Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run regedit.exe [Closed]

Started by samiamnurnot , May 05 2009 11:31 PM

  • This topic is locked This topic is locked

#1
samiamnurnot
Posted 05 May 2009 - 11:31 PM

samiamnurnot

    Member

  • Member
  • PipPip
  • 32 posts
Hope I did this right -

(OTLI LOG) -

OTListIt logfile created on: 5/5/2009 9:37:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\sam\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 79.31 Mb Available Physical Memory | 32.11% Memory free
606.02 Mb Paging File | 296.49 Mb Available in Paging File | 48.92% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 43.73 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.46 Gb Total Space | 7.46 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUTER
Current User Name: sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\PRISMSVR.EXE (Conexant Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\2Wire Wireless\Client Manager\CmTWO.exe ()
PRC - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE (2Wire Inc.)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\update\update.exe (Microsoft Corporation)
PRC - C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe (mozilla.org)
PRC - C:\Documents and Settings\sam\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Iprip [Auto | Running]) -- C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (p2pgasvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (SimpTcp [Auto | Running]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (StumbleUponUpdateService [On_Demand | Stopped]) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (i81x [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (tffsport [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\tffsport.sys (M-Systems)
DRV - (WlanUIG [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\WlanUIG.sys ( )

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\SeaMonkey 1.1.16\Extensions\\Components: C:\PROGRAM FILES\MOZILLA.ORG\SEAMONKEY\COMPONENTS [2009/04/24 16:52:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.16\Extensions\\Plugins: C:\PROGRAM FILES\MOZILLA.ORG\SEAMONKEY\PLUGINS [2009/04/24 16:20:58 | 00,000,000 | ---D | M]

[2009/01/29 03:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\mozilla\Profiles\default\n45fxa3j.slt\extensions
[2009/01/29 03:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\mozilla\Profiles\default\n45fxa3j.slt\extensions\{31E65147-5A53-4e52-8A64-FF7EBFA36D76}

O1 HOSTS File: (156 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY (Conexant Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" ()
O4 - HKCU..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo (mozilla.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client Manager.lnk = C:\Program Files\2Wire Wireless\Client Manager\CmTWO.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE (2Wire Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\sam\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [PNRP Cloud Namespace Provider] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [PNRP Name Namespace Provider] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1234145290828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/23 07:42:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eeda5238-e95c-11dd-a6ea-0060b30bf831}\Shell\AutoRun\command - "" = F:\driver\usb\–Ό‡‘Š•†‘Ν€ŒŽ
O33 - MountPoints2\{eeda5238-e95c-11dd-a6ea-0060b30bf831}\Shell\open\command - "" = F:\driver\usb\–Ό‡‘Š•†‘Ν€ŒŽ
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/05 21:33:48 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sam\Desktop\OTListIt2.exe
[2009/05/05 21:31:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/05/05 21:30:13 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/05 21:29:28 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\Rooter.exe
[2009/05/05 19:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/05/05 19:00:27 | 00,022,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/05/05 19:00:27 | 00,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/05/05 19:00:24 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/05/05 19:00:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/05/05 18:31:40 | 00,001,709 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/05 18:31:39 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/05 18:31:38 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/05 18:31:38 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/05 18:31:36 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/05 18:31:34 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/05 18:31:34 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/05 18:31:33 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/05 18:31:33 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/05 18:31:15 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/05 18:31:15 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/05/05 18:31:15 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/05 18:31:12 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/05 18:04:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Malwarebytes
[2009/05/05 18:04:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/05 18:04:08 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 18:04:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/05 18:04:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/05 18:04:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/05 18:02:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/05 18:01:43 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\NTREGOPT.lnk
[2009/05/05 18:01:43 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\ERUNT.lnk
[2009/05/05 18:01:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/05 16:54:20 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\sam\Desktop\avast_home_setup.exe
[2009/05/05 16:48:28 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\sam\Desktop\mbam-setup.exe
[2009/05/05 16:47:21 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\sam\Desktop\erunt_setup.exe
[2009/05/05 00:41:20 | 00,000,121 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Files named .exe.fnd
[2009/05/03 12:49:20 | 00,008,185 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\photo gallery layout01.drw
[2009/05/03 09:38:27 | 01,263,689 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Grandma'sHouse.psd
[2009/05/03 07:18:23 | 00,390,429 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\ironpage template.jpg
[2009/05/03 06:29:44 | 00,124,212 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\PushMeButton.jpg
[2009/05/03 06:29:28 | 00,757,016 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\PushMeButton.psd
[2009/05/03 03:30:27 | 01,398,908 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\idiots-guide-to-photoshop.pdf
[2009/05/01 20:06:31 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\K-Sudoku Archive.xls
[2009/05/01 19:49:24 | 00,104,448 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 5-1b.xls
[2009/05/01 19:32:23 | 00,102,912 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - BLANK.xlt
[2009/05/01 19:30:34 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\K-SudokuPuzzlesCompleted.xls
[2009/05/01 19:21:10 | 00,102,400 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 5-01.xls
[2009/05/01 17:34:28 | 62,421,856 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\X11Tiger.zip
[2009/05/01 13:55:44 | 00,097,792 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-30.xls
[2009/04/30 16:48:50 | 00,009,509 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\peter'sroom.drw
[2009/04/29 20:30:52 | 00,101,888 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-29.xls
[2009/04/28 23:03:02 | 01,479,071 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\orange-snapdragons.psd
[2009/04/28 17:59:20 | 00,000,000 | R--D | C] -- C:\Documents and Settings\sam\My Documents\Shareaza Downloads
[2009/04/28 17:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\Shareaza
[2009/04/28 17:59:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Shareaza
[2009/04/28 17:57:00 | 06,745,696 | ---- | C] (Shareaza Development Team ) -- C:\Documents and Settings\sam\Desktop\Shareaza_2.4.0.0.exe
[2009/04/28 11:11:35 | 00,104,448 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-28.xls
[2009/04/28 08:39:57 | 00,022,284 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\orange-snapdragons.jpg
[2009/04/28 08:32:27 | 00,284,112 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\okefenokee-swamp-gaok1.jpg
[2009/04/28 08:31:53 | 00,008,275 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\lilyPad.jpg
[2009/04/28 08:03:12 | 03,202,009 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\PIA11084.jpg
[2009/04/28 05:53:53 | 00,028,964 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\l_f953771e65fc436c94bae600a43ce620.jpg
[2009/04/28 04:36:45 | 00,040,367 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\paper_design3.jpg
[2009/04/28 00:18:55 | 00,107,622 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\DrillChart.gif
[2009/04/28 00:14:41 | 00,010,669 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\thread_size_english.htm
[2009/04/28 00:14:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\My Documents\thread_size_english_files
[2009/04/27 21:53:51 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/27 21:53:45 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/27 21:53:44 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/04/27 21:50:15 | 00,001,588 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\LimeWire PRO 4.12.3.lnk
[2009/04/27 21:50:12 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/04/27 21:12:35 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\bookmarks-1.html
[2009/04/26 15:54:51 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\4224 4229.doc
[2009/04/26 05:05:10 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Pen Tool cheat.doc
[2009/04/26 03:44:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\My Documents\2008 Tax [bleep]
[2009/04/25 00:59:35 | 00,216,523 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\img011.jpg
[2009/04/25 00:42:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Desktop\Unused Desktop Shortcuts
[2009/04/24 16:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Apple Computer
[2009/04/24 16:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/24 16:11:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/24 16:11:18 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/24 16:11:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/24 14:14:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Local Settings\Apps
[2009/04/24 11:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Incomplete
[2009/04/24 02:17:47 | 03,573,529 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\DrawBerry_0.7.zip
[2009/04/24 01:57:25 | 00,157,787 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\sudoku_latest.zip
[2009/04/24 01:56:13 | 00,282,409 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\SudokuFun.wdgt.zip
[2009/04/24 01:47:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\levelwidget
[2009/04/24 01:45:15 | 00,258,264 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\levelwidget.wdgt.zip
[2009/04/23 23:48:11 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Network Info - 2wire052.xls
[2009/04/22 11:49:08 | 00,138,608 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\excelicons.icl
[2009/04/22 11:17:45 | 00,170,816 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Excel.zip
[2009/04/22 11:17:45 | 00,000,082 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\._Excel.zip
[2009/04/22 08:47:56 | 00,008,590 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\back.gif
[2009/04/22 03:24:22 | 00,087,040 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\ksudoku-E.doc
[2009/04/22 00:42:39 | 00,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2009/04/22 00:30:00 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\drivers\tffsport.sys
[2009/04/22 00:30:00 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2009/04/21 14:11:56 | 28,613,71134 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\osx-leopard105.dmg
[2009/04/18 19:15:05 | 00,120,320 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\longest list of bumperstickers!.xls
[2009/04/18 15:41:36 | 00,064,000 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\101 Photoshop Tips.doc
[2009/04/18 12:29:05 | 00,626,688 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTImageFile.dll
[2009/04/18 12:29:05 | 00,249,856 | ---- | C] (Online Media Technologies Company Ltd.) -- C:\WINDOWS\System32\NCTQuickTimeFile.dll
[2009/04/18 12:29:03 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/04/18 12:29:03 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2009/04/18 12:29:01 | 00,421,888 | ---- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaSplitter.ax
[2009/04/18 12:29:00 | 00,000,000 | ---D | C] -- C:\Program Files\Apex
[2009/04/18 12:28:13 | 00,000,000 | ---D | C] -- C:\Program Files\ALLPlayer
[2009/04/18 09:34:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\My Documents\car
[2009/04/18 09:33:58 | 00,917,117 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\car.7z
[2009/04/18 08:31:22 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Quotes.doc
[2009/04/18 07:28:33 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\G.W.Bush - Condolizza Rice.xls
[2009/04/17 15:58:50 | 00,219,087 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\joke_FarSideFrog_Gary_Larson.jpg
[2009/04/17 13:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\My Documents\Leawo
[2009/04/17 13:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Leawo
[2009/04/17 13:10:09 | 00,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2009/04/17 13:10:06 | 00,000,000 | ---D | C] -- C:\Program Files\Leawo
[2009/04/14 18:20:20 | 00,104,921 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\bookmarks.html
[2009/04/13 07:33:19 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/04/13 07:33:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/04/13 07:33:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009/04/13 07:10:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Desktop\Release_NET20_2.0
[2009/04/13 06:53:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/04/13 01:05:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Opera
[2009/04/13 01:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/04/11 20:05:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\MAGIX
[2009/04/11 20:05:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009/04/11 20:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xara
[2009/04/11 20:04:59 | 01,233,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4.dll
[2009/04/11 20:04:59 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2009/04/11 20:04:59 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2009/04/11 20:04:26 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/04/11 20:04:26 | 00,000,000 | ---D | C] -- C:\Program Files\Xara
[2009/04/11 20:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Xara
[2009/04/11 20:03:59 | 00,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2009/04/11 20:03:59 | 00,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/11 20:03:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2009/04/07 13:17:12 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/04/07 12:19:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\My Documents\Downloads
[2009/04/07 12:14:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\BitTorrent
[2009/04/07 12:13:32 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/04/07 10:57:05 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Hey Megan.doc
[2009/04/06 17:49:43 | 00,214,528 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Exit Magic Mountain Pkwy.doc
[2009/03/01 19:50:44 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\dfxdSm.dll
[2009/03/01 19:50:44 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dfxcSm.dll
[2009/03/01 19:50:43 | 00,315,392 | ---- | C] () -- C:\WINDOWS\System32\dfxgSm.dll
[2009/02/15 23:10:47 | 00,000,157 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/15 16:48:30 | 00,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2009/02/11 12:46:47 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS50.DLL
[2009/02/07 02:54:04 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/02/01 04:13:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/28 16:47:33 | 01,513,984 | ---- | C] () -- C:\WINDOWS\System32\MgxRdr80.dll
[2009/01/28 16:47:33 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/01/28 16:47:18 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/01/28 16:47:18 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/01/28 16:46:54 | 00,001,045 | ---- | C] () -- C:\WINDOWS\Mgxclean.sys
[2009/01/23 08:31:55 | 00,347,648 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\WlanUIG.sys
[2004/08/16 17:49:43 | 00,000,546 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/16 17:49:34 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/03 17:56:44 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/07/17 04:36:38 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1997/08/23 12:33:24 | 00,022,104 | ---- | C] () -- C:\WINDOWS\System32\tntlvr.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/05 21:35:44 | 00,104,921 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\bookmarks.html
[2009/05/05 21:33:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sam\Desktop\OTListIt2.exe
[2009/05/05 21:29:24 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\Rooter.exe
[2009/05/05 19:01:47 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/05 19:01:47 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/05 19:01:46 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/05 18:57:30 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\sam\Local Settings\desktop.ini
[2009/05/05 18:57:27 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/05 18:57:16 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/05 18:31:40 | 00,001,709 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/05 18:31:34 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/05 18:12:49 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/05 18:04:08 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 18:01:43 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\NTREGOPT.lnk
[2009/05/05 18:01:43 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\ERUNT.lnk
[2009/05/05 16:54:17 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\sam\Desktop\avast_home_setup.exe
[2009/05/05 16:49:31 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\sam\Desktop\mbam-setup.exe
[2009/05/05 16:47:22 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\sam\Desktop\erunt_setup.exe
[2009/05/05 00:41:20 | 00,000,121 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Files named .exe.fnd
[2009/05/04 13:06:01 | 00,102,912 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - BLANK.xlt
[2009/05/03 22:45:26 | 00,252,416 | -HS- | M] () -- C:\Documents and Settings\sam\My Documents\Thumbs.db
[2009/05/03 22:23:19 | 00,124,212 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\PushMeButton.jpg
[2009/05/03 22:23:00 | 00,757,016 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\PushMeButton.psd
[2009/05/03 16:50:18 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/03 15:03:27 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\K-Sudoku Archive.xls
[2009/05/03 12:49:20 | 00,008,185 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\photo gallery layout01.drw
[2009/05/03 09:39:23 | 01,263,689 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Grandma'sHouse.psd
[2009/05/03 07:18:26 | 00,390,429 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\ironpage template.jpg
[2009/05/03 06:07:26 | 00,296,448 | ---- | M] () -- C:\WINDOWS\Xenofex.ini
[2009/05/03 03:30:27 | 01,398,908 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\idiots-guide-to-photoshop.pdf
[2009/05/01 19:54:23 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\K-SudokuPuzzlesCompleted.xls
[2009/05/01 19:49:24 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 5-1b.xls
[2009/05/01 19:23:57 | 00,102,400 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 5-01.xls
[2009/05/01 13:55:44 | 00,097,792 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-30.xls
[2009/04/30 16:52:02 | 00,009,509 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\peter'sroom.drw
[2009/04/30 16:51:01 | 00,000,546 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/29 20:38:04 | 00,101,888 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-29.xls
[2009/04/28 23:03:04 | 01,479,071 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\orange-snapdragons.psd
[2009/04/28 17:57:46 | 06,745,696 | ---- | M] (Shareaza Development Team ) -- C:\Documents and Settings\sam\Desktop\Shareaza_2.4.0.0.exe
[2009/04/28 17:44:24 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-28.xls
[2009/04/28 08:40:02 | 00,022,284 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\orange-snapdragons.jpg
[2009/04/28 08:32:27 | 00,284,112 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\okefenokee-swamp-gaok1.jpg
[2009/04/28 08:31:54 | 00,008,275 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\lilyPad.jpg
[2009/04/28 08:03:34 | 03,202,009 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\PIA11084.jpg
[2009/04/28 05:53:54 | 00,028,964 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\l_f953771e65fc436c94bae600a43ce620.jpg
[2009/04/28 04:36:45 | 00,040,367 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\paper_design3.jpg
[2009/04/28 00:18:56 | 00,107,622 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\DrillChart.gif
[2009/04/28 00:14:41 | 00,010,669 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\thread_size_english.htm
[2009/04/28 00:10:38 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\drill index.xls
[2009/04/27 21:50:15 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\LimeWire PRO 4.12.3.lnk
[2009/04/27 21:12:35 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\bookmarks-1.html
[2009/04/27 15:19:09 | 62,421,856 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\X11Tiger.zip
[2009/04/27 14:22:21 | 28,613,71134 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\osx-leopard105.dmg
[2009/04/26 15:56:15 | 00,078,336 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\4224 4229.doc
[2009/04/26 05:05:11 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Pen Tool cheat.doc
[2009/04/25 01:15:19 | 00,216,523 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\img011.jpg
[2009/04/24 02:22:01 | 03,573,529 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\DrawBerry_0.7.zip
[2009/04/24 01:57:22 | 00,157,787 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\sudoku_latest.zip
[2009/04/24 01:56:10 | 00,282,409 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\SudokuFun.wdgt.zip
[2009/04/24 01:44:48 | 00,258,264 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\levelwidget.wdgt.zip
[2009/04/24 00:12:27 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Network Info - 2wire052.xls
[2009/04/22 11:49:08 | 00,138,608 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\excelicons.icl
[2009/04/22 11:18:00 | 00,017,408 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\Thumbs.db
[2009/04/22 11:17:46 | 00,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2009/04/22 11:17:46 | 00,000,082 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\._Excel.zip
[2009/04/22 03:24:24 | 00,087,040 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\ksudoku-E.doc
[2009/04/18 19:15:05 | 00,120,320 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\longest list of bumperstickers!.xls
[2009/04/18 15:41:36 | 00,064,000 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\101 Photoshop Tips.doc
[2009/04/18 09:33:59 | 00,917,117 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\car.7z
[2009/04/18 09:29:50 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Quotes.doc
[2009/04/18 07:28:33 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\G.W.Bush - Condolizza Rice.xls
[2009/04/17 15:55:06 | 00,219,087 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\joke_FarSideFrog_Gary_Larson.jpg
[2009/04/13 13:05:05 | 00,239,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/13 06:38:09 | 00,011,189 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2009/04/11 20:03:59 | 00,006,211 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/10 00:16:07 | 00,118,784 | ---- | M] () -- C:\WINDOWS\SeaMonkeyUninstall.exe
[2009/04/10 00:15:46 | 00,118,784 | ---- | M] () -- C:\WINDOWS\GREUninstall.exe
[2009/04/07 13:17:43 | 00,009,728 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/04/07 10:57:06 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Hey Megan.doc
[2009/04/06 22:46:21 | 00,070,221 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\pork-barrel fat.jpg
[2009/04/06 17:49:44 | 00,214,528 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Exit Magic Mountain Pkwy.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\osx-leopard105.dmg:SummaryInformation
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\sam\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\sam\My Documents\My Videos:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\sam\My Documents\My Music:Shareaza.GUID
< End of report >


(EXTRAS LOG)

OTListIt Extras logfile created on: 5/5/2009 9:37:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\sam\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 79.31 Mb Available Physical Memory | 32.11% Memory free
606.02 Mb Paging File | 296.49 Mb Available in Paging File | 48.92% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 43.73 Gb Free Space | 58.72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.46 Gb Total Space | 7.46 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUTER
Current User Name: sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = MozillaHTML] -- C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe (mozilla.org)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java™ Platform SE binary (Sun Microsystems, Inc.)
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)
C:\Program Files\DexterWire\DexterWire.exe:*:Enabled:DexterWire File not found
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire ()
C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza (Shareaza Development Team)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6408565A-7F69-461A-B9F9-71DEEC31E985}_is1" = Audio Recorder 1.1
"{6882B3A9-AB98-4ABA-A623-2979FBEA5F9F}_is1" = Moyea FLV Player version 1.6.2.2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A3BC5D37-30F9-4CF7-BD5C-0DFF063E4B6D}" = 2Wire Wireless Client
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{ECD81BDE-FB56-4B2B-A98D-34E381286B7F}" = 2Wire Wireless Client Manager V3.02
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALLPlayer_is1" = ALLPlayer V3.X
"avast!" = avast! Antivirus
"CANONBJ_Deinstall_CNMCP50.DLL" = Canon i250
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Eye Candy 4000" = Eye Candy 4000
"IrfanView" = IrfanView (remove only)
"LimeWire" = LimeWire PRO 4.12.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microangelo Toolset 6" = Microangelo Toolset 6
"Micrografx All In One Web Graphics" = Micrografx All In One Web Graphics
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"RealPlayer 6.0" = RealPlayer
"SC Audio CD creator_is1" = SC Audio CD creator 3.5.0.0
"SeaMonkey (1.1.16)" = SeaMonkey (1.1.16)
"Shareaza_is1" = Shareaza 2.4.0.0
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"WindowsDraw6" = Micrografx Windows Draw 6
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"Xenofex 1.0" = Xenofex 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Widget Engine" = Yahoo! Widgets

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/13/2009 1:15:04 AM | Computer Name = PUTER | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20090.40306, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/13/2009 1:23:08 AM | Computer Name = PUTER | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20090.40306, faulting
module js3250.dll, version 4.0.0.0, fault address 0x0003285e.

Error - 4/13/2009 1:27:24 AM | Computer Name = PUTER | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20090.40306, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/13/2009 1:33:41 AM | Computer Name = PUTER | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20090.40306, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/13/2009 3:58:02 AM | Computer Name = PUTER | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20090.40306, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/13/2009 9:26:00 AM | Computer Name = PUTER | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20090.40306, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/13/2009 1:55:11 PM | Computer Name = PUTER | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20090.40306, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/14/2009 2:35:46 AM | Computer Name = PUTER | Source = Application Error | ID = 1000
Description = Faulting application msimn.exe, version 6.0.2900.2180, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/14/2009 2:37:00 AM | Computer Name = PUTER | Source = Application Error | ID = 1000
Description = Faulting application seamonkey.exe, version 1.8.20090.40306, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/14/2009 2:38:06 AM | Computer Name = PUTER | Source = Application Error | ID = 1000
Description = Faulting application opera.exe, version 9.64.10487.0, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

[ System Events ]
Error - 4/24/2009 2:09:12 PM | Computer Name = PUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2009 2:09:12 PM | Computer Name = PUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/24/2009 2:09:13 PM | Computer Name = PUTER | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 4/25/2009 3:39:59 AM | Computer Name = PUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/25/2009 3:39:59 AM | Computer Name = PUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/25/2009 3:39:59 AM | Computer Name = PUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 4/26/2009 7:58:26 AM | Computer Name = PUTER | Source = Print | ID = 6161
Description = The document Drawing1 owned by sam failed to print on printer Canon
i250. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes
printed: 0. Total number of pages in the document: 1. Number of pages printed:
0. Client machine: \\PUTER. Win32 error code returned by the print processor: 259
(0x103).

Error - 4/27/2009 2:45:24 PM | Computer Name = PUTER | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
BUBBLESANGEL that believes that it is the master browser for the domain on transport
NetBT_Tcpip_{68CA4C78-AE74-4. The master browser is stopping or an election is being
forced.

Error - 4/29/2009 11:04:07 PM | Computer Name = PUTER | Source = DCOM | ID = 10016
Description = The application-specific permission settings do not grant Local Launch
permission for the COM Server application with CLSID {D851F103-8C90-4321-AFF0-58BA5BD421C2}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be
modified using the Component Services administrative tool.

Error - 5/5/2009 9:12:59 PM | Computer Name = PUTER | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde tffsport


< End of report >


(ROOTER LOG) -

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 2

C:\ [Fixed] - NTFS - (Total:76253 Mo/Free:3906 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
E:\ [Removable] (Total:7640 Mo/Free:3544 Mo)

Tue 05/05/2009|21:30

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
---------- C:\WINDOWS\system32\tcpsvcs.exe
---------- C:\WINDOWS\System32\snmp.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Analog Devices\Core\smax4pnp.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\WINDOWS\system32\PRISMSVR.EXE
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\Program Files\2Wire Wireless\Client Manager\CmTWO.exe
---------- C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
---------- C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Tue 05/05/2009|21:30

----------------------\\ Scan completed at 21:30


:)

Thank you...
  • 0

Advertisements

#2
Essexboy
Posted 09 May 2009 - 12:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there and sorry for the delay - lets do a quick and dirty clean first and then see what is what

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O4 - HKCU..\Run: [ALLUpdate] "C:\Program Files\ALLPlayer\ALLUpdate.exe" "sleep" ()

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#3
samiamnurnot
Posted 09 May 2009 - 01:35 PM

samiamnurnot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here's the new log:

========== OTLISTIT ==========
91.212.65.122 browser-security.microsoft.com removed from HOSTS file successfully
91.212.65.122 antiwareprotect.com removed from HOSTS file successfully
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ALLUpdate deleted successfully.
C:\Program Files\ALLPlayer\ALLUpdate.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\sam\Local Settings\Temp\Temporary Internet Files\Content.IE5\KL67C5YB\dref=http%253A%252F[1].htm%2526categoryid%253D%2526only%253Dy%2526bfromind%253D18178%2526pnum%253D2%2526ck%253D%2526cat%253Ddow%2526ch%253Dga%2526ep%253D16173%2526site%253Dattportal scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EZLCHLB\click,5jBaAFmMBwBGYRkA3tYDAAIAFkoAAP8AAAACFwIACgK-5QoALMcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOYjkUkAAAAA,http%3A%2F%2Fpn1.ard.yahoo.com%2FSIG%3D15hmnpq9f%2FM%3D714441[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temp\Temporary Internet Files\Content.IE5\63QMG8BN\dref=http%253A%252F%252Fwww.att.net%252Fs%252Fs[1].dll%253Fep%253D16180%2526only%253Dy%2526ch%253Dga%2526_lid%253D135%2526_lnm%253Dleftnav+games%2526site%253Dattportal scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temp\~DFB45C.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temp\~DFB57F.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_12c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5bc.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_78.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05092009_122531

Files moved on Reboot...
File C:\Documents and Settings\sam\Local Settings\Temp\Temporary Internet Files\Content.IE5\KL67C5YB\dref=http%253A%252F[1].htm%2526categoryid%253D%2526only%253Dy%2526bfromind%253D18178%2526pnum%253D2%2526ck%253D%2526cat%253Ddow%2526ch%253Dga%2526ep%253D16173%2526site%253Dattportal not found!
File C:\Documents and Settings\sam\Local Settings\Temp\Temporary Internet Files\Content.IE5\6EZLCHLB\click,5jBaAFmMBwBGYRkA3tYDAAIAFkoAAP8AAAACFwIACgK-5QoALMcFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOYjkUkAAAAA,http%3A%2F%2Fpn1.ard.yahoo.com%2FSIG%3D15hmnpq9f%2FM%3D714441[1].htm not found!
File C:\Documents and Settings\sam\Local Settings\Temp\Temporary Internet Files\Content.IE5\63QMG8BN\dref=http%253A%252F%252Fwww.att.net%252Fs%252Fs[1].dll%253Fep%253D16180%2526only%253Dy%2526ch%253Dga%2526_lid%253D135%2526_lnm%253Dleftnav+games%2526site%253Dattportal not found!
File C:\Documents and Settings\sam\Local Settings\Temp\~DFB45C.tmp not found!
File C:\Documents and Settings\sam\Local Settings\Temp\~DFB57F.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_12c.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_5bc.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_78.dat not found!

Registry entries deleted on Reboot...


Thank you.
  • 0

#4
Essexboy
Posted 09 May 2009 - 01:38 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could I have a new otlistit log please :)


  • Download OTListIt2 to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

  • 0

#5
samiamnurnot
Posted 09 May 2009 - 04:11 PM

samiamnurnot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here's the new OTListIt2 log...:

OTListIt logfile created on: 5/9/2009 3:05:49 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\sam\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 113.66 Mb Available Physical Memory | 46.02% Memory free
606.01 Mb Paging File | 383.35 Mb Available in Paging File | 63.26% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 41.76 Gb Free Space | 56.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PUTER
Current User Name: sam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\system32\PRISMSVR.EXE (Conexant Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\2Wire Wireless\Client Manager\CmTWO.exe ()
PRC - C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE (2Wire Inc.)
PRC - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe (mozilla.org)
PRC - C:\Documents and Settings\sam\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Auto | Running]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Stopped]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (Iprip [Auto | Running]) -- C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LPDSVC [On_Demand | Stopped]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (p2pgasvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\p2pgasvc.dll (Microsoft Corporation)
SRV - (SimpTcp [Auto | Running]) -- C:\WINDOWS\system32\tcpsvcs.exe (Microsoft Corporation)
SRV - (SNMP [Auto | Running]) -- C:\WINDOWS\System32\snmp.exe (Microsoft Corporation)
SRV - (StumbleUponUpdateService [On_Demand | Stopped]) -- C:\Program Files\StumbleUpon\StumbleUponUpdateService.exe (stumbleupon.com)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (i81x [System | Stopped]) -- C:\WINDOWS\system32\DRIVERS\i81xnt5.sys (Intel® Corporation)
DRV - (MDC8021X [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\system32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (tffsport [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\tffsport.sys (M-Systems)
DRV - (WlanUIG [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\WlanUIG.sys ( )

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\SeaMonkey 1.1.16\Extensions\\Components: C:\PROGRAM FILES\MOZILLA.ORG\SEAMONKEY\COMPONENTS [2009/04/24 16:52:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 1.1.16\Extensions\\Plugins: C:\PROGRAM FILES\MOZILLA.ORG\SEAMONKEY\PLUGINS [2009/04/24 16:20:58 | 00,000,000 | ---D | M]

[2009/01/29 03:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\mozilla\Profiles\default\n45fxa3j.slt\extensions
[2009/01/29 03:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\sam\Application Data\mozilla\Profiles\default\n45fxa3j.slt\extensions\{31E65147-5A53-4e52-8A64-FF7EBFA36D76}

O1 HOSTS File: (74 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY (Conexant Systems, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKCU..\Run: [SeaMonkey Quick Launch] "C:\Program Files\mozilla.org\SeaMonkey\SeaMonkey.exe" -turbo (mozilla.org)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client Manager.lnk = C:\Program Files\2Wire Wireless\Client Manager\CmTWO.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\2Wire Wireless Client.lnk = C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE (2Wire Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\sam\Start Menu\Programs\Startup\Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [PNRP Cloud Namespace Provider] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [PNRP Name Namespace Provider] - C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1234145290828 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/23 07:42:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{eeda5238-e95c-11dd-a6ea-0060b30bf831}\Shell\AutoRun\command - "" = F:\driver\usb\–Ό‡‘Š•†‘Ν€ŒŽ
O33 - MountPoints2\{eeda5238-e95c-11dd-a6ea-0060b30bf831}\Shell\open\command - "" = F:\driver\usb\–Ό‡‘Š•†‘Ν€ŒŽ
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/09 13:35:26 | 00,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmpns.dll
[2009/05/09 13:34:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/05/09 13:00:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2009/05/09 12:55:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2009/05/09 12:55:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/05/09 12:55:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/05/09 12:55:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/05/09 12:55:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/05/09 12:55:23 | 00,000,000 | ---D | C] -- C:\Program Files\msn
[2009/05/09 12:52:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/05/09 12:50:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/05/09 12:48:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/05/09 12:46:04 | 00,027,910 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\24711_1.jpg
[2009/05/09 12:43:30 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/05/09 12:43:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/05/09 12:25:31 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/08 20:26:15 | 24,921,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/08 14:27:39 | 00,005,632 | -HS- | C] () -- C:\Documents and Settings\sam\Desktop\Thumbs.db
[2009/05/06 20:41:05 | 00,013,897 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\heart.drw
[2009/05/06 19:01:51 | 00,355,342 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\interface.psd
[2009/05/06 03:01:56 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/05/05 22:04:23 | 00,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2009/05/05 22:04:23 | 00,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2009/05/05 22:04:23 | 00,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2009/05/05 22:04:23 | 00,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2009/05/05 22:04:22 | 00,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2009/05/05 22:04:22 | 00,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2009/05/05 22:04:22 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2009/05/05 22:04:22 | 00,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2009/05/05 22:04:22 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2009/05/05 22:04:22 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2009/05/05 22:04:22 | 00,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2009/05/05 22:04:22 | 00,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2009/05/05 22:04:22 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2009/05/05 22:04:22 | 00,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2009/05/05 22:04:22 | 00,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2009/05/05 22:04:22 | 00,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2009/05/05 22:04:22 | 00,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2009/05/05 22:04:22 | 00,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2009/05/05 22:04:22 | 00,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2009/05/05 22:04:22 | 00,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2009/05/05 22:04:22 | 00,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2009/05/05 22:04:22 | 00,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2009/05/05 22:04:22 | 00,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2009/05/05 22:04:22 | 00,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2009/05/05 22:04:22 | 00,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2009/05/05 22:04:20 | 00,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2009/05/05 22:04:20 | 00,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2009/05/05 22:04:20 | 00,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2009/05/05 22:04:17 | 00,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2009/05/05 22:04:17 | 00,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2009/05/05 22:04:17 | 00,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2009/05/05 22:04:17 | 00,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2009/05/05 22:04:17 | 00,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2009/05/05 22:04:17 | 00,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2009/05/05 22:04:17 | 00,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2009/05/05 22:04:17 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2009/05/05 22:04:17 | 00,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2009/05/05 22:04:16 | 00,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2009/05/05 22:04:14 | 00,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2009/05/05 22:04:13 | 00,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2009/05/05 22:04:12 | 00,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2009/05/05 22:04:11 | 00,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2009/05/05 22:04:10 | 00,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2009/05/05 22:04:09 | 00,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2009/05/05 22:04:09 | 00,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2009/05/05 22:04:09 | 00,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2009/05/05 22:04:07 | 00,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2009/05/05 22:04:07 | 00,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2009/05/05 22:04:07 | 00,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2009/05/05 22:04:07 | 00,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2009/05/05 22:04:07 | 00,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2009/05/05 22:04:06 | 00,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2009/05/05 22:04:01 | 00,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2009/05/05 22:03:47 | 00,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2009/05/05 22:03:47 | 00,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2009/05/05 22:03:47 | 00,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2009/05/05 22:03:47 | 00,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2009/05/05 22:03:47 | 00,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2009/05/05 22:03:47 | 00,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2009/05/05 22:03:47 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2009/05/05 22:03:47 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2009/05/05 22:03:47 | 00,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2009/05/05 22:03:47 | 00,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2009/05/05 22:03:47 | 00,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2009/05/05 22:01:29 | 00,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2009/05/05 21:33:48 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\sam\Desktop\OTListIt2.exe
[2009/05/05 21:30:13 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/05 21:29:28 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\Rooter.exe
[2009/05/05 19:13:32 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthport.sys
[2009/05/05 19:13:32 | 00,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2009/05/05 19:12:56 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/05/05 19:12:56 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/05/05 19:12:56 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/05/05 19:12:56 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/05/05 19:12:55 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/05/05 19:12:55 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/05/05 19:12:55 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/05/05 19:12:55 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/05/05 19:12:55 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/05/05 19:12:53 | 02,145,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2009/05/05 19:12:51 | 02,189,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2009/05/05 19:12:51 | 02,023,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2009/05/05 19:11:38 | 00,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2009/05/05 19:11:29 | 00,455,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2009/05/05 19:11:08 | 00,333,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2009/05/05 19:10:12 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2009/05/05 19:09:26 | 00,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2009/05/05 19:06:58 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/05/05 19:01:58 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/05/05 19:01:56 | 00,689,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp3res.dll
[2009/05/05 19:01:55 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/05/05 19:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/05/05 19:00:27 | 01,846,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2009/05/05 19:00:27 | 00,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2009/05/05 19:00:27 | 00,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2009/05/05 19:00:24 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/05/05 18:31:40 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/05 18:31:39 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/05 18:31:38 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/05 18:31:38 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/05 18:31:36 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/05 18:31:34 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/05 18:31:34 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/05 18:31:33 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/05 18:31:33 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/05 18:31:15 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/05 18:31:15 | 01,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2009/05/05 18:31:15 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/05 18:31:12 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/05 18:04:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Malwarebytes
[2009/05/05 18:04:08 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/05 18:04:08 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 18:04:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/05 18:04:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/05 18:04:04 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/05 18:02:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/05 18:01:43 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\NTREGOPT.lnk
[2009/05/05 18:01:43 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\ERUNT.lnk
[2009/05/05 18:01:42 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/05/05 16:54:20 | 00,308,160 | ---- | C] (ALWIL Software) -- C:\Documents and Settings\sam\Desktop\avast_home_setup.exe
[2009/05/05 16:48:28 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\sam\Desktop\mbam-setup.exe
[2009/05/05 16:47:21 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\sam\Desktop\erunt_setup.exe
[2009/05/05 00:41:20 | 00,000,121 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Files named .exe.fnd
[2009/05/03 12:49:20 | 00,008,185 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\photo gallery layout01.drw
[2009/05/03 09:38:27 | 01,263,689 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Grandma'sHouse.psd
[2009/05/03 07:18:23 | 00,390,429 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\ironpage template.jpg
[2009/05/03 06:29:44 | 00,124,212 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\PushMeButton.jpg
[2009/05/03 06:29:28 | 00,757,016 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\PushMeButton.psd
[2009/05/03 03:30:27 | 01,398,908 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\idiots-guide-to-photoshop.pdf
[2009/05/01 20:06:31 | 00,027,136 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\K-Sudoku Archive.xls
[2009/05/01 19:49:24 | 00,104,448 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 5-1b.xls
[2009/05/01 19:32:23 | 00,102,912 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - BLANK.xlt
[2009/05/01 19:30:34 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\K-SudokuPuzzlesCompleted.xls
[2009/05/01 19:21:10 | 00,102,400 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 5-01.xls
[2009/05/01 13:55:44 | 00,097,792 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-30.xls
[2009/04/30 16:48:50 | 00,009,509 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\peter'sroom.drw
[2009/04/29 20:30:52 | 00,101,888 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-29.xls
[2009/04/28 23:03:02 | 01,479,071 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\orange-snapdragons.psd
[2009/04/28 17:59:20 | 00,000,000 | R--D | C] -- C:\Documents and Settings\sam\My Documents\Shareaza Downloads
[2009/04/28 17:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\Shareaza
[2009/04/28 17:59:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Shareaza
[2009/04/28 17:57:00 | 06,745,696 | ---- | C] (Shareaza Development Team ) -- C:\Documents and Settings\sam\Desktop\Shareaza_2.4.0.0.exe
[2009/04/28 11:11:35 | 00,104,448 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-28.xls
[2009/04/28 08:39:57 | 00,022,284 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\orange-snapdragons.jpg
[2009/04/28 08:32:27 | 00,284,112 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\okefenokee-swamp-gaok1.jpg
[2009/04/28 08:31:53 | 00,008,275 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\lilyPad.jpg
[2009/04/28 08:03:12 | 03,202,009 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\PIA11084.jpg
[2009/04/28 05:53:53 | 00,028,964 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\l_f953771e65fc436c94bae600a43ce620.jpg
[2009/04/28 04:36:45 | 00,040,367 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\paper_design3.jpg
[2009/04/28 00:18:55 | 00,107,622 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\DrillChart.gif
[2009/04/28 00:14:41 | 00,010,669 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\thread_size_english.htm
[2009/04/28 00:14:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\My Documents\thread_size_english_files
[2009/04/27 21:53:51 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/04/27 21:53:45 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/27 21:53:44 | 00,000,000 | ---D | C] -- C:\Program Files\Xvid
[2009/04/27 21:50:15 | 00,001,588 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\LimeWire PRO 4.12.3.lnk
[2009/04/27 21:50:12 | 00,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/04/27 21:12:35 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\bookmarks-1.html
[2009/04/26 15:54:51 | 00,078,336 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\4224 4229.doc
[2009/04/26 05:05:10 | 00,028,160 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Pen Tool cheat.doc
[2009/04/26 03:44:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\My Documents\2008 Tax [bleep]
[2009/04/25 00:59:35 | 00,216,523 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\img011.jpg
[2009/04/25 00:42:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Desktop\Unused Desktop Shortcuts
[2009/04/24 16:21:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Apple Computer
[2009/04/24 16:12:07 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/04/24 16:11:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/04/24 16:11:18 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/04/24 16:11:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/04/24 14:14:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Local Settings\Apps
[2009/04/24 11:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Incomplete
[2009/04/23 23:48:11 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Network Info - 2wire052.xls
[2009/04/22 11:49:08 | 00,138,608 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\excelicons.icl
[2009/04/22 08:47:56 | 00,008,590 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\back.gif
[2009/04/22 03:24:22 | 00,087,040 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\ksudoku-E.doc
[2009/04/22 00:42:39 | 00,006,148 | -H-- | C] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2009/04/22 00:30:00 | 00,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\drivers\tffsport.sys
[2009/04/21 14:11:56 | 28,613,71134 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\osx-leopard105.dmg
[2009/04/18 19:15:05 | 00,120,320 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\longest list of bumperstickers!.xls
[2009/04/18 15:41:36 | 00,064,000 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\101 Photoshop Tips.doc
[2009/04/18 12:29:05 | 00,626,688 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTImageFile.dll
[2009/04/18 12:29:05 | 00,249,856 | ---- | C] (Online Media Technologies Company Ltd.) -- C:\WINDOWS\System32\NCTQuickTimeFile.dll
[2009/04/18 12:29:03 | 01,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2009/04/18 12:29:03 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2009/04/18 12:29:01 | 00,421,888 | ---- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaSplitter.ax
[2009/04/18 12:29:00 | 00,000,000 | ---D | C] -- C:\Program Files\Apex
[2009/04/18 12:28:13 | 00,000,000 | ---D | C] -- C:\Program Files\ALLPlayer
[2009/04/18 09:34:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\My Documents\car
[2009/04/18 09:33:58 | 00,917,117 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\car.7z
[2009/04/18 08:31:22 | 00,051,712 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\Quotes.doc
[2009/04/18 07:28:33 | 00,018,944 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\G.W.Bush - Condolizza Rice.xls
[2009/04/17 15:58:50 | 00,219,087 | ---- | C] () -- C:\Documents and Settings\sam\My Documents\joke_FarSideFrog_Gary_Larson.jpg
[2009/04/17 13:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\My Documents\Leawo
[2009/04/17 13:10:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Leawo
[2009/04/17 13:10:09 | 00,139,264 | ---- | C] (http://www.xvid.org) -- C:\WINDOWS\System32\xvid.ax
[2009/04/17 13:10:06 | 00,000,000 | ---D | C] -- C:\Program Files\Leawo
[2009/04/14 18:20:20 | 00,105,162 | ---- | C] () -- C:\Documents and Settings\sam\Desktop\bookmarks.html
[2009/04/13 07:33:19 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/04/13 07:33:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/04/13 07:33:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009/04/13 07:10:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Desktop\Release_NET20_2.0
[2009/04/13 06:53:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/04/13 01:05:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\Opera
[2009/04/13 01:05:22 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/04/11 20:05:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\sam\Application Data\MAGIX
[2009/04/11 20:05:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2009/04/11 20:05:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xara
[2009/04/11 20:04:59 | 00,082,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4r.dll
[2009/04/11 20:04:59 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml4a.dll
[2009/04/11 20:04:26 | 00,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009/04/11 20:04:26 | 00,000,000 | ---D | C] -- C:\Program Files\Xara
[2009/04/11 20:04:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Xara
[2009/04/11 20:03:59 | 00,700,416 | ---- | C] (MAGIX AG) -- C:\WINDOWS\System32\mgxoschk.dll
[2009/04/11 20:03:59 | 00,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/11 20:03:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MAGIX
[2009/04/07 13:17:12 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009/03/01 19:50:44 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\dfxdSm.dll
[2009/03/01 19:50:44 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dfxcSm.dll
[2009/03/01 19:50:43 | 00,315,392 | ---- | C] () -- C:\WINDOWS\System32\dfxgSm.dll
[2009/02/15 23:10:47 | 00,000,157 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/02/15 16:48:30 | 00,296,448 | ---- | C] () -- C:\WINDOWS\Xenofex.ini
[2009/02/11 12:46:47 | 00,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS50.DLL
[2009/02/07 02:54:04 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/02/01 04:13:07 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/01/28 16:47:33 | 01,513,984 | ---- | C] () -- C:\WINDOWS\System32\MgxRdr80.dll
[2009/01/28 16:47:33 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2009/01/28 16:47:18 | 00,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2009/01/28 16:47:18 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2009/01/28 16:46:54 | 00,001,045 | ---- | C] () -- C:\WINDOWS\Mgxclean.sys
[2009/01/23 08:31:55 | 00,347,648 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\WlanUIG.sys
[2004/08/16 17:49:43 | 00,000,546 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/16 17:49:34 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[1997/08/23 12:33:24 | 00,022,104 | ---- | C] () -- C:\WINDOWS\System32\tntlvr.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/05/09 15:04:19 | 00,105,162 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\bookmarks.html
[2009/05/09 13:50:51 | 00,000,074 | -HS- | M] () -- C:\Documents and Settings\sam\My Documents\desktop.ini
[2009/05/09 13:50:37 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/05/09 13:50:30 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/09 13:50:29 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\sam\Local Settings\desktop.ini
[2009/05/09 13:38:59 | 00,471,326 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/05/09 13:38:59 | 00,401,064 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/05/09 13:38:59 | 00,062,344 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/05/09 13:34:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/09 13:34:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/09 13:34:14 | 00,239,144 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/09 12:49:46 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/05/09 12:46:12 | 00,027,910 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\24711_1.jpg
[2009/05/08 14:27:41 | 00,005,632 | -HS- | M] () -- C:\Documents and Settings\sam\Desktop\Thumbs.db
[2009/05/06 20:58:08 | 00,013,897 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\heart.drw
[2009/05/06 19:01:52 | 00,355,342 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\interface.psd
[2009/05/05 21:33:48 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\sam\Desktop\OTListIt2.exe
[2009/05/05 21:29:24 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\Rooter.exe
[2009/05/05 18:31:40 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/05 18:31:34 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/05 18:04:08 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 18:01:43 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\NTREGOPT.lnk
[2009/05/05 18:01:43 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\ERUNT.lnk
[2009/05/05 16:54:17 | 00,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\sam\Desktop\avast_home_setup.exe
[2009/05/05 16:49:31 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\sam\Desktop\mbam-setup.exe
[2009/05/05 16:47:22 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\sam\Desktop\erunt_setup.exe
[2009/05/05 00:41:20 | 00,000,121 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Files named .exe.fnd
[2009/05/04 13:06:01 | 00,102,912 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - BLANK.xlt
[2009/05/03 22:45:26 | 00,252,416 | -HS- | M] () -- C:\Documents and Settings\sam\My Documents\Thumbs.db
[2009/05/03 22:23:19 | 00,124,212 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\PushMeButton.jpg
[2009/05/03 22:23:00 | 00,757,016 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\PushMeButton.psd
[2009/05/03 16:50:18 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/03 15:03:27 | 00,027,136 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\K-Sudoku Archive.xls
[2009/05/03 12:49:20 | 00,008,185 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\photo gallery layout01.drw
[2009/05/03 09:39:23 | 01,263,689 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Grandma'sHouse.psd
[2009/05/03 07:18:26 | 00,390,429 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\ironpage template.jpg
[2009/05/03 06:07:26 | 00,296,448 | ---- | M] () -- C:\WINDOWS\Xenofex.ini
[2009/05/03 03:30:27 | 01,398,908 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\idiots-guide-to-photoshop.pdf
[2009/05/01 19:54:23 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\K-SudokuPuzzlesCompleted.xls
[2009/05/01 19:49:24 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 5-1b.xls
[2009/05/01 19:23:57 | 00,102,400 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 5-01.xls
[2009/05/01 13:55:44 | 00,097,792 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-30.xls
[2009/04/30 16:52:02 | 00,009,509 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\peter'sroom.drw
[2009/04/30 16:51:01 | 00,000,546 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/29 20:38:04 | 00,101,888 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-29.xls
[2009/04/28 23:03:04 | 01,479,071 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\orange-snapdragons.psd
[2009/04/28 17:57:46 | 06,745,696 | ---- | M] (Shareaza Development Team ) -- C:\Documents and Settings\sam\Desktop\Shareaza_2.4.0.0.exe
[2009/04/28 17:44:24 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\sudoku page - 4-28.xls
[2009/04/28 08:40:02 | 00,022,284 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\orange-snapdragons.jpg
[2009/04/28 08:32:27 | 00,284,112 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\okefenokee-swamp-gaok1.jpg
[2009/04/28 08:31:54 | 00,008,275 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\lilyPad.jpg
[2009/04/28 08:03:34 | 03,202,009 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\PIA11084.jpg
[2009/04/28 05:53:54 | 00,028,964 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\l_f953771e65fc436c94bae600a43ce620.jpg
[2009/04/28 04:36:45 | 00,040,367 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\paper_design3.jpg
[2009/04/28 00:18:56 | 00,107,622 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\DrillChart.gif
[2009/04/28 00:14:41 | 00,010,669 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\thread_size_english.htm
[2009/04/28 00:10:38 | 00,016,896 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\drill index.xls
[2009/04/27 21:50:15 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\LimeWire PRO 4.12.3.lnk
[2009/04/27 21:12:35 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\bookmarks-1.html
[2009/04/27 14:22:21 | 28,613,71134 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\osx-leopard105.dmg
[2009/04/26 15:56:15 | 00,078,336 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\4224 4229.doc
[2009/04/26 05:05:11 | 00,028,160 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Pen Tool cheat.doc
[2009/04/25 01:15:19 | 00,216,523 | ---- | M] () -- C:\Documents and Settings\sam\Desktop\img011.jpg
[2009/04/24 00:12:27 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Network Info - 2wire052.xls
[2009/04/22 11:49:08 | 00,138,608 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\excelicons.icl
[2009/04/22 11:18:00 | 00,017,408 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\Thumbs.db
[2009/04/22 11:17:46 | 00,006,148 | -H-- | M] () -- C:\Documents and Settings\All Users\Documents\.DS_Store
[2009/04/22 03:24:24 | 00,087,040 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\ksudoku-E.doc
[2009/04/18 19:15:05 | 00,120,320 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\longest list of bumperstickers!.xls
[2009/04/18 15:41:36 | 00,064,000 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\101 Photoshop Tips.doc
[2009/04/18 09:33:59 | 00,917,117 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\car.7z
[2009/04/18 09:29:50 | 00,051,712 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\Quotes.doc
[2009/04/18 07:28:33 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\G.W.Bush - Condolizza Rice.xls
[2009/04/17 15:55:06 | 00,219,087 | ---- | M] () -- C:\Documents and Settings\sam\My Documents\joke_FarSideFrog_Gary_Larson.jpg
[2009/04/13 06:38:09 | 00,011,189 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2009/04/11 20:03:59 | 00,006,211 | ---- | M] () -- C:\WINDOWS\mgxoschk.ini
[2009/04/10 00:16:07 | 00,118,784 | ---- | M] () -- C:\WINDOWS\SeaMonkeyUninstall.exe
[2009/04/10 00:15:46 | 00,118,784 | ---- | M] () -- C:\WINDOWS\GREUninstall.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\All Users\Documents\osx-leopard105.dmg:SummaryInformation
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\sam\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\sam\My Documents\My Videos:Shareaza.GUID
@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\sam\My Documents\My Music:Shareaza.GUID
< End of report >
  • 0

#6
Essexboy
Posted 09 May 2009 - 04:35 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a lot there what problems are you experiencing now ?

Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTLI
O33 - MountPoints2\{eeda5238-e95c-11dd-a6ea-0060b30bf831}\Shell\AutoRun\command - "" = F:\driver\usb\–Ό‡‘Š•†‘Ν€ŒŽ
O33 - MountPoints2\{eeda5238-e95c-11dd-a6ea-0060b30bf831}\Shell\open\command - "" = F:\driver\usb\–Ό‡‘Š•†‘Ν€ŒŽ

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#7
samiamnurnot
Posted 09 May 2009 - 06:39 PM

samiamnurnot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Well, I still can't run regedit.exe. I'll get that new log for you. Thanks!
  • 0

#8
samiamnurnot
Posted 09 May 2009 - 06:59 PM

samiamnurnot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
Here's the new logs:

OTLI2:

========== OTLISTIT ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eeda5238-e95c-11dd-a6ea-0060b30bf831}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eeda5238-e95c-11dd-a6ea-0060b30bf831}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{eeda5238-e95c-11dd-a6ea-0060b30bf831}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eeda5238-e95c-11dd-a6ea-0060b30bf831}\ not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\sam\Local Settings\Temp\~DF156F.tmp scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\sam\Local Settings\Temp\~DF176C.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_av_proI.tm~a02276\setup.lok scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1a4.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_c0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTListIt2 by OldTimer - Version 2.0.15.3 log created on 05092009_174131

Files moved on Reboot...
File C:\Documents and Settings\sam\Local Settings\Temp\~DF156F.tmp not found!
File C:\Documents and Settings\sam\Local Settings\Temp\~DF176C.tmp not found!
File C:\WINDOWS\temp\_av_proI.tm~a02276\setup.lok not found!
C:\WINDOWS\temp\Perflib_Perfdata_1a4.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_5e8.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_c0.dat not found!

Registry entries deleted on Reboot...


...And Malwarebytes:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/9/2009 5:52:16 PM
mbam-log-2009-05-09 (17-52-16).txt

Scan type: Quick Scan
Objects scanned: 64593
Time elapsed: 3 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Thank you. :)
  • 0

#9
Essexboy
Posted 10 May 2009 - 04:09 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets see if we can fix regedit now

To ensure that I get all the information this log will need to be attached (instructions at the end) if it is to large to attach then upload to Mediafire and post the sharing link.

Download OTScanit2 to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close ALL OTHER PROGRAMS.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Check the box that says Scan All Users
  • Check the Radio button for Rootkit check YES
  • UnderCustom Scans (bottom left) copy/paste in the following:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
  • Under Additional Scans check the following:
    • File - Lop Check
    • File - Purity Scan
    • Evnt - EventViewer Errors/Warnings (last 10)
  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Please attach the log in your next post.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

  • 0

#10
samiamnurnot
Posted 10 May 2009 - 03:12 PM

samiamnurnot

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts
I hope I did this right...

Attached Files


  • 0

#11
Essexboy
Posted 10 May 2009 - 03:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
What error do you get when you try to run regedit ?
  • 0

#12
Essexboy
Posted 14 May 2009 - 01:33 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP