ntoskrnl.exe -> [2008/10/15 18:10:50 | 02,189,184 | ---- | C] (Microsoft Corporation) ntkrnlpa.exe -> %SystemRoot%\System32\dllcache\ntkrnlpa.exe -> [2008/10/15 18:10:49 | 02,066,048 | ---- | C] (Microsoft Corporation) ntkrpamp.exe -> %SystemRoot%\System32\dllcache\ntkrpamp.exe -> [2008/10/15 18:10:49 | 02,023,936 | ---- | C] (Microsoft Corporation) Blizzard -> %AllUsersProfile%\Application Data\Blizzard -> [2008/10/14 14:59:13 | 00,000,000 | ---D | C] Logs -> %SystemDrive%\Logs -> [2008/10/08 20:09:17 | 00,000,000 | ---D | C] World of Warcraft.lnk -> %AllUsersProfile%\Desktop\World of Warcraft.lnk -> [2008/10/08 18:36:54 | 00,000,865 | ---- | C] () World of Warcraft -> %ProgramFiles%\World of Warcraft -> [2008/10/08 18:36:54 | 00,000,000 | ---D | C] WoW-2.3.0.7561-enUS -> %SystemDrive%\WoW-2.3.0.7561-enUS -> [2008/10/08 16:05:39 | 00,000,000 | ---D | C] Video Paragraph.doc -> %UserProfile%\My Documents\Video Paragraph.doc -> [2008/10/07 08:24:49 | 00,025,088 | ---- | C] () Midterm Exam Study Guide.doc -> %UserProfile%\My Documents\Midterm Exam Study Guide.doc -> [2008/10/06 18:13:10 | 00,073,216 | ---- | C] () ~$dterm Exam Study Guide.doc -> %UserProfile%\My Documents\~$dterm Exam Study Guide.doc -> [2008/10/06 18:13:10 | 00,000,162 | -H-- | C] () Hinduism Slides.doc -> %UserProfile%\My Documents\Hinduism Slides.doc -> [2008/10/04 21:40:15 | 00,030,720 | ---- | C] () Modern Chinese History Study Guide 1.doc -> %UserProfile%\My Documents\Modern Chinese History Study Guide 1.doc -> [2008/10/02 22:55:58 | 00,064,512 | ---- | C] () Caste System Notes.doc -> %UserProfile%\My Documents\Caste System Notes.doc -> [2008/10/02 01:13:09 | 00,026,624 | ---- | C] () msxml4.dll -> %SystemRoot%\System32\msxml4.dll -> [2008/09/30 16:43:34 | 01,286,152 | ---- | C] (Microsoft Corporation) 3a4f5a23.stf -> %SystemRoot%\System32\3a4f5a23.stf -> [2008/09/30 14:21:03 | 00,130,104 | -H-- | C] (Sophos Plc) sdccoinstaller.dll -> %SystemRoot%\System32\sdccoinstaller.dll -> [2008/09/30 14:21:03 | 00,130,104 | ---- | C] (Sophos Plc) SophosBootDriver.sys -> %SystemRoot%\System32\drivers\SophosBootDriver.sys -> [2008/09/30 14:20:04 | 00,014,976 | ---- | C] (Sophos Plc) Hinduism Take Home Essay 1.doc -> %UserProfile%\My Documents\Hinduism Take Home Essay 1.doc -> [2008/09/27 18:48:19 | 00,028,160 | ---- | C] () wmphoto.dll -> %SystemRoot%\System32\wmphoto.dll -> [2008/09/26 19:36:41 | 00,276,992 | ---- | C] (Microsoft Corporation) wlanapi.dll -> %SystemRoot%\System32\wlanapi.dll -> [2008/09/26 19:36:39 | 00,069,120 | ---- | C] (Microsoft Corporation) windowscodecs.dll -> %SystemRoot%\System32\windowscodecs.dll -> [2008/09/26 19:36:38 | 00,712,704 | ---- | C] (Microsoft Corporation) windowscodecsext.dll -> %SystemRoot%\System32\windowscodecsext.dll -> [2008/09/26 19:36:38 | 00,346,112 | ---- | C] (Microsoft Corporation) wacompen.sys -> %SystemRoot%\System32\drivers\wacompen.sys -> [2008/09/26 19:36:35 | 00,014,208 | ---- | C] (Microsoft Corporation) vidcap.ax -> %SystemRoot%\System32\vidcap.ax -> [2008/09/26 19:36:34 | 00,028,672 | ---- | C] (Microsoft Corporation) usbvideo.sys -> %SystemRoot%\System32\drivers\usbvideo.sys -> [2008/09/26 19:36:33 | 00,121,984 | ---- | C] (Microsoft Corporation) usb8023x.sys -> %SystemRoot%\System32\drivers\usb8023x.sys -> [2008/09/26 19:36:32 | 00,012,800 | ---- | C] (Microsoft Corporation) tsgqec.dll -> %SystemRoot%\System32\tsgqec.dll -> [2008/09/26 19:36:29 | 00,053,248 | ---- | C] (Microsoft Corporation) tspkg.dll -> %SystemRoot%\System32\tspkg.dll -> [2008/09/26 19:36:29 | 00,050,688 | ---- | C] (Microsoft Corporation) uagp35.sys -> %SystemRoot%\System32\drivers\uagp35.sys -> [2008/09/26 19:36:29 | 00,044,672 | ---- | C] (Microsoft Corporation) spupdwxp.exe -> %SystemRoot%\System32\spupdwxp.exe -> [2008/09/26 19:36:19 | 00,020,992 | ---- | C] (Microsoft Corporation) spdwnwxp.exe -> %SystemRoot%\System32\spdwnwxp.exe -> [2008/09/26 19:36:18 | 00,007,680 | ---- | C] (Microsoft Corporation) smbali.sys -> %SystemRoot%\System32\drivers\smbali.sys -> [2008/09/26 19:36:16 | 00,005,888 | ---- | C] (Microsoft Corporation) sffp_mmc.sys -> %SystemRoot%\System32\drivers\sffp_mmc.sys -> [2008/09/26 19:36:13 | 00,010,240 | ---- | C] (Microsoft Corporation) setupn.exe -> %SystemRoot%\System32\setupn.exe -> [2008/09/26 19:36:12 | 00,032,768 | ---- | C] (Microsoft Corporation) rndismpx.sys -> %SystemRoot%\System32\drivers\rndismpx.sys -> [2008/09/26 19:36:09 | 00,030,592 | ---- | C] (Microsoft Corporation) rhttpaa.dll -> %SystemRoot%\System32\rhttpaa.dll -> [2008/09/26 19:36:08 | 00,290,304 | ---- | C] (Microsoft Corporation) rfcomm.sys -> %SystemRoot%\System32\drivers\rfcomm.sys -> [2008/09/26 19:36:08 | 00,059,136 | ---- | C] (Microsoft Corporation) qutil.dll -> %SystemRoot%\System32\qutil.dll -> [2008/09/26 19:36:06 | 00,076,800 | ---- | C] (Microsoft Corporation) rasqec.dll -> %SystemRoot%\System32\rasqec.dll -> [2008/09/26 19:36:06 | 00,061,952 | ---- | C] (Microsoft Corporation) qagentrt.dll -> %SystemRoot%\System32\qagentrt.dll -> [2008/09/26 19:36:04 | 00,291,328 | ---- | C] (Microsoft Corporation) qagent.dll -> %SystemRoot%\System32\qagent.dll -> [2008/09/26 19:36:04 | 00,150,528 | ---- | C] (Microsoft Corporation) qcliprov.dll -> %SystemRoot%\System32\qcliprov.dll -> [2008/09/26 19:36:04 | 00,062,464 | ---- | C] (Microsoft Corporation) photometadatahandler.dll -> %SystemRoot%\System32\photometadatahandler.dll -> [2008/09/26 19:36:03 | 00,412,160 | ---- | C] (Microsoft Corporation) onex.dll -> %SystemRoot%\System32\onex.dll -> [2008/09/26 19:36:00 | 00,144,384 | ---- | C] (Microsoft Corporation) netwlan5.img -> %SystemRoot%\System32\drivers\netwlan5.img -> [2008/09/26 19:35:52 | 00,067,866 | ---- | C] () napmontr.dll -> %SystemRoot%\System32\napmontr.dll -> [2008/09/26 19:35:50 | 00,193,024 | ---- | C] (Microsoft Corporation) napstat.exe -> %SystemRoot%\System32\napstat.exe -> [2008/09/26 19:35:50 | 00,176,640 | ---- | C] (Microsoft Corporation) napipsec.dll -> %SystemRoot%\System32\napipsec.dll -> [2008/09/26 19:35:50 | 00,030,208 | ---- | C] (Microsoft Corporation) mutohpen.sys -> %SystemRoot%\System32\drivers\mutohpen.sys -> [2008/09/26 19:35:49 | 00,012,672 | ---- | C] (Microsoft Corporation) msxml6.dll -> %SystemRoot%\System32\msxml6.dll -> [2008/09/26 19:35:48 | 01,307,648 | ---- | C] (Microsoft Corporation) msxml6.dll -> %SystemRoot%\System32\dllcache\msxml6.dll -> [2008/09/26 19:35:48 | 01,307,648 | ---- | C] (Microsoft Corporation) msxml6r.dll -> %SystemRoot%\System32\msxml6r.dll -> [2008/09/26 19:35:48 | 00,079,872 | ---- | C] (Microsoft Corporation) msxml6r.dll -> %SystemRoot%\System32\dllcache\msxml6r.dll -> [2008/09/26 19:35:48 | 00,079,872 | ---- | C] (Microsoft Corporation) mssha.dll -> %SystemRoot%\System32\mssha.dll -> [2008/09/26 19:35:46 | 00,155,136 | ---- | C] (Microsoft Corporation) msshavmsg.dll -> %SystemRoot%\System32\msshavmsg.dll -> [2008/09/26 19:35:46 | 00,076,800 | ---- | C] (Microsoft Corporation) mmcex.dll -> %SystemRoot%\System32\mmcex.dll -> [2008/09/26 19:35:31 | 00,397,312 | ---- | C] (Microsoft Corporation) microsoft.managementconsole.dll -> %SystemRoot%\System32\microsoft.managementconsole.dll -> [2008/09/26 19:35:31 | 00,184,320 | ---- | C] (Microsoft Corporation) mmcfxcommon.dll -> %SystemRoot%\System32\mmcfxcommon.dll -> [2008/09/26 19:35:31 | 00,106,496 | ---- | C] (Microsoft Corporation) mmcperf.exe -> %SystemRoot%\System32\mmcperf.exe -> [2008/09/26 19:35:31 | 00,033,792 | ---- | C] (Microsoft Corporation) kmsvc.dll -> %SystemRoot%\System32\kmsvc.dll -> [2008/09/26 19:35:17 | 00,061,440 | ---- | C] (Microsoft Corporation) l2gpstore.dll -> %SystemRoot%\System32\l2gpstore.dll -> [2008/09/26 19:35:17 | 00,037,376 | ---- | C] (Microsoft Corporation) kbdpash.dll -> %SystemRoot%\System32\kbdpash.dll -> [2008/09/26 19:35:17 | 00,006,144 | ---- | C] (Microsoft Corporation) kbdnepr.dll -> %SystemRoot%\System32\kbdnepr.dll -> [2008/09/26 19:35:17 | 00,006,144 | ---- | C] (Microsoft Corporation) kbdiultn.dll -> %SystemRoot%\System32\kbdiultn.dll -> [2008/09/26 19:35:16 | 00,006,144 | ---- | C] (Microsoft Corporation) kbdbhc.dll -> %SystemRoot%\System32\kbdbhc.dll -> [2008/09/26 19:35:16 | 00,006,144 | ---- | C] (Microsoft Corporation) smtpapi.dll -> %SystemRoot%\System32\smtpapi.dll -> [2008/09/26 19:35:09 | 00,010,752 | ---- | C] (Microsoft Corporation) rwnh.dll -> %SystemRoot%\System32\rwnh.dll -> [2008/09/26 19:35:09 | 00,009,728 | ---- | C] (Microsoft Corporation) pid.inf -> %SystemRoot%\System32\pid.inf -> [2008/09/26 19:35:09 | 00,000,974 | ---- | C] () irbus.sys -> %SystemRoot%\System32\drivers\irbus.sys -> [2008/09/26 19:35:08 | 00,046,592 | ---- | C] (Microsoft Corporation) comsdupd.exe -> %SystemRoot%\System32\comsdupd.exe -> [2008/09/26 19:35:08 | 00,009,728 | ---- | C] (Microsoft Corporation) hidbth.sys -> %SystemRoot%\System32\drivers\hidbth.sys -> [2008/09/26 19:35:05 | 00,025,600 | ---- | C] (Microsoft Corporation) hidir.sys -> %SystemRoot%\System32\drivers\hidir.sys -> [2008/09/26 19:35:05 | 00,019,200 | ---- | C] (Microsoft Corporation) gagp30kx.sys -> %SystemRoot%\System32\drivers\gagp30kx.sys -> [2008/09/26 19:35:04 | 00,046,464 | ---- | C] (Microsoft Corporation) eapsvc.dll -> %SystemRoot%\System32\eapsvc.dll -> [2008/09/26 19:35:02 | 00,033,792 | ---- | C] (Microsoft Corporation) faxpatch.exe -> %SystemRoot%\System32\faxpatch.exe -> [2008/09/26 19:35:02 | 00,020,992 | ---- | C] (Microsoft Corporation) eapp3hst.dll -> %SystemRoot%\System32\eapp3hst.dll -> [2008/09/26 19:35:01 | 00,184,832 | ---- | C] (Microsoft Corporation) eapphost.dll -> %SystemRoot%\System32\eapphost.dll -> [2008/09/26 19:35:01 | 00,180,224 | ---- | C] (Microsoft Corporation) eappcfg.dll -> %SystemRoot%\System32\eappcfg.dll -> [2008/09/26 19:35:01 | 00,126,976 | ---- | C] (Microsoft Corporation) eappgnui.dll -> %SystemRoot%\System32\eappgnui.dll -> [2008/09/26 19:35:01 | 00,094,208 | ---- | C] (Microsoft Corporation) eapqec.dll -> %SystemRoot%\System32\eapqec.dll -> [2008/09/26 19:35:01 | 00,059,392 | ---- | C] (Microsoft Corporation) eappprxy.dll -> %SystemRoot%\System32\eappprxy.dll -> [2008/09/26 19:35:01 | 00,040,960 | ---- | C] (Microsoft Corporation) eapolqec.dll -> %SystemRoot%\System32\eapolqec.dll -> [2008/09/26 19:35:01 | 00,030,720 | ---- | C] (Microsoft Corporation) dot3ui.dll -> %SystemRoot%\System32\dot3ui.dll -> [2008/09/26 19:35:00 | 00,650,752 | ---- | C] (Microsoft Corporation) dot3svc.dll -> %SystemRoot%\System32\dot3svc.dll -> [2008/09/26 19:35:00 | 00,132,096 | ---- | C] (Microsoft Corporation) dot3cfg.dll -> %SystemRoot%\System32\dot3cfg.dll -> [2008/09/26 19:35:00 | 00,057,856 | ---- | C] (Microsoft Corporation) dot3msm.dll -> %SystemRoot%\System32\dot3msm.dll -> [2008/09/26 19:35:00 | 00,056,320 | ---- | C] (Microsoft Corporation) dot3gpclnt.dll -> %SystemRoot%\System32\dot3gpclnt.dll -> [2008/09/26 19:35:00 | 00,039,936 | ---- | C] (Microsoft Corporation) dimsroam.dll -> %SystemRoot%\System32\dimsroam.dll -> [2008/09/26 19:35:00 | 00,039,936 | ---- | C] (Microsoft Corporation) dot3api.dll -> %SystemRoot%\System32\dot3api.dll -> [2008/09/26 19:35:00 | 00,026,112 | ---- | C] (Microsoft Corporation) dimsntfy.dll -> %SystemRoot%\System32\dimsntfy.dll -> [2008/09/26 19:35:00 | 00,019,456 | ---- | C] (Microsoft Corporation) dot3dlg.dll -> %SystemRoot%\System32\dot3dlg.dll -> [2008/09/26 19:35:00 | 00,009,216 | ---- | C] (Microsoft Corporation) dhcpqec.dll -> %SystemRoot%\System32\dhcpqec.dll -> [2008/09/26 19:34:59 | 00,048,640 | ---- | C] (Microsoft Corporation) cxthsfs2.cty -> %SystemRoot%\System32\drivers\cxthsfs2.cty -> [2008/09/26 19:34:58 | 00,129,045 | ---- | C] () credssp.dll -> %SystemRoot%\System32\credssp.dll -> [2008/09/26 19:34:57 | 00,012,800 | ---- | C] (Microsoft Corporation) azroles.dll -> %SystemRoot%\System32\azroles.dll -> [2008/09/26 19:34:54 | 00,233,472 | ---- | C] (Microsoft Corporation) bthpan.sys -> %SystemRoot%\System32\drivers\bthpan.sys -> [2008/09/26 19:34:54 | 00,101,120 | ---- | C] (Microsoft Corporation) bthmodem.sys -> %SystemRoot%\System32\drivers\bthmodem.sys -> [2008/09/26 19:34:54 | 00,037,888 | ---- | C] (Microsoft Corporation) bthprint.sys -> %SystemRoot%\System32\drivers\bthprint.sys -> [2008/09/26 19:34:54 | 00,036,480 | ---- | C] (Microsoft Corporation) bthusb.sys -> %SystemRoot%\System32\drivers\bthusb.sys -> [2008/09/26 19:34:54 | 00,018,944 | ---- | C] (Microsoft Corporation) bthenum.sys -> %SystemRoot%\System32\drivers\bthenum.sys -> [2008/09/26 19:34:54 | 00,017,024 | ---- | C] (Microsoft Corporation) bitsprx4.dll -> %SystemRoot%\System32\bitsprx4.dll -> [2008/09/26 19:34:54 | 00,007,168 | ---- | C] (Microsoft Corporation) ativmc20.cod -> %SystemRoot%\System32\drivers\ativmc20.cod -> [2008/09/26 19:34:53 | 00,064,352 | ---- | C] () aaclient.dll -> %SystemRoot%\System32\aaclient.dll -> [2008/09/26 19:34:48 | 00,136,192 | ---- | C] (Microsoft Corporation) Hinduism Reading Notes Chandogya Upanisad.doc -> %UserProfile%\My Documents\Hinduism Reading Notes Chandogya Upanisad.doc -> [2008/09/23 20:47:49 | 00,030,720 | ---- | C] () Reaction Paper Assignment Mao Zedong.doc -> %UserProfile%\My Documents\Reaction Paper Assignment Mao Zedong.doc -> [2008/09/21 21:55:12 | 00,030,720 | ---- | C] () Blizzard Entertainment -> %CommonProgramFiles%\Blizzard Entertainment -> [2008/09/17 18:23:16 | 00,000,000 | ---D | C] World of Warcraft Trial -> %ProgramFiles%\World of Warcraft Trial -> [2008/09/17 18:23:15 | 00,000,000 | ---D | C] MCH1 The Early and High Qing, 1644-1795.doc -> %UserProfile%\My Documents\MCH1 The Early and High Qing, 1644-1795.doc -> [2008/09/17 14:18:22 | 00,058,368 | ---- | C] () The Early and High Qing, 1644-1795.doc -> %UserProfile%\My Documents\The Early and High Qing, 1644-1795.doc -> [2008/09/17 14:17:37 | 00,033,280 | ---- | C] () The Early and High Qing, 1644-1795.mht -> %UserProfile%\My Documents\The Early and High Qing, 1644-1795.mht -> [2008/09/17 14:14:28 | 00,559,285 | ---- | C] () Revolution and its Past Notes.doc -> %UserProfile%\My Documents\Revolution and its Past Notes.doc -> [2008/09/16 22:05:37 | 00,033,280 | ---- | C] () SecuROM -> %AppData%\SecuROM -> [2008/09/10 20:06:59 | 00,000,000 | RH-D | C] Hinduism Reading Notes.doc -> %UserProfile%\My Documents\Hinduism Reading Notes.doc -> [2008/09/10 01:19:43 | 00,029,184 | ---- | C] () Current History Reading Notes.doc -> %UserProfile%\My Documents\Current History Reading Notes.doc -> [2008/09/09 23:21:20 | 00,034,304 | ---- | C] () Letter of Intent.doc -> %UserProfile%\My Documents\Letter of Intent.doc -> [2008/09/09 21:03:27 | 00,024,064 | ---- | C] () [Files/Folders - Modified Within 90 Days] 10 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> 2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> 30 C:\Documents and Settings\David Nyczepir\My Documents\*.tmp files -> C:\Documents and Settings\David Nyczepir\My Documents\*.tmp -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader -> [2006/07/17 14:41:21 | 00,000,000 | ---D | M] qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2008/12/01 15:57:20 | 00,006,055 | ---- | M] () qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2008/12/01 16:02:12 | 00,004,232 | ---- | M] () C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\ -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA -> [2006/08/22 20:54:05 | 00,000,000 | ---D | M] opa11.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2006/08/22 20:54:14 | 00,011,078 | ---- | M] () C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\ -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV -> [2006/09/26 20:32:46 | 00,000,000 | --SD | M] r=http%253A[1].com&pagetype=channel&pagetype=channel&site=ign&dechannel=ign&size=1x1&network_id=12&name=ATAtracker&PageId=1159293248841&random=1159293248841&ct=js&property=ign& -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\r=http%253A[1].com -> File not found C:\Documents and Settings\David Nyczepir\Local Settings\Temp\ -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp -> [2008/12/03 20:30:44 | 00,000,000 | ---D | M] vmpremov.exe -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\vmpremov.exe -> [2007/08/10 14:10:02 | 00,114,688 | ---- | M] (Viewpoint Corporation) _is99.exe -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\_is99.exe -> [2006/05/23 22:10:42 | 00,455,600 | R--- | M] (Macrovision Corporation) 43 C:\Documents and Settings\David Nyczepir\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\*.tmp -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\ins1.tmp\ -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\ins1.tmp\ -> [2008/11/30 17:12:16 | 00,000,000 | ---D | M] LDMClient.exe -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\ins1.tmp\LDMClient.exe -> [2004/05/19 20:41:44 | 05,786,100 | R--- | M] (BackWeb) C:\Documents and Settings\David Nyczepir\Local Settings\Temp\ -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp -> [2008/12/03 20:30:44 | 00,000,000 | ---D | M] u_opmnpz.dll -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\u_opmnpz.dll -> [2008/12/01 15:36:18 | 00,011,264 | ---- | M] ( ) 43 C:\Documents and Settings\David Nyczepir\Local Settings\Temp\*.tmp files -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\*.tmp -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\{4877BD3F-70E7-4C84-9BFB-D4D3AD0BCCCE}\ -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\{4877BD3F-70E7-4C84-9BFB-D4D3AD0BCCCE} -> [2008/11/30 17:12:16 | 00,000,000 | ---D | M] ISSetup.dll -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\{4877BD3F-70E7-4C84-9BFB-D4D3AD0BCCCE}\ISSetup.dll -> [2006/10/05 18:12:20 | 00,552,214 | R--- | M] (Macrovision Corporation) _Setup.dll -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\{4877BD3F-70E7-4C84-9BFB-D4D3AD0BCCCE}\_Setup.dll -> [2006/05/16 21:21:06 | 00,152,496 | R--- | M] (Macrovision Corporation) C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\ -> [2006/09/26 20:27:19 | 00,000,000 | -HSD | M] index.dat -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2008/12/03 10:32:31 | 02,392,064 | ---- | M] () C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\ -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV -> [2006/09/26 20:32:46 | 00,000,000 | --SD | M] progressive_fast_ad_120[1].dat -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\progressive_fast_ad_120[1].dat -> [2006/09/26 17:47:55 | 00,247,292 | ---- | M] () tvstop5_092506_clip1_120[1].dat -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\tvstop5_092506_clip1_120[1].dat -> [2006/09/26 17:47:00 | 00,512,094 | ---- | M] () tvstop5_092506_clip2_120[1].dat -> C:\Documents and Settings\David Nyczepir\Local Settings\Temp\Temporary Internet Files\Content.IE5\QFCPIPSV\tvstop5_092506_clip2_120[1].dat -> [2006/09/26 17:48:16 | 00,544,685 | ---- | M] () C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> [2008/12/03 20:28:45 | 00,000,000 | ---D | M] ALUpdate.exe -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ALUpdate.exe -> [2008/11/27 12:27:50 | 00,655,360 | ---- | M] (Sophos Plc) C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> [2008/12/03 20:28:45 | 00,000,000 | ---D | M] boost_date_time-vc71-mt-1_32.