Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/Crypt.XPACK.Gen [trojan] Removal Help

Started by dwp916 , Nov 22 2009 04:48 PM

  • Please log in to reply

#1
dwp916
Posted 22 November 2009 - 04:48 PM

dwp916

    New Member

  • Member
  • Pip
  • 1 posts
Hi guys first post here looking for some help...

Avira keeps popping up with this: Virus or unwanted program 'TR/Crypt.XPACK.Gen [trojan]'
detected in file 'C:\Documents and Settings\Administrator\Local Settings\Temp\~5C3C.tmp.
I get this popup when im playing call of duty mw2 multiplayer...

I am unable to use rootrepeal with x64 anyway heres my OTL log and Mbam log. If you need anything else lmk.

OTL Extras logfile created on: 11/22/2009 5:30:55 PM - Run 1
OTL by OldTimer - Version 3.1.7.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.41 Gb Available Physical Memory | 85.27% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.90 Gb Total Space | 143.49 Gb Free Space | 73.25% Space Free | Partition Type: NTFS
Drive D: | 36.98 Gb Total Space | 3.87 Gb Free Space | 10.46% Space Free | Partition Type: NTFS
Drive E: | 3.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DWAYNE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.url[@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 File not found
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 File not found
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 File not found
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 File not found
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 File not found
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" File not found
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 File not found
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 File not found
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* File not found
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\nba 2k10\nba2k10.exe" = C:\Program Files (x86)\Steam\steamapps\common\nba 2k10\nba2k10.exe:*:Enabled:NBA 2K10 -- (2K Sports)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files (x86)\Steam\Steam.exe" = C:\Program Files (x86)\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- ()
"C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files (x86)\Steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- ()
"C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club -- (Take-Two Interactive Software, Inc.)
"C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"C:\Program Files (x86)\Steam\steamapps\common\nba 2k10\nba2k10.exe" = C:\Program Files (x86)\Steam\steamapps\common\nba 2k10\nba2k10.exe:*:Enabled:NBA 2K10 -- (2K Sports)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java™ 6 Update 17 (64-bit)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F7855754-13F5-426B-B090-5875FAFF1B20}" = Windows Presentation Foundation x64
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"WIC" = Windows Imaging Component
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{E0303B6A-C675-4102-95DA-C013625BFA99}" = GTA San Andreas
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 40920" = NBA 2K10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/22/2009 9:08:30 AM | Computer Name = DWAYNE | Source = Application Error | ID = 1000
Description = Faulting application gtaiv.exe, version 1.0.3.0, faulting module gtaiv.exe,
version 1.0.3.0, fault address 0x0005c657.

Error - 11/22/2009 10:51:48 AM | Computer Name = DWAYNE | Source = Application Hang | ID = 1002
Description = Hanging application hl2.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/22/2009 6:28:37 PM | Computer Name = DWAYNE | Source = Application Error | ID = 1000
Description = Faulting application icesword.exe, version 1.2.2.0, faulting module
icesword.exe, version 1.2.2.0, fault address 0x000112d9.

Error - 11/22/2009 6:28:41 PM | Computer Name = DWAYNE | Source = Application Error | ID = 1000
Description = Faulting application icesword.exe, version 1.2.2.0, faulting module
icesword.exe, version 1.2.2.0, fault address 0x000112d9.

[ System Events ]
Error - 11/22/2009 7:39:38 AM | Computer Name = DWAYNE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/22/2009 7:39:45 AM | Computer Name = DWAYNE | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 11/22/2009 7:58:32 AM | Computer Name = DWAYNE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 11/22/2009 7:58:32 AM | Computer Name = DWAYNE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 11/22/2009 9:05:44 AM | Computer Name = DWAYNE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 11/22/2009 9:05:44 AM | Computer Name = DWAYNE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 11/22/2009 6:11:43 PM | Computer Name = DWAYNE | Source = Service Control Manager | ID = 7031
Description = The Avira AntiVir Scheduler service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 11/22/2009 6:11:44 PM | Computer Name = DWAYNE | Source = Service Control Manager | ID = 7031
Description = The Avira AntiVir Guard service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 11/22/2009 6:13:23 PM | Computer Name = DWAYNE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 11/22/2009 6:13:23 PM | Computer Name = DWAYNE | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.


