Hi Cypher, I have removed the ICQ toolbar. Here are the requested logs. The http tidserv request 2 messages seem to have stopped. I was wondering if you could actually tell me what it is that this infection does to the computer? So far I have not noticed anything other than the constant messages informing me of the infection from Norton, higher internet usage detected in our internet data usage meter and the "Backdoor.Tidserv!inf" (should I actually be worried about this?) that Norton informed me of while I was running RSIT. Thanks for helping out
OTM log:
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\utorrent.exe deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\OGADaily.job moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
File/Folder C:\Program Files\BitTorrent not found.
C:\Program Files\uTorrent folder moved successfully.
C:\WINDOWS\BrmfBidi.ini moved successfully.
C:\Documents and Settings\LSM\Application Data\uTorrent folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 51046 bytes
User: LSM
->Temp folder emptied: 875845 bytes
->Temporary Internet Files folder emptied: 2640577 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37705983 bytes
->Flash cache emptied: 8812 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 443243 bytes
->Flash cache emptied: 2190 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1138887 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83939 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23948976 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 745247 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 65.00 mb
OTM by OldTimer - Version 3.1.12.0 log created on 05152010_231517
Files moved on Reboot...
File C:\WINDOWS\temp\JET3A64.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_744.dat not found!
Registry entries deleted on Reboot...
RSIT log:
Logfile of random's system information tool 1.07 (written by random/random)
Run by LSM at 2010-05-15 23:22:43
Microsoft Windows XP Professional Service Pack 3
System drive C: has 20 GB (13%) free of 153 GB
Total RAM: 3069 MB (79% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:55 PM, on 15-May-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\STacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\sttray.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ICQ6.5\ICQ.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\LSM\Desktop\RSIT.exe
C:\Program Files\trend micro\LSM.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://au.rd.yahoo.com/customize/ie/def ... .yahoo.comO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [StreamPeer] C:\Program Files\StreamPeer\StreamPeer.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\PROGRA~1\ICQ6.5\ICQ.exe" silent
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\LSM\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\LSM\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\LSM\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\LSM\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) -
http://messenger.zone.msn.com/binary/So ... b56986.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/Messenger ... E_UNO1.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -
http://messenger.zone.msn.com/binary/Mi ... b56986.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Diskeeper - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\STacSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TwonkyMedia - PacketVideo - C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - C:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
--
End of file - 11585 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\OGALogon.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-12-19 817936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2009-08-22 378736]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton 360\Engine\3.8.0.41\IPSBHO.DLL [2009-08-22 107896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-09 279664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-09 812528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-27 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll [2003-05-15 147456]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! ¤u¨ã¦C - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-12-19 817936]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton 360\Engine\3.8.0.41\coIEPlg.dll [2009-08-22 378736]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-09 279664]
Locked
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"=C:\WINDOWS\sttray.exe [2006-05-27 282624]
"DiskeeperSystray"=C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe [2006-02-24 196709]
"farstone"= []
"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"PaperPort PTD"=C:\Program Files\Scansoft\PaperPort\pptd40nt.exe [2002-06-10 45108]
"IndexSearch"=C:\Program Files\Scansoft\PaperPort\IndexSearch.exe [2002-06-10 36864]
"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe []
"StreamPeer"=C:\Program Files\StreamPeer\StreamPeer.exe []
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2002-08-29 59392]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2002-08-29 455168]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-04-21 94208]
"Aim6"= []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\PROGRA~1\ICQ6.5\ICQ.exe [2009-11-17 172792]
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite"
"C:\Program Files\StreamPeer\StreamPeer.exe"="C:\Program Files\StreamPeer\StreamPeer.exe:*:Enabled:StreamPeer"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe"="C:\Program Files\Steam\SteamApps\common\football manager 2009\fm.exe:*:Enabled:Football Manager 2009"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Hann Boy\Warcraft III\w3l.exe"="C:\Hann Boy\Warcraft III\w3l.exe:*:Enabled:w3l.exe"
"C:\Hann Boy\Warcraft III\war3.exe"="C:\Hann Boy\Warcraft III\war3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia"
"C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe"="C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer"
"C:\Documents and Settings\LSM\Desktop\Net_Big2_V2.0\Net Big2 V2.0.exe"="C:\Documents and Settings\LSM\Desktop\Net_Big2_V2.0\Net Big2 V2.0.exe:*:Enabled:Net Big2 V2.0"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9565211c-d876-11dd-b706-001676bea368}]
shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b587c4be-c75b-11de-b8bf-001676bea368}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-7-7-11-100006328-100021933-100018285-6685.com g:\
shell\Open\command - RECYCLER\S-7-7-11-100006328-100021933-100018285-6685.com g:\
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d26f1a20-cc7b-11dc-b4ac-001676bea368}]
shell\AutoRun\command - E:\setupSNK.exe
======List of files/folders created in the last 1 months======
2010-05-15 23:15:17 ----D---- C:\_OTM
2010-05-15 23:12:54 ----D---- C:\WINDOWS\ERDNT
2010-05-15 23:11:59 ----D---- C:\Program Files\ERUNT
2010-05-15 14:17:55 ----D---- C:\rsit
2010-05-15 13:41:20 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-13 03:13:55 ----A---- C:\WINDOWS\system32\MRT.INI
2010-05-13 03:05:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-09 15:57:51 ----D---- C:\Program Files\Trend Micro
2010-05-06 21:56:26 ----A---- C:\WINDOWS\system32\chtbrkr.dll
2010-05-06 21:56:26 ----A---- C:\WINDOWS\system32\chsbrkr.dll
2010-05-06 21:56:25 ----A---- C:\WINDOWS\system32\korwbrkr.dll
2010-05-06 21:56:24 ----A---- C:\WINDOWS\system32\msir3jp.dll
2010-05-06 21:56:00 ----A---- C:\WINDOWS\system32\kbd101a.dll
2010-05-06 21:55:47 ----A---- C:\WINDOWS\system32\kbdnecNT.dll
2010-05-06 21:55:47 ----A---- C:\WINDOWS\system32\kbdnecAT.dll
2010-05-06 21:55:47 ----A---- C:\WINDOWS\system32\kbdnec95.dll
2010-05-06 21:55:22 ----A---- C:\WINDOWS\system32\c_is2022.dll
2010-04-30 11:44:24 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-04-23 20:13:18 ----D---- C:\Program Files\Tiger Gaming
2010-04-21 16:20:18 ----A---- C:\WINDOWS\MYOBP.INI
2010-04-21 16:20:18 ----A---- C:\WINDOWS\MYOB.INI
2010-04-21 16:17:44 ----D---- C:\Program Files\Microsoft Chart Controls
2010-04-21 16:17:33 ----D---- C:\Documents and Settings\LSM\Application Data\FLEXnet
2010-04-21 16:17:28 ----A---- C:\WINDOWS\openrda.ini
2010-04-21 16:17:23 ----D---- C:\MYOBODBCAU10
2010-04-21 16:17:23 ----D---- C:\MYOBODBC
2010-04-21 16:17:15 ----A---- C:\WINDOWS\drvxl32.INI
2010-04-21 16:17:14 ----A---- C:\WINDOWS\drvwd32.INI
2010-04-21 16:16:22 ----D---- C:\Program Files\Common Files\Wintertree
2010-04-21 16:15:20 ----D---- C:\Standard19
2010-04-21 16:15:20 ----D---- C:\Program Files\MYOB
2010-04-21 16:15:20 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2010-04-21 01:21:33 ----D---- C:\Documents and Settings\All Users\Application Data\Nokia
2010-04-21 01:01:40 ----D---- C:\Program Files\PC Connectivity Solution
2010-04-21 01:00:53 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2010-04-21 01:00:53 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-04-18 00:00:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-17 23:59:54 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-17 23:53:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-17 23:53:05 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-17 03:22:23 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-17 03:21:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
======List of files/folders modified in the last 1 months======
2010-05-15 23:20:11 ----D---- C:\WINDOWS\Temp
2010-05-15 23:15:47 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-15 23:15:47 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-15 23:15:26 ----D---- C:\WINDOWS\system32
2010-05-15 23:15:26 ----D---- C:\WINDOWS
2010-05-15 23:15:19 ----SD---- C:\WINDOWS\Tasks
2010-05-15 23:15:19 ----RD---- C:\Program Files
2010-05-15 23:15:06 ----D---- C:\WINDOWS\Prefetch
2010-05-15 22:53:19 ----D---- C:\Program Files\ICQToolbar
2010-05-15 21:54:57 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-15 21:39:20 ----D---- C:\Program Files\Steam
2010-05-15 21:32:52 ----D---- C:\Documents and Settings\LSM\Application Data\ICQ
2010-05-15 18:08:00 ----D---- C:\Photos
2010-05-15 17:59:51 ----D---- C:\Documents and Settings\LSM\Application Data\Skype
2010-05-15 17:43:29 ----D---- C:\Documents and Settings\LSM\Application Data\skypePM
2010-05-15 14:18:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-15 14:18:22 ----D---- C:\WINDOWS\system32\drivers
2010-05-15 14:11:11 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2010-05-15 13:37:45 ----D---- C:\WINDOWS\Debug
2010-05-15 13:37:42 ----D---- C:\WINDOWS\Minidump
2010-05-15 13:37:12 ----D---- C:\Program Files\CCleaner
2010-05-13 21:23:40 ----D---- C:\Documents and Settings\LSM\Application Data\AdobeUM
2010-05-13 19:59:58 ----D---- C:\Program Files\Mozilla Firefox
2010-05-13 03:14:25 ----SHD---- C:\WINDOWS\Installer
2010-05-13 03:06:11 ----HD---- C:\WINDOWS\inf
2010-05-13 03:06:01 ----D---- C:\Program Files\Outlook Express
2010-05-12 22:07:24 ----D---- C:\Hann Boy
2010-05-12 12:02:33 ----HD---- C:\WINDOWS\$hf_mig$
2010-05-06 22:02:08 ----SD---- C:\Documents and Settings\LSM\Application Data\Microsoft
2010-05-06 21:56:15 ----RSD---- C:\WINDOWS\Fonts
2010-05-06 21:56:07 ----D---- C:\WINDOWS\Help
2010-05-02 01:23:35 ----A---- C:\WINDOWS\maxlink.ini
2010-05-02 01:23:35 ----A---- C:\WINDOWS\Brpcfx.ini
2010-05-02 00:58:11 ----D---- C:\Program Files\Internet Explorer
2010-05-01 04:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-25 19:41:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-04-24 21:55:52 ----D---- C:\Program Files\Winamp
2010-04-23 21:21:50 ----D---- C:\Temp
2010-04-23 20:03:18 ----D---- C:\WINDOWS\Microsoft.NET
2010-04-23 19:33:35 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-04-22 17:17:25 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-21 16:17:56 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-21 16:17:46 ----RSD---- C:\WINDOWS\assembly
2010-04-21 16:16:22 ----D---- C:\Program Files\Common Files
2010-04-21 01:07:54 ----D---- C:\Program Files\Nokia
2010-04-21 01:04:41 ----D---- C:\Program Files\Common Files\Nokia
2010-04-21 01:01:50 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-21 00:59:40 ----D---- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 BHDrvx86;Symantec Heuristics Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\BHDrvx86.sys [2009-08-22 259632]
R1 ccHP;Symantec Hash Provider; C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys [2009-08-22 482432]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100505.001\IDSxpx86.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 SRTSP;Symantec Real Time Storage Protection; C:\WINDOWS\System32\Drivers\N360\0308000.029\SRTSP.SYS [2009-08-22 308272]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\WINDOWS\system32\drivers\N360\0308000.029\SRTSPX.SYS [2009-08-22 43696]
R1 SYMTDI;Symantec Network Dispatch Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMTDI.SYS [2009-08-22 217136]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-08-29 12032]
R2 PfModNT;PfModNT; \??\C:\WINDOWS\System32\drivers\PfModNT.sys []
R2 StudioPro;StudioPro webcam; C:\WINDOWS\system32\DRIVERS\StudioPro.sys [2007-01-05 120320]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\System32\drivers\symlcbrd.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2006-01-12 163328]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM); C:\WINDOWS\system32\DRIVERS\vrtaucbl.sys [2007-04-22 38784]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2010-01-12 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2002-08-29 12160]
R3 NAVENG;NAVENG; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100514.048\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100514.048\NAVEX15.SYS []
R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-05-27 1177032]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMFW.SYS [2009-08-22 89904]
R3 SYMIDS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMIDS.SYS [2009-08-22 33072]
R3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
R3 SYMNDIS;Symantec Network Filter Driver; C:\WINDOWS\System32\Drivers\N360\0308000.029\SYMNDIS.SYS [2009-08-22 36400]
R3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 brfilt;Brother MFC Filter Driver; C:\WINDOWS\System32\Drivers\Brfilt.sys [2001-08-17 2944]
S3 Bridge;MAC Bridge; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 BridgeMP;MAC Bridge Miniport; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-14 71552]
S3 brparimg;Brother Multi Function Parallel Image driver; C:\WINDOWS\System32\DRIVERS\BrParImg.sys [2001-08-17 3168]
S3 BrParWdm;Brother WDM Parallel Driver; C:\WINDOWS\System32\Drivers\BrParwdm.sys [2001-08-17 39552]
S3 BrSerWDM;Brother Serial driver; C:\WINDOWS\System32\Drivers\BrSerWdm.sys [2001-08-17 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem; C:\WINDOWS\System32\Drivers\BrUsbMdm.sys [2001-08-17 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver; C:\WINDOWS\System32\Drivers\BrUsbScn.sys [2001-08-17 10368]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 exdisk;Express Disk Service; C:\WINDOWS\System32\DRIVERS\exdisk.sys [2004-08-03 14074]
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\LSM\LOCALS~1\Temp\THC748.tmp []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 k600bus;Sony Ericsson 600i driver (WDM); C:\WINDOWS\system32\DRIVERS\k600bus.sys [2005-03-04 52384]
S3 k600mdfl;Sony Ericsson 600i USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\k600mdfl.sys [2005-03-05 6096]
S3 k600mdm;Sony Ericsson 600i USB WMC Modem Drivers; C:\WINDOWS\system32\DRIVERS\k600mdm.sys [2005-03-05 87456]
S3 k600mgmt;Sony Ericsson 600i USB WMC Device Management Drivers; C:\WINDOWS\system32\DRIVERS\k600mgmt.sys [2005-03-05 79248]
S3 k600obex;Sony Ericsson 600i USB WMC OBEX Interface Drivers; C:\WINDOWS\system32\DRIVERS\k600obex.sys [2005-03-05 77072]
S3 mf;mf; C:\WINDOWS\System32\DRIVERS\mf.sys [2008-04-14 63744]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 ndiscm;Motorola SURFboard USB Cable Modem Windows Driver; C:\WINDOWS\System32\DRIVERS\NetMotCM.sys [2004-02-09 15360]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-01-21 18048]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-12-30 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 sfng32;Sonic Focus Plugin for Sigmatel HDA; C:\WINDOWS\system32\drivers\sfng32.sys [2005-12-03 41728]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-08-22 36400]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-12-30 7936]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-12-30 7936]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\System32\CTSvcCDA.EXE [1999-12-13 44032]
R2 Diskeeper;Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2006-03-09 630905]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-27 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 N360;Norton 360; C:\Program Files\Norton 360\Engine\3.8.0.41\ccSvcHst.exe [2009-08-22 117640]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2006-06-01 155715]
R2 STacSV;SigmaTel Audio Service; C:\WINDOWS\system32\STacSV.exe [2006-05-27 86016]
R2 Symantec Core LC;Symantec Core LC; C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe [2007-02-04 1174152]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-06-26 53520]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
S2 TwonkyMedia;TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [2009-02-04 102400]
S2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autocomplete;AutoComplete Service; C:\Program Files\Acesoft\Tracks Eraser Pro\delautocomp.exe []
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-02 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-02-15 545576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-01-26 652800]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Systemlook:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:24 on 15/05/2010 by LSM (Administrator - Elevation successful)
========== dir ==========
C:\Standard19 - Parameters: "(none)"
---Files---
CFX2032.DLL --a--- 317440 bytes [04:03 01/07/1997] [04:03 01/07/1997]
Clearwtr.MYO --a--- 3604480 bytes [02:55 22/02/2010] [02:55 22/02/2010]
CPdf.dll --a--- 217088 bytes [05:33 10/07/2007] [05:33 10/07/2007]
ctmyob32.dll --a--- 344064 bytes [17:38 15/03/2007] [17:38 15/03/2007]
ctreestd.dll --a--- 323584 bytes [03:20 30/05/2003] [03:20 30/05/2003]
drvwd32.exe --a--- 44720 bytes [05:13 06/03/2007] [05:13 06/03/2007]
drvxl32.exe --a--- 61104 bytes [05:12 06/03/2007] [05:12 06/03/2007]
dunzip32.dll --a--- 110592 bytes [07:40 17/06/1999] [07:40 17/06/1999]
dzip32.dll --a--- 126976 bytes [07:40 17/06/1999] [07:40 17/06/1999]
FtoP.dll --a--- 266240 bytes [07:03 11/02/2010] [07:03 11/02/2010]
FtoP.res --a--- 43437 bytes [06:37 11/02/2010] [06:37 11/02/2010]
Interop.FNCClient11Lib.dll --a--- 90112 bytes [08:53 09/07/2009] [08:53 09/07/2009]
MtoM.dll --a--- 380928 bytes [07:17 23/11/2009] [07:17 23/11/2009]
MtoM.res --a--- 32023 bytes [06:37 11/02/2010] [06:37 11/02/2010]
MtoP.dll --a--- 249856 bytes [07:03 11/02/2010] [07:03 11/02/2010]
MtoP.res --a--- 43572 bytes [06:37 11/02/2010] [06:37 11/02/2010]
Myob.exe --a--- 20348576 bytes [05:27 22/02/2010] [05:27 22/02/2010]
MYOBCommon.dll --a--- 57344 bytes [19:04 03/02/2004] [19:04 03/02/2004]
MYOBEsn.rsrc --a--- 868448 bytes [05:38 11/02/2010] [05:38 11/02/2010]
MYOBIn32.dll --a--- 32768 bytes [07:19 11/10/1999] [07:19 11/10/1999]
MYOBMSC.dll --a--- 1929216 bytes [08:04 19/05/2005] [08:04 19/05/2005]
MYOBMSC.exe --a--- 344064 bytes [08:04 19/05/2005] [08:04 19/05/2005]
MYOBMSC.jar --a--- 5176 bytes [04:20 04/05/2004] [04:20 04/05/2004]
MyobPOpt.exe --a--- 380576 bytes [07:56 16/02/2010] [07:56 16/02/2010]
MYOBPOPT.res --a--- 8242 bytes [06:41 11/02/2010] [06:41 11/02/2010]
MYOBRegUpdate.exe --a--- 102560 bytes [04:56 16/02/2010] [04:56 16/02/2010]
MYOBRegUpdate.exe.config --a--- 1225 bytes [03:43 21/12/2009] [03:43 21/12/2009]
MYOBRes.rsrc --a--- 1604221 bytes [05:36 11/02/2010] [05:36 11/02/2010]
MYOBSp32.dll --a--- 204800 bytes [09:16 30/11/2009] [09:16 30/11/2009]
MYOBUpg.exe --a--- 548512 bytes [08:00 16/02/2010] [08:00 16/02/2010]
MYOBUpg.res --a--- 24389 bytes [06:37 11/02/2010] [06:37 11/02/2010]
PrnEng.dll --a--- 143360 bytes [04:19 04/05/2004] [04:19 04/05/2004]
PtoP.dll --a--- 434176 bytes [07:03 11/02/2010] [07:03 11/02/2010]
PtoP.res --a--- 39888 bytes [06:37 11/02/2010] [06:37 11/02/2010]
ssce5532.dll --a--- 229376 bytes [00:32 10/12/2007] [00:32 10/12/2007]
SWDrv32.dll --a--- 40960 bytes [02:05 15/02/2007] [02:05 15/02/2007]
TemplatesUpgrader.exe --a--- 233120 bytes [05:59 26/02/2010] [05:59 26/02/2010]
tutorial.pdf --a--- 1963340 bytes [05:26 15/01/2010] [05:26 15/01/2010]
xerces.dll --a--- 630784 bytes [05:34 10/07/2007] [05:34 10/07/2007]
Xerces2.dll --a--- 1916928 bytes [04:19 04/05/2004] [04:19 04/05/2004]
---Folders---
BASlink d----- [06:16 21/04/2010]
BusinessInsights d----- [06:16 21/04/2010]
Custom d----- [06:15 21/04/2010]
Forms d----- [06:15 21/04/2010]
Help d----- [06:15 21/04/2010]
ImportAssist d----- [06:15 21/04/2010]
Letters d----- [06:15 21/04/2010]
ODBCDirect10 d----- [06:16 21/04/2010]
OutlookSync d----- [06:16 21/04/2010]
Spredsht d----- [06:15 21/04/2010]
ToolsMenu d----- [06:16 21/04/2010]
Tutorial d----- [06:15 21/04/2010]
C:\Hann Boy - Parameters: "(none)"
---Files---
0011 605 548 5934 poh poh.doc --a--- 24064 bytes [17:12 19/04/2010] [17:12 19/04/2010]
0421634192.doc --a--- 24064 bytes [20:40 02/03/2010] [20:40 02/03/2010]
10.doc ------ 24064 bytes [08:46 31/01/2009] [08:46 31/01/2009]
2306542926_52d2ba938f_o.jpg ------ 37526 bytes [06:24 27/10/2008] [06:24 27/10/2008]
3 kingdoms.zip --a--- 2428682 bytes [02:13 28/03/2008] [02:13 28/03/2008]
3074312b90e24.jpg ------ 43291 bytes [03:09 30/09/2008] [03:09 30/09/2008]
482.jpg ------ 4338 bytes [08:35 18/05/2007] [08:38 18/05/2007]
562.doc ------ 24064 bytes [07:29 13/01/2009] [07:29 13/01/2009]
87115312R.doc --a--- 25600 bytes [13:35 18/01/2010] [07:00 26/01/2010]
95573676 asd jewellery.doc ------ 24064 bytes [13:27 09/01/2009] [13:27 09/01/2009]
akfgavs13.jpg ------ 4419 bytes [06:13 26/07/2008] [06:13 26/07/2008]
another pic.jpg ------ 317251 bytes [05:57 06/10/2008] [05:57 06/10/2008]
band songs.doc ------ 24064 bytes [06:36 19/03/2008] [06:36 19/03/2008]
Banno_Genki_1_Audio_-_An_Integrated_Course_in_Elementary_Japanese_1__ISBN_4789011623_.part1.rar --a--- 88500000 bytes [03:22 12/10/2008] [03:35 12/10/2008]
Banno_Genki_1_Audio_-_An_Integrated_Course_in_Elementary_Japanese_1__ISBN_4789011623_.part2.rar --a--- 66618087 bytes [03:58 12/10/2008] [04:06 12/10/2008]
BassInSpace.png --a--- 2726150 bytes [04:16 11/11/2008] [04:16 11/11/2008]
beck-mongolian-chop-squad.jpg --a--- 49538 bytes [08:00 03/03/2009] [08:00 03/03/2009]
calvin-and-hobbes-book.jpg --a--- 17597 bytes [10:35 23/02/2009] [10:35 23/02/2009]
car.doc --a--- 52736 bytes [12:26 11/12/2009] [12:26 11/12/2009]
case of denzel.doc ------ 111616 bytes [02:58 15/12/2007] [02:58 15/12/2007]
case of tifa.doc ------ 78848 bytes [03:00 15/12/2007] [03:00 15/12/2007]
Concerts.doc ------ 24064 bytes [07:32 11/05/2008] [03:36 16/06/2008]
Copy of akfgavs13.jpg ------ 12391 bytes [09:57 20/08/2008] [09:57 20/08/2008]
cover letter A & R.doc --a--- 25088 bytes [11:26 30/11/2009] [11:56 30/11/2009]
cover letter borders.doc --a--- 25088 bytes [11:37 30/11/2009] [01:06 10/02/2010]
cover letter foreign.doc --a--- 24576 bytes [08:55 12/01/2010] [08:58 12/01/2010]
cover letter general.doc --a--- 25600 bytes [11:35 30/11/2009] [03:16 27/02/2010]
cover letter Myer.doc --a--- 25088 bytes [11:32 30/11/2009] [11:42 30/11/2009]
cover letter starbucks.doc --a--- 25088 bytes [04:48 21/12/2009] [04:48 21/12/2009]
cover letter.doc --a--- 25600 bytes [11:23 30/11/2009] [02:53 04/05/2010]
Doc1.doc --a--- 226304 bytes [07:35 30/01/2010] [07:35 30/01/2010]
English essay 2.doc ------ 28672 bytes [10:48 12/08/2008] [12:33 11/08/2008]
enrollment confirmation.jpg --a--- 102236 bytes [09:27 09/12/2009] [09:28 09/12/2009]
ExportFormat.txt -ra--- 10684 bytes [13:37 16/01/2007] [13:37 16/01/2007]
ff7_chocobo_patch.zip --a--- 23576 bytes [06:52 29/07/2007] [06:52 29/07/2007]
final-fantasy-viii-eyes-on-me-flute-solo.pdf ------ 110603 bytes [06:34 01/10/2008] [06:34 01/10/2008]
font test.doc ------ 19968 bytes [07:24 27/10/2008] [09:15 27/10/2008]
fwd.zip --a--- 377741 bytes [11:43 04/01/2009] [11:43 04/01/2009]
GSpot.exe --a--- 925696 bytes [11:08 22/02/2007] [11:08 22/02/2007]
GSpot27.dat -ra--- 117974 bytes [06:28 19/02/2007] [06:28 19/02/2007]
Gunbuster 2.doc --a--- 24064 bytes [11:23 06/05/2010] [11:23 06/05/2010]
hiragana.doc ------ 66048 bytes [04:27 24/08/2008] [04:27 24/08/2008]
ID david jones.doc --a--- 24064 bytes [15:03 31/01/2010] [15:03 31/01/2010]
image-o-matic.jpg ------ 142372 bytes [11:36 26/10/2008] [11:36 26/10/2008]
IMGP0589.JPG --a--- 2291480 bytes [12:23 07/07/2009] [01:59 07/07/2009]
IMGP0722.JPG --a--- 2435599 bytes [04:21 19/11/2009] [11:55 18/11/2009]
IMGP0723.JPG --a--- 2231985 bytes [04:41 19/11/2009] [11:55 18/11/2009]
IMGP0731.JPG --a--- 2458980 bytes [05:40 07/12/2009] [16:21 06/12/2009]
IMGP0732.JPG --a--- 2572345 bytes [05:40 07/12/2009] [16:21 06/12/2009]
IMGP0733.JPG --a--- 2361131 bytes [05:40 07/12/2009] [16:22 06/12/2009]
internet security suite code.doc ------ 24064 bytes [07:54 26/05/2008] [07:54 26/05/2008]
Jonhhh says.doc --a--- 24064 bytes [12:44 15/02/2009] [12:44 15/02/2009]
Kevin 0402750107.doc ------ 24064 bytes [12:45 13/01/2009] [12:45 13/01/2009]
Kyaarin says.doc --a--- 25600 bytes [11:52 12/02/2009] [11:52 12/02/2009]
letsbeyblade.mp3 --a--- 978517 bytes [05:33 09/02/2010] [10:06 24/04/2010]
libraryjack.doc --a--- 24064 bytes [06:33 28/02/2010] [06:33 28/02/2010]
license.txt -ra--- 3615 bytes [13:37 16/01/2007] [13:37 16/01/2007]
maibassectjoeminimoto.png --a--- 1256504 bytes [04:19 17/11/2008] [04:19 17/11/2008]
Mehar.doc ------ 24064 bytes [11:09 18/01/2009] [11:09 18/01/2009]
mengkwai.doc --a--- 24064 bytes [13:36 21/04/2009] [13:36 21/04/2009]
MIC-2009-08-15_02h50m03s.wav ------ 1377340 bytes [08:16 15/08/2009] [08:16 15/08/2009]
Michishirube.doc ------ 25088 bytes [13:52 21/11/2008] [06:51 27/11/2008]
Muse - Sunburn.mp3 --a--- 5627671 bytes [05:46 12/11/2008] [05:47 12/11/2008]
m_15652d0dc4b1507c10fb398011b425d7.jpg ------ 4632 bytes [05:31 06/10/2008] [05:31 06/10/2008]
name.jpg ------ 4636 bytes [02:53 25/11/2008] [02:53 25/11/2008]
nasty.wav --a--- 3993140 bytes [08:06 12/10/2007] [08:06 12/10/2007]
New_book.jpg --a--- 35368 bytes [10:38 23/02/2009] [10:38 23/02/2009]
photo.jpg ------ 377985 bytes [02:02 30/09/2008] [02:02 30/09/2008]
POSSIBLE PILLOWS ALBUMS.doc ------ 24064 bytes [07:27 05/02/2008] [11:22 19/02/2008]
reference letter.jpg --a--- 121404 bytes [03:05 04/05/2010] [03:06 04/05/2010]
reference letter.pdf --a--- 167677 bytes [12:17 03/12/2009] [12:17 03/12/2009]
resident number.doc --a--- 24064 bytes [11:34 08/09/2009] [11:34 08/09/2009]
RESUME library.doc --a--- 29696 bytes [06:30 28/02/2010] [06:30 28/02/2010]
RESUME.doc --a--- 29696 bytes [12:18 27/11/2009] [02:55 04/05/2010]
Resume_aditya.doc ------ 31232 bytes [07:33 04/02/2008] [07:33 04/02/2008]
Rude_Malaysian02_knock.wmv --a--- 1149890 bytes [06:19 13/06/2007] [06:19 13/06/2007]
Sakura combos.doc ------ 26112 bytes [08:21 19/10/2008] [08:21 19/10/2008]
Scanning Report.doc ------ 41472 bytes [07:40 24/08/2008] [07:40 24/08/2008]
SECRETAG.MP3 --a--- 3589060 bytes [05:39 12/11/2008] [10:04 24/04/2010]
sfa3.doc ------ 25088 bytes [07:30 21/10/2008] [11:14 21/10/2008]
Shaolin Soccer.flv --a--- 5519459 bytes [10:07 08/10/2007] [10:08 08/10/2007]
signature attempt.psd ------ 62703 bytes [09:24 26/10/2008] [09:24 26/10/2008]
sketchbook.zip --a--- 50906 bytes [09:42 01/10/2008] [09:42 01/10/2008]
sola-binkan-na-fuukei-piano-solo.pdf --a--- 53737 bytes [06:09 13/04/2009] [17:06 08/04/2009]
sola-binkan-na-fuukei.pdf --a--- 16157 bytes [06:09 13/04/2009] [17:04 08/04/2009]
songs oldish.doc --a--- 24064 bytes [11:50 12/08/2009] [11:50 12/08/2009]
songs.doc --a--- 24064 bytes [13:16 17/05/2009] [13:16 17/05/2009]
Street Fighter Zero 2 Alpha.doc ------ 3342336 bytes [08:45 17/10/2008] [08:45 17/10/2008]
StreetFighter4_sakura.zip --a--- 13139028 bytes [11:57 01/01/2009] [11:58 01/01/2009]
test.jpg --a--- 1689217 bytes [05:43 07/12/2009] [05:43 07/12/2009]
the-pillows-band.jpg ------ 14065 bytes [03:49 16/01/2009] [03:49 16/01/2009]
Thumbs.db --ahs- 40960 bytes [11:08 22/08/2007] [07:27 29/10/2007]
tienyi bday.doc --a--- 294912 bytes [06:55 23/12/2009] [06:55 23/12/2009]
timetable.doc --a--- 158720 bytes [11:01 11/03/2010] [11:01 11/03/2010]
TO BUY.doc --a--- 24064 bytes [09:36 30/03/2009] [09:41 30/03/2009]
trial 1.psd ------ 531421 bytes [06:16 27/10/2008] [06:16 27/10/2008]
trial 2 (splatter border nice).psd ------ 455032 bytes [10:35 27/10/2008] [10:38 27/10/2008]
trial 2.psd ------ 553060 bytes [06:51 27/10/2008] [09:20 27/10/2008]
trial-2-(splatter-border).html --a--- 419 bytes [05:21 28/10/2008] [05:21 28/10/2008]
trial-2-(splatter-border-ni.jpg ------ 26358 bytes [05:25 28/10/2008] [05:25 28/10/2008]
trial-2-for-test.jpg ------ 23797 bytes [09:20 27/10/2008] [09:20 27/10/2008]
t_finalf13_e309_extended_hd.wmv --a--- 172617998 bytes [14:42 05/06/2009] [14:49 05/06/2009]
t_sf4_chunlivscviper.wmv --a--- 8677783 bytes [12:06 01/01/2009] [12:07 01/01/2009]
t_sfiv_e32k8_v3_h264.wmv --a--- 112639055 bytes [06:34 05/01/2009] [06:38 05/01/2009]
vox receipt.jpg --a--- 77646 bytes [09:23 09/12/2009] [09:24 09/12/2009]
Wait 2 days before transferring all money.doc --a--- 24064 bytes [07:43 15/12/2009] [07:43 15/12/2009]
Zapp and Roger.doc ------ 24064 bytes [12:06 10/09/2008] [12:55 10/09/2008]
ZbThumbnail.info --ah-- 13749 bytes [04:42 09/07/2007] [04:42 09/07/2007]
---Folders---
aeriththeme d----- [08:27 10/12/2007]
akfg covers d----- [06:48 25/02/2008]
anime+manga d----- [11:56 12/09/2008]
Anya Cheng Ka Kiew d----- [05:58 26/06/2008]
bass tabs d----- [06:21 12/02/2007]
bookmark backups d----- [12:35 18/08/2007]
CJ 7 d----- [06:46 20/04/2008]
Densha Otoko d----- [00:55 03/01/2010]
Drama for mum d----- [09:48 22/04/2008]
ff cb patch d----- [09:57 04/03/2007]
ff cb patch 1 d----- [01:18 06/04/2007]
ff cb patch 2 d----- [03:35 30/06/2007]
ff7 piano sheet music d----- [08:30 12/12/2007]
ff7 save back up (after emerald) d----- [04:45 30/11/2007]
ff7 save back up 2 d----- [02:37 04/08/2007]
ff7 save back up 3 d----- [02:40 24/09/2007]
ff7 save back up 4 (after ruby) d----- [08:19 24/10/2007]
fwd d----- [09:59 11/06/2007]
Genki d----- [03:23 12/10/2008]
GomPlayer d----- [03:31 03/04/2007]
guitar tabs d----- [12:45 20/04/2007]
images d----- [05:21 28/10/2008]
internet d----- [08:17 16/02/2008]
methods practice d----- [10:34 21/04/2008]
mp3 player d----- [02:22 28/01/2008]
music d----- [04:52 03/04/2007]
Olympus d----- [05:10 06/01/2010]
photos yr 12 d----- [10:41 13/10/2009]
popping d----- [11:30 20/02/2008]
rawr d----- [07:30 12/02/2010]
registry backup d----- [02:48 28/10/2007]
registry backup 2 d----- [02:49 28/10/2007]
replays d----- [05:26 13/02/2008]
software d----- [03:29 28/10/2007]
Soundbank d----- [08:54 27/11/2007]
University d----- [06:23 23/05/2007]
Vol01 d--h-- [03:44 20/04/2007]
Wallpaper d----- [13:34 20/10/2007]
Warcraft III d----- [04:29 30/06/2007]
-=End Of File=-