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\boost_date_time-vc71-mt-1_32.dll -> [2007/06/20 03:58:54 | 00,045,056 | ---- | M] () ChannelUpdater.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ChannelUpdater.dll -> [2008/11/27 12:27:46 | 00,172,032 | ---- | M] (Sophos Plc) CidSync.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\CidSync.dll -> [2008/11/27 12:27:48 | 00,176,128 | ---- | M] (Sophos Plc) crypto.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\crypto.dll -> [2007/06/20 03:58:52 | 00,020,480 | ---- | M] () libcurl.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\libcurl.dll -> [2007/06/20 03:58:54 | 00,159,744 | ---- | M] (The cURL library, http://curl.haxx.se/) libeay32.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\libeay32.dll -> [2007/06/20 03:58:58 | 00,745,472 | ---- | M] () MSVCP71.DLL -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\MSVCP71.DLL -> [2007/02/08 13:27:32 | 00,499,712 | ---- | M] (Microsoft Corporation) MSVCR71.DLL -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\MSVCR71.DLL -> [2007/02/08 13:27:30 | 00,348,160 | ---- | M] (Microsoft Corporation) retailer.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\retailer.dll -> [2008/11/27 12:27:50 | 00,208,896 | ---- | M] (Sophos Plc) SharedRes.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\SharedRes.dll -> [2008/04/14 12:02:07 | 00,018,432 | ---- | M] (Sophos Plc) xmlcpp.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmlcpp.dll -> [2007/06/20 03:58:54 | 00,014,336 | ---- | M] () xmlparse.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmlparse.dll -> [2007/06/20 03:58:54 | 00,057,344 | ---- | M] () xmltok.dll -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\xmltok.dll -> [2007/06/20 03:58:58 | 00,073,728 | ---- | M] () C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\ -> [2008/12/03 20:28:45 | 00,000,000 | ---D | M] scf.dat -> C:\WINDOWS\Temp\sophos_autoupdate1.dir\scf.dat -> [2008/11/27 12:27:47 | 00,002,970 | ---- | M] () wisofila -> %SystemRoot%\System32\wisofila -> [2008/12/03 20:33:16 | 00,008,812 | -H-- | M] () OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/12/03 20:21:04 | 00,647,651 | ---- | M] () VirtumundoBeGone.exe -> %UserProfile%\Desktop\VirtumundoBeGone.exe -> [2008/12/03 19:41:10 | 00,096,978 | ---- | M] (Business Information Solutions) HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/12/03 18:37:13 | 00,001,734 | ---- | M] () wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/12/03 18:34:26 | 00,002,206 | ---- | M] () perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2008/12/03 18:34:10 | 00,385,472 | ---- | M] () PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2008/12/03 18:34:09 | 00,446,066 | ---- | M] () perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2008/12/03 18:34:09 | 00,054,798 | ---- | M] () MP Scheduled Scan.job -> %SystemRoot%\tasks\MP Scheduled Scan.job -> [2008/12/03 18:31:04 | 00,000,330 | -H-- | M] () nvModes.001 -> %SystemRoot%\System32\nvModes.001 -> [2008/12/03 18:28:50 | 00,054,217 | ---- | M] () nvapps.xml -> %SystemRoot%\System32\nvapps.xml -> [2008/12/03 18:28:50 | 00,050,868 | ---- | M] () SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2008/12/03 18:28:09 | 00,000,006 | -H-- | M] () bootstat.dat -> %SystemRoot%\bootstat.dat -> [2008/12/03 18:27:59 | 00,002,048 | --S- | M] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/12/03 18:27:57 | 21,458,45248 | -HS- | M] () iTunes.lnk -> %AllUsersProfile%\Desktop\iTunes.lnk -> [2008/12/03 16:37:16 | 00,002,137 | ---- | M] () nvModes.dat -> %SystemRoot%\System32\nvModes.dat -> [2008/12/03 16:36:14 | 00,054,217 | ---- | M] () Modern Chinese History.doc -> %UserProfile%\My Documents\Modern Chinese History.doc -> [2008/12/03 16:20:26 | 00,253,952 | ---- | M] () Hinduism Class Notes.doc -> %UserProfile%\My Documents\Hinduism Class Notes.doc -> [2008/12/03 13:54:20 | 00,203,264 | ---- | M] () ~$nduism Class Notes.doc -> %UserProfile%\My Documents\~$nduism Class Notes.doc -> [2008/12/03 13:43:16 | 00,000,162 | -H-- | M] () ahinibes.ini -> %SystemRoot%\System32\ahinibes.ini -> [2008/12/03 10:11:19 | 00,000,120 | -HS- | M] () hozegupo.dll -> %SystemRoot%\System32\hozegupo.dll -> [2008/12/03 10:11:01 | 00,094,261 | -HS- | M] () sebiniha.dll -> %SystemRoot%\System32\sebiniha.dll -> [2008/12/03 10:11:01 | 00,085,557 | -HS- | M] () ivehihaw.ini -> %SystemRoot%\System32\ivehihaw.ini -> [2008/12/02 14:33:11 | 00,000,120 | -HS- | M] () kabehize.dll -> %SystemRoot%\System32\kabehize.dll -> [2008/12/02 14:33:08 | 00,093,749 | ---- | M] () UnmanagedComputerScan.job -> %SystemRoot%\tasks\UnmanagedComputerScan.job -> [2008/12/02 14:22:17 | 00,000,530 | ---- | M] () Religion to 1840 Class Notes.doc -> %UserProfile%\My Documents\Religion to 1840 Class Notes.doc -> [2008/12/02 12:21:11 | 00,189,440 | ---- | M] () Africa Since 1800 Class Notes.doc -> %UserProfile%\My Documents\Africa Since 1800 Class Notes.doc -> [2008/12/02 10:47:46 | 00,179,200 | ---- | M] () France in Africa A Muslim Power.doc -> %UserProfile%\My Documents\France in Africa A Muslim Power.doc -> [2008/12/02 05:08:48 | 00,041,472 | ---- | M] () etekahob.ini -> %SystemRoot%\System32\etekahob.ini -> [2008/12/02 02:33:01 | 00,000,120 | -HS- | M] () owojusiv.ini -> %SystemRoot%\System32\owojusiv.ini -> [2008/12/02 01:32:52 | 00,000,120 | -HS- | M] () ripagupa.dll -> %SystemRoot%\System32\ripagupa.dll -> [2008/12/02 01:32:49 | 00,065,076 | -HS- | M] () wininit.ini -> %SystemRoot%\wininit.ini -> [2008/12/01 16:05:03 | 00,000,424 | ---- | M] () NYCZEP07.doc -> %UserProfile%\My Documents\NYCZEP07.doc -> [2008/12/01 15:24:25 | 00,025,088 | ---- | M] () MCR Project 7.doc -> %UserProfile%\My Documents\MCR Project 7.doc -> [2008/12/01 14:35:59 | 00,025,088 | ---- | M] () The Hindu Center of Virginia Site Visit and Analysis.doc -> %UserProfile%\My Documents\The Hindu Center