< End of report >

OTL logfile created on: 11/22/2009 5:30:55 PM - Run 1
OTL by OldTimer - Version 3.1.7.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.41 Gb Available Physical Memory | 85.27% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195.90 Gb Total Space | 143.49 Gb Free Space | 73.25% Space Free | Partition Type: NTFS
Drive D: | 36.98 Gb Total Space | 3.87 Gb Free Space | 10.46% Space Free | Partition Type: NTFS
Drive E: | 3.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DWAYNE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/11/22 17:17:35 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2009/11/22 05:29:23 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/11/02 22:23:08 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/05/13 19:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/13 19:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/13 19:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/05/13 19:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 16:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/03/02 16:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/03/02 16:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/03/02 16:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/03/02 16:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/07/03 03:51:28 | 16,876,032 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
PRC - [2008/06/18 05:01:56 | 00,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/06/18 05:01:56 | 00,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/06/18 05:01:56 | 00,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2009/11/22 17:17:35 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2007/02/18 07:00:00 | 00,178,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wbem\framedyn.dll
MOD - [2007/02/18 07:00:00 | 00,177,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\MSCTFIME.IME
MOD - [2007/02/18 07:00:00 | 00,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\srclient.dll
MOD - [2007/02/17 00:58:24 | 01,051,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\wow64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.3959_x-ww_5FA17F4E\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/22 05:29:23 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 19:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/29 21:18:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/07/29 19:28:38 | 00,859,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/07/25 10:13:48 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/07/25 10:13:44 | 00,046,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state)
SRV - [2007/02/18 07:00:00 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\iasrecst.dll -- (IASJet)
SRV - [2007/02/18 07:00:00 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2007/02/18 07:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\wdfmgr.exe -- (UMWdf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "NBA.com"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.15
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/11/22 08:02:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009/11/22 05:39:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009/11/22 06:16:40 | 00,000,000 | ---D | M]

[2009/11/22 05:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/11/22 05:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/11/22 08:56:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vsdw6mph.default\extensions
[2009/11/22 05:42:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vsdw6mph.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/11/22 06:16:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vsdw6mph.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/11/22 06:53:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vsdw6mph.default\extensions\[email protected]
[2009/11/22 05:39:47 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/11/22 05:39:47 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/11/02 22:23:26 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2009/11/02 22:23:27 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2009/11/02 22:23:28 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2009/11/06 12:20:16 | 00,032,448 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
[2009/11/02 20:16:17 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009/11/02 20:16:17 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2009/11/02 20:16:17 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2009/11/02 20:16:17 | 00,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2009/11/02 20:16:17 | 00,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2009/11/02 20:16:17 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2009/11/02 20:16:17 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

