Okay, ignore the previous DDS log please. My Avast did a boot scan, and seems to have removed a worm, plus it looks like SP 2 might have installed. I don't know if that means everything is fixed, but the fact that I"m posting here from my home computer is a good sign!
New DDS stuff:
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-03-17.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 7/16/2010 4:37:18 AM
System Uptime: 7/20/2010 7:55:55 PM (10 hours ago)
Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6577
Processor: Intel(R) Pentium(R) 4 CPU 2.53GHz | Socket 478 | 2533/133mhz
==== Disk Partitions =========================
A: is Removable
C: is FIXED (NTFS) - 108 GiB total, 30.459 GiB free.
D: is FIXED (FAT32) - 3 GiB total, 0.45 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP1: 7/20/2010 7:46:29 PM - System Checkpoint
RP2: 7/20/2010 8:24:26 PM - After trying automatic system restore
RP3: 7/20/2010 9:44:46 PM - before sp2
RP4: 7/20/2010 9:45:14 PM - restore 2
RP5: 7/20/2010 10:34:07 PM - 11:30 pm before cd
RP6: 7/20/2010 10:50:16 PM - Installed Windows XP Service Pack 2.
RP7: 7/20/2010 11:29:50 PM - Installed Windows XP KB873339.
RP8: 7/20/2010 1:05:52 PM - Installed Windows XP Service Pack 2.
RP9: 7/20/2010 1:16:13 PM - Installed Windows XP KB873339.
RP10: 7/20/2010 1:18:52 PM - Installed Windows XP KB885835.
==== Installed Programs ======================
Adobe Acrobat 5.0
Adobe Flash Player 10 ActiveX
America Online
avast! Free Antivirus
Coloreal
CompuServe
Detto IntelliMover Demo
HijackThis 2.0.2
Inactive HP Printer Drivers (Remove only)
Indeo® Software
Intel(R) 82845G Graphics Driver Software
InterVideo WinDVD 4
Java 2 Runtime Environment Standard Edition v1.3.1_02
Java 2 Runtime Environment, SE v1.4.0_01
Java Web Start
KBD
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Mozilla Firefox (3.6.7)
Netscape (7.0)
NVIDIA Windows 2000/XP Display Drivers
PC-Doctor for Windows
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2003 New User Edition
RealOne Player
RecordNow
RecordNow Update Manager
S3Display
S3Gamma2
S3Info2
S3Overlay
ShowBiz
Simple Installer - Multilanguage Version
Viewpoint Media Player (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows XP Service Pack 2
Yahoo! Login
Yahoo! Messenger
==== Event Viewer Messages From Past Week ========
7/21/2010 5:35:26 AM, error: Service Control Manager [7023] - The Shell Update service terminated with the following error: The specified module could not be found.
7/18/2010 6:34:20 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
7/17/2010 8:17:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
7/17/2010 7:38:58 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
7/17/2010 7:37:36 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the service.
7/17/2010 7:37:06 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the szserver service.
7/17/2010 7:16:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: agp440 SISAGP viaagp1
7/17/2010 7:16:29 PM, error: Service Control Manager [7023] - The Shell Update service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
7/17/2010 7:16:29 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
7/16/2010 8:23:25 AM, error: Dhcp [1002] - The IP address lease 207.191.200.153 for the Network Card with network address 0010DC8E975A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
7/16/2010 8:20:33 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
7/16/2010 8:20:32 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.
7/16/2010 8:20:32 AM, error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/16/2010 2:45:10 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E9376CC6-121A-447E-81CF-D8BCC200007C}
7/16/2010 10:59:56 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
7/16/2010 10:59:56 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ShellHWDetection service.
7/16/2010 10:59:56 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
7/16/2010 10:59:56 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the jmnozj service.
7/16/2010 10:59:56 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the helpsvc service.
7/16/2010 10:59:56 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the EventSystem service.
7/16/2010 10:59:56 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the CryptSvc service.
7/16/2010 10:59:56 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AudioSrv service.
7/16/2010 10:59:56 AM, error: Service Control Manager [7001] - The System Event Notification service depends on the COM+ Event System service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
7/16/2010 10:59:56 AM, error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service has not been started.
7/16/2010 10:59:56 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The service has not been started.
7/16/2010 10:59:56 AM, error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service has not been started.
7/16/2010 10:59:56 AM, error: Service Control Manager [7000] - The Portable Media Serial Number service failed to start due to the following error: All pipe instances are busy.
7/16/2010 10:59:56 AM, error: Service Control Manager [7000] - The Messenger service failed to start due to the following error: All pipe instances are busy.
7/16/2010 10:59:56 AM, error: Service Control Manager [7000] - The Help and Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/16/2010 10:59:56 AM, error: Service Control Manager [7000] - The Cryptographic Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/16/2010 10:59:56 AM, error: Service Control Manager [7000] - The COM+ Event System service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
==== End Of File ===========================
DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 5:52:13.60 on Wed 07/21/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.287 [GMT -6:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page =
hxxp://www.aol.com/BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
BHO: {fdd3b846-8d59-4ffb-8758-209b6ad74acc} - c:\program files\microsoft money\system\mnyviewer.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [StorageGuard] "c:\program files\veritas software\update manager\sgtray.exe" /r
mRun: [TkBellExe] c:\program files\common files\real\update_ob\realsched.exe -osboot
mRun: [MoneyStartUp10.0] "c:\program files\microsoft money\system\Activation.exe"
mRun: [WCOLOREAL] "c:\program files\compaq\coloreal\coloreal.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
mRun: [nwiz] nwiz.exe /installquiet /keeploaded
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\custom~1.lnk - c:\hp\region\customizeIe.wsf
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
mPolicies-explorer: <NO NAME> =
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2499216C-4BA5-11D5-BD9C-000103C116D5} - {2499216C-4BA5-11D5-BD9C-000103C116D5} - c:\program files\yahoo!\common\ylogin.dll
IE: {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - {301DA1EE-F65C-4188-A417-9E915CC8FBFA} - c:\program files\microsoft money\system\mnyviewer.dll
Trusted Zone: aol.com
Trusted Zone: malwareremoval.com\www
Trusted Zone: malwareremovalforum.com\www
Trusted Zone: microsoft.com\www
Trusted Zone: zdnet.com
DPF: DirectAnimation Java Classes -
file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -
hxxp://update.microsoft.com/windowsupda ... 9682232875DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://java.sun.com/products/plugin/aut ... 01-win.cabDPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} -
hxxp://java.sun.com/products/plugin/1.3 ... 02-win.cabDPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} -
hxxp://java.sun.com/products/plugin/aut ... 01-win.cabNotify: igfxcui - igfxsrvc.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\g0s5iph3.default\
FF - prefs.js: browser.startup.homepage -
hxxp://en-us.start.mozilla.com/firefox? ... S:officialFF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\g0s5iph3.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\java\j2re1.4.0\bin\NPJPI140_01.dll
FF - plugin: c:\program files\real\realone player\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realone player\netscape6\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-16 165456]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-16 40384]
S2 jmnozj;Shell Update;c:\windows\system32\svchost.exe -k netsvcs [2002-11-14 14336]
S2 mrtRate;mrtRate; [x]
=============== Created Last 30 ================
2010-07-21 05:03:45 81920 ------w- c:\windows\system32\ieencode.dll
2010-07-21 04:50:11 19528 ----a-w- c:\windows\002063_.tmp
2010-07-21 04:03:06 0 dc----w- c:\docume~1\alluse~1\applic~1\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-20 19:14:32 0 d-----w- c:\windows\LastGood.Tmp
2010-07-20 19:05:12 19528 ----a-w- c:\windows\000001_.tmp
2010-07-18 01:21:19 704 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-18 00:36:49 16384 ---ha-w- C:\SZKGFS.dat
2010-07-18 00:01:25 0 d-----w- c:\docume~1\alluse~1\applic~1\SITEguard
2010-07-17 23:59:42 0 d-----w- c:\program files\common files\iS3
2010-07-17 23:59:39 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-07-17 08:19:46 0 d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-07-17 08:19:46 0 d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-07-17 08:01:55 0 d-----w- c:\docume~1\owner\applic~1\Uniblue
2010-07-16 18:09:53 38848 ----a-w- c:\windows\avastSS.scr
2010-07-16 17:09:53 0 d-----w- c:\docume~1\owner\applic~1\Symantec
2010-07-16 17:09:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-07-16 17:09:42 0 d-----w- c:\program files\Symantec
2010-07-16 14:20:36 3144 -c--a-w- c:\windows\system32\dllcache\srgb.icm
2010-07-16 14:16:54 0 d-----w- c:\windows\system32\wbem\Repository
2010-07-16 08:14:03 52736 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2010-07-16 08:14:03 24576 ----a-w- c:\windows\system32\drivers\kbdclass.sys
2010-07-16 08:11:13 40960 ----a-w- c:\windows\SET5678.tmp
2010-07-16 08:11:04 0 d-----w- c:\program files\America Online 7.0
2010-07-16 02:48:38 0 ----a-w- c:\windows\system32\wmsoft70333.exe
2010-07-15 17:32:57 0 ----a-w- c:\windows\system32\wmsoft55153.exe
2010-07-15 17:32:53 82 ----a-w- c:\windows\system32\i
2010-07-15 15:38:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-07-15 11:04:12 942604 ----a-w- c:\windows\system32\drivers\ALCXWDM.SYS
2010-07-15 11:04:12 1246208 ----a-w- c:\windows\system32\ALSNDMGR.CPL
2010-07-15 05:06:51 0 d-----w- C:\32788R22FWJFW.3.tmp
2010-07-15 05:04:10 0 d-----w- C:\32788R22FWJFW.2.tmp
2010-07-15 03:41:01 0 d-----w- C:\32788R22FWJFW.1.tmp
2010-07-15 02:41:31 0 d-sha-r- C:\cmdcons
2010-07-15 02:37:14 98816 ----a-w- c:\windows\sed.exe
2010-07-15 02:37:14 77312 ----a-w- c:\windows\MBR.exe
2010-07-15 02:37:14 256512 ----a-w- c:\windows\PEV.exe
2010-07-15 02:37:14 161792 ----a-w- c:\windows\SWREG.exe
2010-07-14 02:19:45 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-07-11 15:48:09 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-11 05:38:21 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-11 05:37:22 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 05:25:42 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{65893B95-F47B-4483-B883-86BA181E9B54}
2010-07-11 03:13:50 0 d-----w- c:\program files\Trend Micro
2010-07-10 11:26:48 0 d-----w- c:\windows\system32\NtmsData
2010-07-08 04:09:54 0 d-----w- c:\program files\Database
==================== Find3M ====================
2010-07-15 08:04:37 1352732 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-07-15 08:04:37 115341344 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-05-21 19:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-05-02 00:39:37 7848712 -c--a-w- c:\program files\InstallWizard101.exe
2009-03-24 17:20:02 1470664 -c--a-w- c:\program files\WG-MVPN-SSL.exe
2009-01-11 22:35:38 45521704 -c--a-w- c:\program files\BCSETUP.EXE
2009-08-17 04:55:16 470 --sha-r- c:\windows\system32\config\systemprofile\my documents\c & j auto\x1\c\documents and settings\owner\local settings\application data\microsoft\feeds cache\index.dat
2009-09-07 15:35:20 470 --sha-r- c:\windows\system32\config\systemprofile\my documents\c & j auto\x2\c\documents and settings\owner\local settings\application data\microsoft\feeds cache\index.dat
============= FINISH: 5:53:51.84 ===============