of Virginia Site Visit and Analysis.doc -> [2008/12/01 13:54:35 | 00,032,256 | ---- | M] () ehunolam.ini -> %SystemRoot%\System32\ehunolam.ini -> [2008/12/01 13:32:27 | 00,000,120 | -HS- | M] () malonuhe.dll -> %SystemRoot%\System32\malonuhe.dll -> [2008/12/01 13:32:24 | 00,086,580 | -HS- | M] () itirafiw.ini -> %SystemRoot%\System32\itirafiw.ini -> [2008/12/01 00:56:52 | 00,000,120 | -HS- | M] () wifariti.dll -> %SystemRoot%\System32\wifariti.dll -> [2008/12/01 00:56:43 | 00,088,116 | ---- | M] () hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2008/11/30 17:36:26 | 00,288,517 | R--- | M] () ijovuvup.ini -> %SystemRoot%\System32\ijovuvup.ini -> [2008/11/30 12:56:28 | 01,296,222 | -HS- | M] () ahagusut.ini -> %SystemRoot%\System32\ahagusut.ini -> [2008/11/30 01:04:41 | 01,296,240 | -HS- | M] () jabetuze.dll -> %SystemRoot%\System32\jabetuze.dll -> [2008/11/30 00:40:48 | 00,094,772 | -HS- | M] () tusugaha.dll -> %SystemRoot%\System32\tusugaha.dll -> [2008/11/30 00:40:48 | 00,088,116 | ---- | M] () Christmas List 2008.doc -> %UserProfile%\My Documents\Christmas List 2008.doc -> [2008/11/29 23:04:00 | 00,027,648 | ---- | M] () AutoUpdate Monitor.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk -> [2008/11/29 21:28:53 | 00,000,712 | ---- | M] () MCR 7 Proposal.doc -> %UserProfile%\My Documents\MCR 7 Proposal.doc -> [2008/11/24 14:22:11 | 00,024,576 | ---- | M] () The Global Color Line Take Home Essays 2.doc -> %UserProfile%\My Documents\The Global Color Line Take Home Essays 2.doc -> [2008/11/24 11:29:17 | 00,062,464 | ---- | M] () QuickTime Player.lnk -> %AllUsersProfile%\Desktop\QuickTime Player.lnk -> [2008/11/22 22:20:23 | 00,001,604 | ---- | M] () AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2008/11/22 22:18:43 | 00,000,284 | ---- | M] () d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2008/11/22 17:11:12 | 00,000,664 | ---- | M] () QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [2008/11/21 20:23:29 | 00,054,156 | -H-- | M] () Completed Stuff.doc -> %UserProfile%\My Documents\Completed Stuff.doc -> [2008/11/20 04:07:27 | 03,949,056 | ---- | M] () Group Reflection.doc -> %UserProfile%\My Documents\Group Reflection.doc -> [2008/11/20 02:26:33 | 00,315,904 | ---- | M] () What to Do When Visiting Old Homes.doc -> %UserProfile%\My Documents\What to Do When Visiting Old Homes.doc -> [2008/11/20 02:08:47 | 00,317,440 | ---- | M] () Edenton Buildings.doc -> %UserProfile%\My Documents\Edenton Buildings.doc -> [2008/11/19 18:42:18 | 00,031,232 | ---- | M] () KGyGaAvL.sys -> %SystemRoot%\System32\KGyGaAvL.sys -> [2008/11/19 00:58:57 | 00,003,766 | -HS- | M] () BF7A58D419.sys -> %SystemRoot%\System32\BF7A58D419.sys -> [2008/11/19 00:58:55 | 00,000,088 | RHS- | M] () NYCZEP06.doc -> %UserProfile%\My Documents\NYCZEP06.doc -> [2008/11/19 00:43:09 | 00,025,088 | ---- | M] () MCR 6 Part II.doc -> %UserProfile%\My Documents\MCR 6 Part II.doc -> [2008/11/18 22:12:36 | 00,019,968 | ---- | M] () IPH.PH -> %SystemDrive%\IPH.PH -> [2008/11/18 16:19:24 | 00,002,409 | -H-- | M] () NYCZEP06-1.doc -> %UserProfile%\My Documents\NYCZEP06-1.doc -> [2008/11/17 14:48:22 | 00,066,048 | ---- | M] () Term Paper MCH.doc -> %UserProfile%\My Documents\Term Paper MCH.doc -> [2008/11/17 14:44:31 | 00,066,048 | ---- | M] () imsins.BAK -> %SystemRoot%\imsins.BAK -> [2008/11/12 12:05:34 | 00,001,393 | ---- | M] () Payne Quotes.doc -> %UserProfile%\My Documents\Payne Quotes.doc -> [2008/11/11 22:44:31 | 00,024,576 | ---- | M] () Class Notes.doc -> %UserProfile%\My Documents\Class Notes.doc -> [2008/11/11 18:36:37 | 00,030,208 | ---- | M] () ~$ligion to 1840 Class Notes.doc -> %UserProfile%\My Documents\~$ligion to 1840 Class Notes.doc -> [2008/11/11 11:17:14 | 00,000,162 | -H-- | M] () CANNINxx.doc -> %UserProfile%\My Documents\CANNINxx.doc -> [2008/11/03 02:23:28 | 00,033,792 | ---- | M] () NYCZEP05.doc -> %UserProfile%\My Documents\NYCZEP05.doc -> [2008/11/03 02:19:59 | 00,033,792 | ---- | M] () 2008 Edit 2.doc -> %UserProfile%\My Documents\2008 Edit 2.doc -> [2008/10/30 02:01:22 | 00,134,656 | ---- | M] () 2008 Review 2.doc -> %UserProfile%\My Documents\2008 Review 2.doc -> [2008/10/30 02:01:01 | 00,030,720 | ---- | M] () Hinduism Take Home Essay 2.doc -> %UserProfile%\My Documents\Hinduism Take Home Essay 2.doc -> [2008/10/28 19:59:25 | 00,029,696 | ---- | M] () Edit 2008 1.doc -> %UserProfile%\My Documents\Edit 2008 1.doc -> [2008/10/26 23:38:12 | 00,067,584 | ---- | M] () Review 2008 1.doc -> %UserProfile%\My Documents\Review 2008 1.doc -> [2008/10/26 23:37:54 | 00,029,696 | ---- | M] () mrxsmb.sys -> %SystemRoot%\System32\drivers\mrxsmb.sys -> [2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) mrxsmb.sys -> %SystemRoot%\System32\dllcache\mrxsmb.sys -> [2008/10/24 06:21:09 | 00,455,296 | ---- | M] (Microsoft Corporation) MCR 4.doc -> %UserProfile%\My Documents\MCR 4.doc -> [2008/10/20 13:51:01 | 00,031,232 | ---- | M] () The Global Color Line Take Home Essays.doc -> %UserProfile%\My Documents\The Global Color Line Take Home Essays.doc -> [2008/10/20 02:42:56 | 00,053,760 | ---- | M] () GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2008/10/18 19:39:30 | 00,027,464 | ---- | M] () WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [2008/10/18 19:37:26 | 00,316,640 | ---- | M] () FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/18 19:35:39 | 00,135,664 | ---- | M] () Kaffir Boy.doc -> %UserProfile%\My Documents\Kaffir Boy.doc -> [2008/10/18 16:00:52 | 00,022,528 | ---- | M] () ntldr -> %SystemDrive%\ntldr -> [2008/10/18 12:57:19 | 00,250,048 | RHS- | M] () Monitor Form.doc -> %UserProfile%\My Documents\Monitor Form.doc -> [2008/10/15 18:46:52 | 00,025,088 | ---- | M] () netapi32.dll -> %SystemRoot%\System32\netapi32.dll -> [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) netapi32.dll -> %SystemRoot%\System32\dllcache\netapi32.dll -> [2008/10/15 11:34:24 | 00,337,408 | ---- | M] (Microsoft Corporation) World of Warcraft.lnk -> %AllUsersProfile%\Desktop\World of Warcraft.lnk -> [2008/10/14 15:26:50 | 00,000,865 | ---- | M] () Midterm Exam Study Guide.doc -> %UserProfile%\My Documents\Midterm Exam Study Guide.doc -> [2008/10/07 17:52:55 | 00,073,216 | ---- | M] () MCH1 The Early and High Qing, 1644-1795.doc -> %UserProfile%\My Documents\MCH1 The Early and High Qing, 1644-1795.doc -> [2008/10/07 14:36:02 | 00,058,368 | ---- | M] () Video Paragraph.doc -> %UserProfile%\My Documents\Video Paragraph.doc -> [2008/10/07 08:24:49 | 00,025,088 | ---- | M] () ~$dterm Exam Study Guide.doc -> %UserProfile%\My Documents\~$dterm Exam Study Guide.doc -> [2008/10/06 18:13:10 | 00,000,162 | -H-- | M] () Hinduism Slides.doc -> %UserProfile%\My Documents\Hinduism Slides.doc -> [2008/10/04 23:56:03 | 00,030,720 | ---- | M] () Modern Chinese History Study Guide 1.doc -> %UserProfile%\My Documents\Modern Chinese History Study Guide 1.doc -> [2008/10/04 05:50:21 | 00,064,512 | ---- | M] () ieframe.dll -> %SystemRoot%\System32\ieframe.dll -> [2008/10/03 12:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) ieframe.dll -> %SystemRoot%\System32\dllcache\ieframe.dll -> [2008/10/03 12:41:15 | 06,066,176 | ---- | M] (Microsoft Corporation) Caste System Notes.doc -> %UserProfile%\My Documents\Caste System Notes.doc -> [2008/10/02 21:14:09 | 00,026,624 | ---- | M] () Chinese History Reading Notes.doc -> %UserProfile%\My Documents\Chinese History Reading Notes.doc -> [2008/10/01 14:04:06 | 00,030,720 | ---- | M] () msxml4.dll -> %SystemRoot%\System32\msxml4.dll -> [2008/09/30 16:43:34 | 01,286,152 | ---- | M] (Microsoft Corporation) SophosBootDriver.sys -> %SystemRoot%\System32\drivers\SophosBootDriver.sys -> [2008/09/30 14:20:04 | 00,014,976 | ---- | M] (Sophos Plc) savonaccesscontrol.sys -> %SystemRoot%\System32\drivers\savonaccesscontrol.sys -> [2008/09/30 14:20:03 | 00,104,704 | ---- | M] (Sophos Plc) savonaccessfilter.sys -> %SystemRoot%\System32\drivers\savonaccessfilter.sys -> [2008/09/30 14:20:03 | 00,035,584 | ---- | M] (Sophos Plc) 3a4f5a23.stf -> %SystemRoot%\System32\3a4f5a23.stf -> [2008/09/30 14:20:02 | 00,130,104 | -H-- | M] (Sophos Plc) sdccoinstaller.dll -> %SystemRoot%\System32\sdccoinstaller.dll -> [2008/09/30 14:20:02 | 00,130,104 | ---- | M] (Sophos Plc) sophosboottasks.exe -> %SystemRoot%\System32\sophosboottasks.exe -> [2008/09/30 14:20:01 | 00,023,552 | ---- | M] (Sophos Plc) The Global Color Line Class Notes.doc -> %UserProfile%\My Documents\The Global Color Line Class Notes.doc -> [2008/09/29 11:47:31 | 00,125,952 | ---- | M] () Hinduism Take Home Essay 1.doc -> %UserProfile%\My Documents\Hinduism Take Home Essay 1.doc -> [2008/09/28 17:36:16 | 00,028,160 | ---- | M] () Hinduism Reading Notes.doc -> %UserProfile%\My Documents\Hinduism Reading Notes.doc -> [2008/09/23 23:25:46 | 00,029,184 | ---- | M] () Hinduism Reading Notes Chandogya Upanisad.doc -> %UserProfile%\My Documents\Hinduism Reading Notes Chandogya Upanisad.doc -> [2008/09/23 20:47:50 | 00,030,720 | ---- | M] () NYCZEPxx1.doc -> %UserProfile%\My Documents\NYCZEPxx1.doc -> [2008/09/22 12:35:56 | 00,031,232 | ---- | M] () Reaction Paper Assignment Mao Zedong.doc -> %UserProfile%\My Documents\Reaction Paper Assignment Mao Zedong.doc -> [2008/09/22 12:33:20 | 00,030,720 | ---- | M] () The Early and High Qing, 1644-1795.doc -> %UserProfile%\My Documents\The Early and High Qing, 1644-1795.doc -> [2008/09/17 14:17:37 | 00,033,280 | ---- | M] () The Early and High Qing, 1644-1795.mht -> %UserProfile%\My Documents\The Early and High Qing, 1644-1795.mht -> [2008/09/17 14:14:30 | 00,559,285 | ---- | M] () Revolution and its Past Notes.doc -> %UserProfile%\My Documents\Revolution and its Past Notes.doc -> [2008/09/17 00:43:49 | 00,033,280 | ---- | M] () win32k.sys -> %SystemRoot%\System32\win32k.sys -> [2008/09/15 07:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation) win32k.sys -> %SystemRoot%\System32\dllcache\win32k.sys -> [2008/09/15 07:12:56 | 01,846,400 | ---- | M] (Microsoft Corporation) CmdLineExt.dll -> %SystemRoot%\System32\CmdLineExt.dll -> [2008/09/10 20:06:57 | 00,107,888 | ---- | M] (Sony DADC Austria AG.) EA Download Manager.lnk -> %AllUsersProfile%\Desktop\EA Download Manager.lnk -> [2008/09/10 20:05:26 | 00,001,810 | ---- | M] () ealregsnapshot1.reg -> %SystemRoot%\System32\ealregsnapshot1.reg -> [2008/09/10 20:05:21 | 00,002,054 | ---- | M] () Current History Reading Notes.doc -> %UserProfile%\My Documents\Current History Reading Notes.doc -> [2008/09/09 23:39:22 | 00,034,304 | ---- | M] () Letter of Intent.doc -> %UserProfile%\My Documents\Letter of Intent.doc -> [2008/09/09 21:03:28 | 00,024,064 | ---- | M] () msxml6.dll -> %SystemRoot%\System32\msxml6.dll -> [2008/09/09 20:14:56 | 01,307,648 | ---- | M] (Microsoft Corporation) msxml6.dll -> %SystemRoot%\System32\dllcache\msxml6.dll -> [2008/09/09 20:14:56 | 01,307,648 | ---- | M] (Microsoft Corporation) srv.sys -> %SystemRoot%\System32\drivers\srv.sys -> [2008/09/08 05:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation) srv.sys -> %SystemRoot%\System32\dllcache\srv.sys -> [2008/09/08 05:41:42 | 00,333,824 | ---- | M] (Microsoft Corporation) [File - Lop Check] Application Data -> C:\Documents and Settings\All Users\Application Data -> [2008/11/30 17:11:40 | 00,000,000 | RH-D | M] {3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} -> [2008/11/22 22:22:47 | 00,000,000 | ---D | M] Blizzard -> C:\Documents and Settings\All Users\Application Data\Blizzard -> [2008/10/14 14:59:13 | 00,000,000 | ---D | M] CopyPod -> C:\Documents and Settings\All Users\Application Data\CopyPod -> [2006/08/24 12:42:25 | 00,000,000 | ---D | M] Dell -> C:\Documents and Settings\All Users\Application Data\Dell -> [2008/02/26 21:19:56 | 00,000,000 | ---D | M] Intel -> C:\Documents and Settings\All Users\Application Data\Intel -> [2006/07/17 14:38:15 | 00,000,000 | ---D | M] NCH Swift Sound -> C:\Documents and Settings\All Users\Application Data\NCH Swift Sound -> [2007/12/04 01:51:48 | 00,000,000 | ---D | M] SafeNet Sentinel -> C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel -> [2008/03/24 00:12:04 | 00,000,000 | ---D | M] SBSI -> C:\Documents and Settings\All Users\Application Data\SBSI -> [2004/08/11 17:25:52 | 00,000,000 | ---D | M] Sophos -> C:\Documents and Settings\All Users\Application Data\Sophos -> [2007/08/27 14:21:37 | 00,000,000 | ---D | M] SPSS -> C:\Documents and Settings\All Users\Application Data\SPSS -> [2008/03/24 00:37:36 | 00,000,000 | ---D | M] SupportSoft -> C:\Documents and Settings\All Users\Application Data\SupportSoft -> [2008/02/26 21:10:32 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\All Users\Application Data\Viewpoint -> [2008/02/23 14:11:36 | 00,000,000 | ---D | M] Application Data -> C:\Documents and Settings\David Nyczepir\Application Data -> [2008/11/22 22:10:31 | 00,000,000 | RH-D | M] acccore -> C:\Documents and Settings\David Nyczepir\Application Data\acccore -> [2008/02/10 13:19:56 | 00,000,000 | ---D | M] BitTorrent -> C:\Documents and Settings\David Nyczepir\Application Data\BitTorrent -> [2007/08/28 10:13:32 | 00,000,000 | ---D | M] Corel Photo Album -> C:\Documents and Settings\David Nyczepir\Application Data\Corel Photo Album -> [2006/07/21 20:34:03 | 00,000,000 | ---D | M] CyberLink -> C:\Documents and Settings\David Nyczepir\Application Data\CyberLink -> [2006/08/04 16:27:20 | 00,000,000 | ---D | M] Intel -> C:\Documents and Settings\David Nyczepir\Application Data\Intel -> [2006/07/17 14:38:32 | 00,000,000 | ---D | M] Kensington -> C:\Documents and Settings\David Nyczepir\Application Data\Kensington -> [2006/07/31 16:04:14 | 00,000,000 | ---D | M] Leadertech -> C:\Documents and Settings\David Nyczepir\Application Data\Leadertech -> [2006/08/24 11:48:11 | 00,000,000 | ---D | M] Move Networks -> C:\Documents and Settings\David Nyczepir\Application Data\Move Networks -> [2008/11/27 13:30:04 | 00,000,000 | ---D | M] NCH Swift Sound -> C:\Documents and Settings\David Nyczepir\Application Data\NCH Swift Sound -> [2007/12/04 01:51:50 | 00,000,000 | ---D | M] SecuROM -> C:\Documents and Settings\David Nyczepir\Application Data\SecuROM -> [2008/09/10 20:06:59 | 00,000,000 | RH-D | M] teamspeak2 -> C:\Documents and Settings\David Nyczepir\Application Data\teamspeak2 -> [2006/07/21 17:15:04 | 00,000,000 | ---D | M] Viewpoint -> C:\Documents and Settings\David Nyczepir\Application Data\Viewpoint -> [2007/01/22 01:57:39 | 00,000,000 | ---D | M] Walgreens -> C:\Documents and Settings\David Nyczepir\Application Data\Walgreens -> [2006/12/31 14:07:44 | 00,000,000 | ---D | M] C:\WINDOWS\Tasks\ -> C:\WINDOWS\Tasks -> [2008/12/03 18:31:04 | 00,000,000 | --SD | M] AppleSoftwareUpdate.job -> C:\WINDOWS\Tasks\AppleSoftwareUpdate.job -> [2008/11/22 22:18:43 | 00,000,284 | ---- | M] () desktop.ini -> C:\WINDOWS\Tasks\desktop.ini -> [2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () MP Scheduled Scan.job -> C:\WINDOWS\Tasks\MP Scheduled Scan.job -> [2008/12/03 18:31:04 | 00,000,330 | -H-- | M] () SA.DAT -> C:\WINDOWS\Tasks\SA.DAT -> [2008/12/03 18:28:09 | 00,000,006 | -H-- | M] () UnmanagedComputerScan.job -> C:\WINDOWS\Tasks\UnmanagedComputerScan.job -> [2008/12/02 14:22:17 | 00,000,530 | ---- | M] () [File - Purity Scan] [File - Signature Check] < Cached Copy > -> < OS Copy > -> < MD5's > C:\WINDOWS\servicepackfiles\i386\explorer.exe [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\explorer.exe [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -> Cached Copy = 12896823FB95BFB3DC9B46BCAEDC9923 \ OS Copy = 12896823FB95BFB3DC9B46BCAEDC9923 C:\WINDOWS\servicepackfiles\i386\csrss.exe [2008/04/13 19:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\csrss.exe [2008/04/13 19:12:15 | 00,006,144 | ---- | M] (Microsoft Corporation) -> Cached Copy = 44F275C64738EA2056E3D9580C23B60F \ OS Copy = 44F275C64738EA2056E3D9580C23B60F C:\WINDOWS\servicepackfiles\i386\lsass.exe [2008/04/13 19:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\lsass.exe [2008/04/13 19:12:24 | 00,013,312 | ---- | M] (Microsoft Corporation) -> Cached Copy = BF2466B3E18E970D8A976FB95FC1CA85 \ OS Copy = BF2466B3E18E970D8A976FB95FC1CA85 C:\WINDOWS\servicepackfiles\i386\rundll32.exe [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\rundll32.exe [2008/04/13 19:12:33 | 00,033,280 | ---- | M] (Microsoft Corporation) -> Cached Copy = 037B1E7798960E0420003D05BB577EE6 \ OS Copy = 037B1E7798960E0420003D05BB577EE6 C:\WINDOWS\servicepackfiles\i386\services.exe [2008/04/13 19:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\services.exe [2008/04/13 19:12:34 | 00,108,544 | ---- | M] (Microsoft Corporation) -> Cached Copy = 0E776ED5F7CC9F94299E70461B7B8185 \ OS Copy = 0E776ED5F7CC9F94299E70461B7B8185 C:\WINDOWS\servicepackfiles\i386\smss.exe [2008/04/13 19:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\smss.exe [2008/04/13 19:12:36 | 00,050,688 | ---- | M] (Microsoft Corporation) -> Cached Copy = 5F816C1F539266D2D4C78694239DA0B5 \ OS Copy = 5F816C1F539266D2D4C78694239DA0B5 C:\WINDOWS\servicepackfiles\i386\spoolsv.exe [2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\spoolsv.exe [2008/04/13 19:12:36 | 00,057,856 | ---- | M] (Microsoft Corporation) -> Cached Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B \ OS Copy = D8E14A61ACC1D4A6CD0D38AEBAC7FA3B C:\WINDOWS\servicepackfiles\i386\svchost.exe [2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\svchost.exe [2008/04/13 19:12:36 | 00,014,336 | ---- | M] (Microsoft Corporation) -> Cached Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18 \ OS Copy = 27C6D03BCDB8CFEB96B716F3D8BE3E18 C:\WINDOWS\servicepackfiles\i386\taskmgr.exe [2008/04/13 19:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\taskmgr.exe [2008/04/13 19:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -> Cached Copy = 2CD1C3506A85B38E2D17E61ADED175C4 \ OS Copy = 2CD1C3506A85B38E2D17E61ADED175C4 C:\WINDOWS\servicepackfiles\i386\userinit.exe [2008/04/13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\userinit.exe [2008/04/13 19:12:38 | 00,026,112 | ---- | M] (Microsoft Corporation) -> Cached Copy = A93AEE1928A9D7CE3E16D24EC7380F89 \ OS Copy = A93AEE1928A9D7CE3E16D24EC7380F89 C:\WINDOWS\servicepackfiles\i386\winlogon.exe [2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> C:\WINDOWS\system32\winlogon.exe [2008/04/13 19:12:39 | 00,507,904 | ---- | M] (Microsoft Corporation) -> Cached Copy = ED0EF0A136DEC83DF69F04118870003E \ OS Copy = ED0EF0A136DEC83DF69F04118870003E [CatchMe Rootkit Scan by GMER] < Windows folder & sub-folders > scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 < Document and Settings folder & sub folders > scanning hidden files ... C:\Documents and Settings\David Nyczepir\Favorites\2008 10Best Cars - 10Best Cars - Best-Worst Lists - High Performance - Hot Lists - Reviews - Car and Driver - Car And Driver.url:favicon 1406 bytes C:\Documents and Settings\David Nyczepir\Favorites\2008 Presidential Candidates Campaign 2008 The Presidential Field washingtonpost.com.url:favicon 318 bytes C:\Documents and Settings\David Nyczepir\Favorites\AmericanHeritage.com - At Home in Edenton.url:favicon 1150 bytes C:\Documents and Settings\David Nyczepir\Favorites\I accidentally a fleshlight - The Rogan Board.url:favicon 29926 bytes C:\Documents and Settings\David Nyczepir\Favorites\InterfaceLIFT Wallpaper Walenstadtberg.url:favicon 1150 bytes C:\Documents and Settings\David Nyczepir\Favorites\Mail & Guardian Online The smart news source.url:favicon 3638 bytes C:\Documents and Settings\David Nyczepir\Favorites\Original Series, Featured Artists & Funny Videos on Super Deluxe.url:favicon 1150 bytes C:\Documents and Settings\David Nyczepir\Favorites\Paladin builds - WoWWiki - Your guide to the World of Warcraft.url:favicon 894 bytes C:\Documents and Settings\David Nyczepir\Favorites\The Economist.url:favicon 1406 bytes C:\Documents and Settings\David Nyczepir\Favorites\Troj-Virtum-Gen infecting my computer [CLOSED].url:favicon 22486 bytes C:\Documents and Settings\David Nyczepir\Favorites\Video on How to Activate the S-Video Output on a computer.url:favicon 6598 bytes C:\Documents and Settings\David Nyczepir\Favorites\Washington Post.url:favicon 318 bytes C:\Documents and Settings\David Nyczepir\Favorites\Welcome to Chowan County, N.C. -- Chowan County Courthouse.url:favicon 1350 bytes C:\Documents and Settings\David Nyczepir\Favorites\Welcome to Flickr - Photo Sharing.url:favicon 1150 bytes C:\Documents and Settings\David Nyczepir\Favorites\[EDITED] Patch 3.0.2 primer for Warlocks - WoW Insider.url:favicon 3638 bytes C:\Documents and Settings\David Nyczepir\Favorites\The College of William and Mary Login - powered by SunGard Higher Education.url:favicon 21630 bytes scan completed successfully hidden files: 33 [Custom Scans] < %systemroot%\Prefetch\*.* /s > C:\WINDOWS\Prefetch\ -> C:\WINDOWS\Prefetch -> [2008/12/03 20:45:55 | 00,000,000 | ---D | M] ALUPDATE.EXE-3A543EEB.pf -> C:\WINDOWS\Prefetch\ALUPDATE.EXE -> [2008/12/03 20:28:51 | 00,032,070 | ---- | M] () CATCHME.EXE-1461E410.pf -> C:\WINDOWS\Prefetch\CATCHME.EXE -> [2008/12/03 20:36:02 | 00,015,916 | ---- | M] () DLCCJSWX.EXE-071BE6D2.pf -> C:\WINDOWS\Prefetch\DLCCJSWX.EXE -> [2008/12/03 20:30:12 | 00,019,976 | ---- | M] () DLCCPSWX.EXE-2BA9239A.pf -> C:\WINDOWS\Prefetch\DLCCPSWX.EXE -> [2008/12/03 20:30:12 | 00,031,660 | ---- | M] () HIJACKTHIS.EXE-241EE54E.pf -> C:\WINDOWS\Prefetch\HIJACKTHIS.EXE -> [2008/12/03 20:02:14 | 00,029,366 | ---- | M] () IEXPLORE.EXE-2D97EBE6.pf -> C:\WINDOWS\Prefetch\IEXPLORE.EXE -> [2008/12/03 20:18:05 | 00,078,978 | ---- | M] () KILLBOX[1].EXE-2A91B4D1.pf -> C:\WINDOWS\Prefetch\KILLBOX[1].EXE -> [2008/12/03 19:35:57 | 00,020,312 | ---- | M] () layout.ini -> C:\WINDOWS\Prefetch\layout.ini -> [2008/12/03 17:56:24 | 00,775,762 | ---- | M] () LOGON.SCR-24ADF392.pf -> C:\WINDOWS\Prefetch\LOGON.SCR -> [2008/12/03 20:45:55 | 00,015,782 | ---- | M] () MPCMDRUN.EXE-177DBF1A.pf -> C:\WINDOWS\Prefetch\MPCMDRUN.EXE -> [2008/12/03 19:08:39 | 00,051,814 | ---- | M] () MSIEXEC.EXE-330626DC.pf -> C:\WINDOWS\Prefetch\MSIEXEC.EXE -> [2008/12/03 20:06:58 | 00,072,852 | ---- | M] () MTSAXINSTALLER.EXE-20C74137.pf -> C:\WINDOWS\Prefetch\MTSAXINSTALLER.EXE -> [2008/12/03 19:23:30 | 00,021,172 | ---- | M] () NOTEPAD.EXE-2F2D61E1.pf -> C:\WINDOWS\Prefetch\NOTEPAD.EXE -> [2008/12/03 20:02:21 | 00,024,060 | ---- | M] () OTSCANIT2.EXE-0115C50F.pf -> C:\WINDOWS\Prefetch\OTSCANIT2.EXE -> [2008/12/03 20:22:37 | 00,017,474 | ---- | M] () OTSCANIT2.EXE-38CDE46B.pf -> C:\WINDOWS\Prefetch\OTSCANIT2.EXE -> [2008/12/03 20:24:31 | 00,026,702 | ---- | M] () RUNDLL32.EXE-4532DDE6.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/03 20:06:48 | 00,083,804 | ---- | M] () RUNDLL32.EXE-4FF9832D.pf -> C:\WINDOWS\Prefetch\RUNDLL32.EXE -> [2008/12/03 20:29:30 | 00,018,124 | ---- | M] () SAVMAIN.EXE-37FE50B1.pf -> C:\WINDOWS\Prefetch\SAVMAIN.EXE -> [2008/12/03 20:17:54 | 00,023,450 | ---- | M] () VIEWPOINTSERVICE.EXE-1082C90D.pf -> C:\WINDOWS\Prefetch\VIEWPOINTSERVICE.EXE -> [2008/12/03 19:23:31 | 00,020,568 | ---- | M] () VIRTUMUNDOBEGONE.EXE-03E44635.pf -> C:\WINDOWS\Prefetch\VIRTUMUNDOBEGONE.EXE -> [2008/12/03 19:41:20 | 00,021,838 | ---- | M] () VMPREMOV.EXE-0FB3AAA1.pf -> C:\WINDOWS\Prefetch\VMPREMOV.EXE -> [2008/12/03 19:23:35 | 00,028,540 | ---- | M] () VUNDOFIX.EXE-3B1D0C06.pf -> C:\WINDOWS\Prefetch\VUNDOFIX.EXE -> [2008/12/03 18:59:30 | 00,070,774 | ---- | M] () WMIPRVSE.EXE-0D449B4F.pf -> C:\WINDOWS\Prefetch\WMIPRVSE.EXE -> [2008/12/03 20:02:16 | 00,030,810 | ---- | M] () WSCNTFY.EXE-0B14C27D.pf -> C:\WINDOWS\Prefetch\WSCNTFY.EXE -> [2008/12/03 20:15:32 | 00,009,972 | ---- | M] () < %systemroot%\system32\drivers\*.dat > < %systemroot%\Temp\bca4e2da.$$$ > < %systemroot%\Temp\ed47fa.$ > < %systemroot%\Temp\fa56d7ec.$$$ > < %systemroot%\System32\antiwpa.dll > < %PROGRAMFILES%\*crack*. > Program Files -> C:\Program Files -> [2008/12/03 18:37:13 | 00,000,000 | ---D | M] < %PROGRAMFILES%\*keygen*. > Program Files -> C:\Program Files -> [2008/12/03 18:37:13 | 00,000,000 | ---D | M] < %SYSTEMDRIVE%\*crack*. > OTScanIt2 -> C: -> [2008/12/03 20:35:55 | 00,000,000 | ---D | M] < %SYSTEMDRIVE%\*keygen*. > OTScanIt2 -> C: -> [2008/12/03 20:35:55 | 00,000,000 | ---D | M] < %SYSTEMDRIVE%\*.zip > < %SYSTEMDRIVE%\*.rar > < %SYSTEMDRIVE%\*.exe > C:\ -> -> [2008/12/03 20:35:55 | 00,000,000 | ---D | M] StubInstaller.exe -> C:\StubInstaller.exe -> [2005/10/31 10:56:00 | 00,700,416 | ---- | M] (LimeWire) < %PROGRAMFILES%\*.zip > < %PROGRAMFILES%\*.rar > < %PROGRAMFILES%\*.exe > Invalid Environment Variable: ALLUSERSDESKTOP Invalid Environment Variable: ALLUSERSDESKTOP Invalid Environment Variable: ALLUSERSDESKTOP < %PROGRAMFILES%\Common Files\*bak*. > Common Files -> C:\Program Files\Common Files -> [2008/09/17 18:23:16 | 00,000,000 | ---D | M] < %systemroot%\SYSTEM32\*bak*. > 10 C:\WINDOWS\SYSTEM32\*.tmp files -> C:\WINDOWS\SYSTEM32\*.tmp -> system32 -> C:\WINDOWS\SYSTEM32 -> [2008/12/03 18:34:09 | 00,000,000 | ---D | M] < %PROGRAMFILES%\*bak*. > Program Files -> C:\Program Files -> [2008/12/03 18:37:13 | 00,000,000 | ---D | M] < End of report > [/code]