Hosts file not found
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\SysNative\NvCpl.DLL File not found
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\SysNative\NvMcTray.DLL File not found
O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found
O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GEST] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15:64bit: - ..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1258886174078 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1258883783845 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1258883824236 (MUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/22 07:41:07 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/25 17:24:44 | 00,000,051 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: Ias - C:\WINDOWS\SysWOW64\ias [2009/11/21 23:23:54 | 00,000,000 | ---D | M]
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2009/11/22 15:36:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\NBA 2K10 BACKUP
[2009/11/22 15:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\2K Sports
[2009/11/22 07:59:56 | 00,000,000 | ---D | C] -- C:\8507550a9f778efde1ddfd963b85
[2009/11/22 07:57:04 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/22 07:53:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2009/11/22 07:53:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2009/11/22 07:53:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2009/11/22 07:52:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
[2009/11/22 07:52:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2009/11/22 07:52:28 | 00,146,528 | ---- | C] (DeviceVM Inc.) -- C:\WINDOWS\SysWow64\dvmurl.dll
[2009/11/22 07:52:28 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2009/11/22 07:52:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Browser Configuration Utility
[2009/11/22 07:51:41 | 00,020,544 | ---- | C] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\gdrv.sys
[2009/11/22 07:49:44 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/22 07:49:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Rockstar Games
[2009/11/22 07:48:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/11/22 07:47:19 | 05,885,220 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/11/22 07:46:33 | 00,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\WINDOWS\SysWow64\CmdLineExt_x64.dll
[2009/11/22 07:46:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/11/22 07:46:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2009/11/22 07:46:26 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2009/11/22 07:46:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/11/22 07:46:18 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/11/22 07:46:18 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/11/22 07:46:18 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2009/11/22 07:46:18 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2009/11/22 07:46:18 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2009/11/22 07:46:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2009/11/22 07:46:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2009/11/22 07:46:18 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2009/11/22 07:46:18 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2009/11/22 07:46:18 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2009/11/22 07:46:18 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2009/11/22 07:46:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2009/11/22 07:46:17 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2009/11/22 07:46:17 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2009/11/22 07:46:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/11/22 07:46:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/11/22 07:44:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\xlive
[2009/11/22 07:44:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/11/22 07:41:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\system
[2009/11/22 07:41:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\speechengines
[2009/11/22 07:41:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\microsoft shared
[2009/11/22 07:41:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\inetsrv
[2009/11/22 07:41:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ime
[2009/11/22 07:40:31 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2009/11/22 07:40:19 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2009/11/22 07:39:42 | 00,024,576 | ---- | C] (Intel Corporation) -- C:\WINDOWS\SysWow64\isrdbg32.dll
[2009/11/22 07:39:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeeting
[2009/11/22 07:39:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/11/22 07:39:36 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/11/22 07:39:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Macromed
[2009/11/22 07:39:12 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/11/22 07:39:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker
[2009/11/22 07:39:03 | 00,000,002 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2009/11/22 07:38:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player[Strings]
[2009/11/22 07:38:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Services
[2009/11/22 07:38:56 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/11/22 07:38:50 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/11/22 07:38:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHealth
[2009/11/22 07:38:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Outlook Express
[2009/11/22 07:38:30 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/11/22 07:38:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\System
[2009/11/22 07:38:24 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/11/22 07:38:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer
[2009/11/22 07:38:19 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/11/22 07:38:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/11/22 07:38:06 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/11/22 07:37:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/11/22 07:37:40 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/11/22 07:37:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2009/11/22 07:37:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Gaming Zone
[2009/11/22 07:36:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSN
[2009/11/22 07:36:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Com
[2009/11/22 07:36:49 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/11/22 07:36:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows NT
[2009/11/22 07:36:47 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/11/22 07:17:50 | 00,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2009/11/22 07:17:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2009/11/22 07:11:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\XPSViewer
[2009/11/22 07:11:07 | 00,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2009/11/22 07:11:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2009/11/22 07:04:55 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/11/22 07:04:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/11/22 06:53:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2009/11/22 06:53:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2009/11/22 06:53:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009/11/22 06:53:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/11/22 06:53:17 | 00,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/11/22 06:47:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\GTA San Andreas User Files
[2009/11/22 06:37:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2009/11/22 06:24:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ventrilo
[2009/11/22 06:22:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/11/22 06:22:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/11/22 06:20:26 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/11/22 06:19:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/11/22 06:16:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/11/22 05:57:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/11/22 05:57:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2009/11/22 05:51:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2009/11/22 05:46:35 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/11/22 05:45:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2009/11/22 05:45:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2009/11/22 05:44:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Lang
[2009/11/22 05:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2009/11/22 05:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/11/22 05:39:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2009/11/22 05:35:10 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2009/11/22 05:34:47 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2009/11/22 05:33:47 | 02,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2009/11/22 05:33:47 | 01,364,480 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd64.exe
[2009/11/22 05:33:47 | 00,057,344 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2009/11/22 05:33:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\RTCOM
[2009/11/22 05:33:46 | 09,715,200 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2009/11/22 05:33:46 | 00,278,528 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysWow64\ALSNDMGR.CPL
[2009/11/22 05:33:45 | 01,826,816 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SkyTel.exe
[2009/11/22 05:33:45 | 00,266,240 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SysWow64\RTSndMgr.CPL
[2009/11/22 05:33:45 | 00,077,824 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2009/11/22 05:33:44 | 02,165,760 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2009/11/22 05:33:41 | 16,876,032 | R--- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.EXE
[2009/11/22 05:31:21 | 00,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2009/11/22 05:30:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/11/22 05:30:13 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2009/11/22 05:30:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/11/22 05:30:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/22 05:26:30 | 00,000,000 | --SD | C] -- C:\WINDOWS\SysWow64\config
[2009/11/22 05:26:08 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\SysWow64\drivers\ssmdrv.sys
[2009/11/22 05:26:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2009/11/22 05:26:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/11/22 05:22:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2009/11/22 05:22:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\AGEIA
[2009/11/22 05:22:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2009/11/22 05:22:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2009/11/22 05:22:16 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2009/11/22 05:21:54 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2009/11/22 05:21:09 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/11/22 05:21:08 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2009/11/22 05:16:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/11/22 05:16:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/11/22 05:14:34 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/11/22 05:14:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en-US
[2009/11/22 05:07:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/11/22 05:04:33 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/11/22 04:56:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\SoftwareDistribution
[2009/11/22 04:55:45 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\UserData
[2009/11/21 23:29:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ODBC
[2009/11/21 23:29:09 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/11/21 23:29:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/11/21 23:29:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeechEngines
[2009/11/21 23:29:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Shared
[2009/11/21 23:29:03 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/11/21 23:29:03 | 00,000,000 | R--D | C] -- C:\Program Files (x86)
[2009/11/21 23:29:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/11/21 23:29:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/11/21 23:29:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/11/21 23:29:03 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files
[2009/11/21 23:29:00 | 00,089,456 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sserifft.fon
[2009/11/21 23:29:00 | 00,084,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serifft.fon
[2009/11/21 23:29:00 | 00,064,400 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sserifet.fon
[2009/11/21 23:29:00 | 00,061,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serifet.fon
[2009/11/21 23:29:00 | 00,029,200 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallet.fon
[2009/11/21 23:29:00 | 00,023,008 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallft.fon
[2009/11/21 23:29:00 | 00,008,704 | -H-- | C] () -- C:\WINDOWS\Fonts\ega40857.fon
[2009/11/21 23:29:00 | 00,006,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgasyst.fon
[2009/11/21 23:29:00 | 00,006,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgafixt.fon
[2009/11/21 23:29:00 | 00,005,648 | -H-- | C] () -- C:\WINDOWS\Fonts\ega80857.fon
[2009/11/21 23:29:00 | 00,005,552 | -H-- | C] () -- C:\WINDOWS\Fonts\vga857.fon
[2009/11/21 23:28:59 | 00,098,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sseriffr.fon
[2009/11/21 23:28:59 | 00,068,848 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sserifer.fon
[2009/11/21 23:28:59 | 00,036,672 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\app857.fon
[2009/11/21 23:28:59 | 00,033,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\courft.fon
[2009/11/21 23:28:59 | 00,025,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\couret.fon
[2009/11/21 23:28:59 | 00,012,720 | -H-- | C] () -- C:\WINDOWS\Fonts\8514oemt.fon
[2009/11/21 23:28:59 | 00,011,488 | -H-- | C] (Microsoft® Corporatio) -- C:\WINDOWS\Fonts\8514fixt.fon
[2009/11/21 23:28:59 | 00,009,792 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514syst.fon
[2009/11/21 23:28:59 | 00,006,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgasysr.fon
[2009/11/21 23:28:59 | 00,006,672 | -H-- | C] () -- C:\WINDOWS\Fonts\cga40857.fon
[2009/11/21 23:28:59 | 00,006,128 | -H-- | C] () -- C:\WINDOWS\Fonts\vga866.fon
[2009/11/21 23:28:59 | 00,005,600 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgafixr.fon
[2009/11/21 23:28:59 | 00,005,120 | -H-- | C] (Microsoft® Corporatio) -- C:\WINDOWS\Fonts\vga855.fon
[2009/11/21 23:28:59 | 00,004,640 | -H-- | C] () -- C:\WINDOWS\Fonts\cga80857.fon
[2009/11/21 23:28:58 | 00,090,736 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\seriffr.fon
[2009/11/21 23:28:58 | 00,063,296 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serifer.fon
[2009/11/21 23:28:58 | 00,037,472 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\app866.fon
[2009/11/21 23:28:58 | 00,037,296 | -H-- | C] (Microsoft® Corporatio) -- C:\WINDOWS\Fonts\app855.fon
[2009/11/21 23:28:58 | 00,031,808 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\courfr.fon
[2009/11/21 23:28:58 | 00,024,832 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smaller.fon
[2009/11/21 23:28:58 | 00,023,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\courer.fon
[2009/11/21 23:28:58 | 00,019,760 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallfr.fon
[2009/11/21 23:28:58 | 00,013,200 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514oemr.fon
[2009/11/21 23:28:58 | 00,012,256 | -H-- | C] (Microsoft® Corporatio) -- C:\WINDOWS\Fonts\85855.fon
[2009/11/21 23:28:58 | 00,010,976 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514fixr.fon
[2009/11/21 23:28:58 | 00,010,064 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514sysr.fon
[2009/11/21 23:28:58 | 00,009,232 | -H-- | C] () -- C:\WINDOWS\Fonts\ega40866.fon
[2009/11/21 23:28:58 | 00,007,232 | -H-- | C] () -- C:\WINDOWS\Fonts\cga40866.fon
[2009/11/21 23:28:58 | 00,005,280 | -H-- | C] () -- C:\WINDOWS\Fonts\ega80866.fon
[2009/11/21 23:28:58 | 00,005,168 | -H-- | C] () -- C:\WINDOWS\Fonts\cga80866.fon
[2009/11/21 23:28:57 | 00,090,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sseriffg.fon
[2009/11/21 23:28:57 | 00,086,256 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\seriffg.fon
[2009/11/21 23:28:57 | 00,065,328 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sserifeg.fon
[2009/11/21 23:28:57 | 00,060,752 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serifeg.fon
[2009/11/21 23:28:57 | 00,036,336 | -H-- | C] () -- C:\WINDOWS\Fonts\dos737.fon
[2009/11/21 23:28:57 | 00,033,344 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\courfg.fon
[2009/11/21 23:28:57 | 00,028,912 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smalleg.fon
[2009/11/21 23:28:57 | 00,025,024 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\coureg.fon
[2009/11/21 23:28:57 | 00,023,120 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallfg.fon
[2009/11/21 23:28:57 | 00,009,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega40869.fon
[2009/11/21 23:28:57 | 00,009,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega40737.fon
[2009/11/21 23:28:57 | 00,007,008 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgasysg.fon
[2009/11/21 23:28:57 | 00,006,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega80869.fon
[2009/11/21 23:28:57 | 00,006,192 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega80737.fon
[2009/11/21 23:28:57 | 00,006,112 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgafixg.fon
[2009/11/21 23:28:57 | 00,005,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga869.fon
[2009/11/21 23:28:57 | 00,005,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga737.fon
[2009/11/21 23:28:56 | 00,090,336 | -H-- | C] () -- C:\WINDOWS\Fonts\ssef1257.fon
[2009/11/21 23:28:56 | 00,084,080 | -H-- | C] () -- C:\WINDOWS\Fonts\serf1257.fon
[2009/11/21 23:28:56 | 00,065,456 | -H-- | C] () -- C:\WINDOWS\Fonts\ssee1257.fon
[2009/11/21 23:28:56 | 00,059,024 | -H-- | C] () -- C:\WINDOWS\Fonts\sere1257.fon
[2009/11/21 23:28:56 | 00,024,672 | -H-- | C] () -- C:\WINDOWS\Fonts\smae1257.fon
[2009/11/21 23:28:56 | 00,019,904 | -H-- | C] () -- C:\WINDOWS\Fonts\smaf1257.fon
[2009/11/21 23:28:56 | 00,012,800 | -H-- | C] () -- C:\WINDOWS\Fonts\8514oemg.fon
[2009/11/21 23:28:56 | 00,011,520 | -H-- | C] (Microsoft® Corporatio) -- C:\WINDOWS\Fonts\8514fixg.fon
[2009/11/21 23:28:56 | 00,009,856 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514sysg.fon
[2009/11/21 23:28:56 | 00,007,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\cga40869.fon
[2009/11/21 23:28:56 | 00,007,216 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\cga40737.fon
[2009/11/21 23:28:56 | 00,006,656 | -H-- | C] () -- C:\WINDOWS\Fonts\vgas1257.fon
[2009/11/21 23:28:56 | 00,005,376 | -H-- | C] () -- C:\WINDOWS\Fonts\vgaf1257.fon
[2009/11/21 23:28:56 | 00,005,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\cga80869.fon
[2009/11/21 23:28:56 | 00,005,168 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\cga80737.fon
[2009/11/21 23:28:56 | 00,005,168 | -H-- | C] () -- C:\WINDOWS\Fonts\vga775.fon
[2009/11/21 23:28:55 | 00,035,808 | -H-- | C] () -- C:\WINDOWS\Fonts\app775.fon
[2009/11/21 23:28:55 | 00,031,760 | -H-- | C] () -- C:\WINDOWS\Fonts\couf1257.fon
[2009/11/21 23:28:55 | 00,023,440 | -H-- | C] () -- C:\WINDOWS\Fonts\coue1257.fon
[2009/11/21 23:28:55 | 00,012,304 | -H-- | C] () -- C:\WINDOWS\Fonts\85775.fon
[2009/11/21 23:28:55 | 00,010,976 | -H-- | C] () -- C:\WINDOWS\Fonts\85f1257.fon
[2009/11/21 23:28:55 | 00,009,472 | -H-- | C] () -- C:\WINDOWS\Fonts\85s1257.fon
[2009/11/21 23:28:55 | 00,006,608 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgasyse.fon
[2009/11/21 23:28:55 | 00,006,160 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga852.fon
[2009/11/21 23:28:55 | 00,005,376 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vgafixe.fon
[2009/11/21 23:28:54 | 00,092,032 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sseriffe.fon
[2009/11/21 23:28:54 | 00,085,360 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\seriffe.fon
[2009/11/21 23:28:54 | 00,066,464 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\sserifee.fon
[2009/11/21 23:28:54 | 00,059,952 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\serifee.fon
[2009/11/21 23:28:54 | 00,036,656 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\app852.fon
[2009/11/21 23:28:54 | 00,031,776 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\courfe.fon
[2009/11/21 23:28:54 | 00,024,784 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallee.fon
[2009/11/21 23:28:54 | 00,023,440 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\couree.fon
[2009/11/21 23:28:54 | 00,019,600 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallfe.fon
[2009/11/21 23:28:54 | 00,013,248 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514oeme.fon
[2009/11/21 23:28:54 | 00,010,976 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514fixe.fon
[2009/11/21 23:28:54 | 00,009,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514syse.fon
[2009/11/21 23:28:54 | 00,008,368 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega40852.fon
[2009/11/21 23:28:54 | 00,006,672 | -H-- | C] () -- C:\WINDOWS\Fonts\cga40852.fon
[2009/11/21 23:28:54 | 00,005,344 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\ega80852.fon
[2009/11/21 23:28:54 | 00,005,200 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\cga80852.fon
[2009/11/21 23:28:53 | 00,005,200 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga863.fon
[2009/11/21 23:28:53 | 00,005,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga865.fon
[2009/11/21 23:28:53 | 00,005,184 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\vga860.fon
[2009/11/21 23:28:52 | 00,036,672 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\app850.fon
[2009/11/21 23:28:52 | 00,021,504 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\smallf.fon
[2009/11/21 23:28:52 | 00,012,288 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514oem.fon
[2009/11/21 23:28:52 | 00,010,976 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514fix.fon
[2009/11/21 23:28:52 | 00,009,280 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\Fonts\8514sys.fon
[2009/11/21 23:28:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/11/21 23:28:39 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2009/11/21 23:28:39 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2009/11/21 23:28:39 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2009/11/21 23:28:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2009/11/21 23:28:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2009/11/21 23:26:44 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/21 23:26:44 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/11/21 23:26:36 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/11/21 23:26:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/11/21 23:18:36 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/11/21 23:18:36 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/11/21 23:18:36 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\wbem
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\usmt
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWOW64
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\mui
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent64
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\InstallShield
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime (x86)
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\ias
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\export
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\en
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\Drivers
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ADFS
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\ADAM
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\3076
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\2052
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1054
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1042
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1041
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1037
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1033
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1031
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1028
[2009/11/21 23:18:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWow64\1025

========== Files - Modified Within 14 Days ==========

[2009/11/22 17:28:56 | 01,310,720 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/11/22 17:13:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/22 17:13:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/22 17:12:09 | 05,885,220 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/11/22 15:30:32 | 00,002,243 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/11/22 09:21:30 | 00,001,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Counter-Strike Source.lnk
[2009/11/22 08:52:45 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NBA 2K10.lnk
[2009/11/22 07:58:41 | 00,535,996 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009/11/22 07:51:45 | 00,020,544 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\gdrv.sys
[2009/11/22 07:49:44 | 00,012,328 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/22 07:46:33 | 00,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\SysWow64\CmdLineExt_x64.dll
[2009/11/22 07:41:07 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/11/22 07:41:07 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/22 07:41:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/11/22 07:41:07 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/11/22 07:41:07 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/11/22 07:41:06 | 00,000,401 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/11/22 07:41:01 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/11/22 07:40:59 | 00,023,392 | ---- | M] () -- C:\WINDOWS\SysWow64\nscompat.tlb
[2009/11/22 07:40:59 | 00,016,832 | ---- | M] () -- C:\WINDOWS\SysWow64\amcompat.tlb
[2009/11/22 07:40:53 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/22 07:40:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\wuaucpl.cpl.manifest
[2009/11/22 07:40:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/11/22 07:40:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\sapi.cpl.manifest
[2009/11/22 07:40:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\nwc.cpl.manifest
[2009/11/22 07:40:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\ncpa.cpl.manifest
[2009/11/22 07:40:19 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\SysWow64\cdplayer.exe.manifest
[2009/11/22 07:37:59 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/11/22 07:37:59 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/11/22 06:37:57 | 00,001,645 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GTA SA.lnk
[2009/11/22 06:34:36 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CoD MW2 SP.lnk
[2009/11/22 06:34:36 | 00,001,674 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\C0D MW2 MP.lnk
[2009/11/22 05:44:13 | 00,940,794 | ---- | M] () -- C:\WINDOWS\SysWow64\LoopyMusic.wav
[2009/11/22 05:44:13 | 00,146,650 | ---- | M] () -- C:\WINDOWS\SysWow64\BuzzingBee.wav
[2009/11/22 05:39:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/11/22 05:39:48 | 00,001,656 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2009/11/22 05:38:08 | 00,000,984 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/11/22 05:31:22 | 00,000,630 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ventrilo.lnk
[2009/11/22 05:31:22 | 00,000,262 | ---- | M] () -- C:\WINDOWS\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/22 05:30:15 | 00,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mbam.lnk
[2009/11/22 05:26:12 | 00,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira.lnk
[2009/11/22 05:23:37 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/21 23:29:03 | 00,000,150 | ---- | M] () -- C:\WINDOWS\system.ini

========== Files Created - No Company Name ==========

[2009/11/22 09:21:30 | 00,001,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Counter-Strike Source.lnk
[2009/11/22 08:52:45 | 00,001,674 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NBA 2K10.lnk
[2009/11/22 07:49:44 | 00,012,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/22 07:47:19 | 05,885,220 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/11/22 07:46:18 | 00,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2009/11/22 07:46:18 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/11/22 07:46:17 | 01,310,720 | -H-- | C] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2009/11/22 07:46:02 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/22 07:45:01 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/11/22 07:41:07 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/11/22 07:41:07 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/11/22 07:41:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2009/11/22 07:41:07 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/11/22 07:41:07 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/11/22 07:41:01 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/11/22 07:40:59 | 00,023,392 | ---- | C] () -- C:\WINDOWS\SysWow64\nscompat.tlb
[2009/11/22 07:40:59 | 00,016,832 | ---- | C] () -- C:\WINDOWS\SysWow64\amcompat.tlb
[2009/11/22 07:40:19 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\wuaucpl.cpl.manifest
[2009/11/22 07:40:19 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\sapi.cpl.manifest
[2009/11/22 07:40:19 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\nwc.cpl.manifest
[2009/11/22 07:40:19 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\ncpa.cpl.manifest
[2009/11/22 07:40:19 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\SysWow64\cdplayer.exe.manifest
[2009/11/22 07:39:32 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/11/22 07:39:23 | 00,000,401 | ---- | C] () -- C:\WINDOWS\win.ini
[2009/11/22 07:39:03 | 00,144,128 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/11/22 07:39:03 | 00,144,128 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/11/22 07:39:03 | 00,000,002 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2009/11/22 07:37:59 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2009/11/22 07:37:59 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2009/11/22 07:37:18 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/11/22 07:37:18 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/11/22 07:37:18 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/11/22 07:37:18 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/11/22 07:37:17 | 00,093,702 | ---- | C] () -- C:\WINDOWS\SysWow64\subrange.uce
[2009/11/22 07:37:17 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/11/22 07:37:17 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/11/22 07:37:17 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/11/22 07:37:17 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/11/22 07:37:17 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/11/22 07:37:17 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/11/22 07:37:17 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/11/22 07:37:16 | 00,060,458 | ---- | C] () -- C:\WINDOWS\SysWow64\ideograf.uce
[2009/11/22 07:37:16 | 00,024,006 | ---- | C] () -- C:\WINDOWS\SysWow64\gb2312.uce
[2009/11/22 07:37:16 | 00,022,984 | ---- | C] () -- C:\WINDOWS\SysWow64\bopomofo.uce
[2009/11/22 07:37:16 | 00,016,740 | ---- | C] () -- C:\WINDOWS\SysWow64\shiftjis.uce
[2009/11/22 07:37:16 | 00,012,876 | ---- | C] () -- C:\WINDOWS\SysWow64\korean.uce
[2009/11/22 07:37:16 | 00,008,484 | ---- | C] () -- C:\WINDOWS\SysWow64\kanji_2.uce
[2009/11/22 07:37:16 | 00,006,948 | ---- | C] () -- C:\WINDOWS\SysWow64\kanji_1.uce
[2009/11/22 07:05:42 | 00,535,996 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009/11/22 06:37:57 | 00,001,645 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GTA SA.lnk
[2009/11/22 06:34:36 | 00,001,674 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CoD MW2 SP.lnk
[2009/11/22 06:34:36 | 00,001,674 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\C0D MW2 MP.lnk
[2009/11/22 05:45:39 | 00,002,243 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Steam.lnk
[2009/11/22 05:44:13 | 00,146,650 | ---- | C] () -- C:\WINDOWS\SysWow64\BuzzingBee.wav
[2009/11/22 05:44:12 | 00,940,794 | ---- | C] () -- C:\WINDOWS\SysWow64\LoopyMusic.wav
[2009/11/22 05:39:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/22 05:39:48 | 00,001,656 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Firefox.lnk
[2009/11/22 05:33:44 | 00,037,376 | R--- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2009/11/22 05:31:22 | 00,000,630 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ventrilo.lnk
[2009/11/22 05:31:18 | 00,000,262 | ---- | C] () -- C:\WINDOWS\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2009/11/22 05:30:15 | 00,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mbam.lnk
[2009/11/22 05:26:12 | 00,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira.lnk
[2009/11/21 23:29:14 | 00,000,984 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/11/21 23:29:09 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/11/21 23:29:02 | 00,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_857.nls
[2009/11/21 23:29:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28599.nls
[2009/11/21 23:29:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10081.nls
[2009/11/21 23:29:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_869.nls
[2009/11/21 23:29:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_866.nls
[2009/11/21 23:29:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_855.nls
[2009/11/21 23:29:01 | 00,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_737.nls
[2009/11/21 23:29:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_875.nls
[2009/11/21 23:29:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_28603.nls
[2009/11/21 23:29:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28597.NLS
[2009/11/21 23:29:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28595.NLS
[2009/11/21 23:29:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\C_28594.NLS
[2009/11/21 23:29:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10017.nls
[2009/11/21 23:29:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10007.nls
[2009/11/21 23:29:01 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10006.nls
[2009/11/21 23:29:00 | 00,066,594 | ---- | C] () -- C:\WINDOWS\SysWow64\c_852.nls
[2009/11/21 23:29:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10082.nls
[2009/11/21 23:29:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10029.nls
[2009/11/21 23:29:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_10010.nls
[2009/11/21 23:28:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\SysWow64\c_20127.nls
[2009/11/21 23:28:44 | 00,000,150 | ---- | C] () -- C:\WINDOWS\system.ini
[2009/11/21 23:28:39 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/11/06 10:58:04 | 00,178,975 | ---- | C] () -- C:\WINDOWS\SysWow64\xlive.dll.cat
[2009/08/03 03:21:54 | 00,197,912 | ---- | C] () -- C:\WINDOWS\SysWow64\physxcudart_20.dll
[2009/08/03 03:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelTraditionalChinese.dll
[2009/08/03 03:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSwedish.dll
[2009/08/03 03:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSpanish.dll
[2009/08/03 03:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelSimplifiedChinese.dll
[2009/08/03 03:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelPortugese.dll
[2009/08/03 03:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelKorean.dll
[2009/08/03 03:21:54 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelJapanese.dll
[2009/08/03 03:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelGerman.dll
[2009/08/03 03:21:52 | 00,058,648 | ---- | C] () -- C:\WINDOWS\SysWow64\AgCPanelFrench.dll
[2007/02/18 07:00:00 | 01,277,952 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 07:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 07:00:00 | 00,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 07:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 07:00:00 | 00,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 07:00:00 | 00,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 07:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 07:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 07:00:00 | 00,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 07:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 07:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 07:00:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 07:00:00 | 00,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 07:00:00 | 00,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 07:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 07:00:00 | 00,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 07:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 07:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2007/02/18 07:00:00 | 00,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2006/06/29 14:58:52 | 00,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 14:53:56 | 00,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 00,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 15:39:28 | 00,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

========== LOP Check ==========

[2009/11/22 15:34:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\2K Sports
[2009/11/22 06:22:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/11/22 07:02:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009/11/21 23:28:39 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/11/22 07:46:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/11/22 07:52:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2009/11/22 06:22:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/11/22 05:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/11/22 06:45:20 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/11/22 05:39:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009/11/22 06:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/11/22 06:26:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ventrilo
[2009/11/22 05:26:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/11/22 06:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/11/21 23:28:39 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2009/11/22 05:30:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/11/22 07:44:55 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/11/22 06:58:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/11/22 05:22:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2007/02/18 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/11/22 17:13:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/11/22 17:12:20 | 00,003,794 | ---- | M] () -- C:\WINDOWS\Tasks\SchedLgU.Txt

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2007/02/18 07:00:00 | 00,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll
[2007/02/18 07:00:00 | 00,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2007/02/18 07:00:00 | 00,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll
[2007/02/18 07:00:00 | 00,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMDRIVE%\nvgts.sys /s /md5 >
< End of report >

Malwarebytes' Anti-Malware 1.41
Database version: 3213
Windows 5.2.3790 Service Pack 2

11/22/2009 5:41:46 PM
mbam-log-2009-11-22 (17-41-46).txt

Scan type: Quick Scan
Objects scanned: 89981
Time elapsed: 1 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by dwp916, 22 November 2009 - 05:24 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP