Free Malware Removal Forum

[jackistheman]

my computer has been acting up some lately, i wiped it out and started over because i could not update from MS update. that fixed it at first, but then it went back to could not update with no error. then tonight was doing some more research and i found 2 processes that were on my computer, mrtstub.exe and mrt.exe. those led me here and i ran hijack this is this is the log it gave me, could someone please help me.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:56:59 PM, on 12/30/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Eset\nod32kui.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\Program Files (x86)\Eset\nod32krn.exe
C:\WINDOWS\SysWOW64\wwSecure.exe
C:\Program Files (x86)\MSN Messenger\usnsvc.exe
C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\Games\ClickAlot!.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~2\COPERN~1\COPERN~1.DLL
F2 - REG:system.ini: UserInit=userinit
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: (no name) - {D5BF49A2-94F1-42BD-F434-3604812C807D} - (no file)
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O3 - Toolbar: RgGuard Toolbar - {A7589D2A-42E5-488B-9B4B-F59EFACE7F3C} - C:\Program Files (x86)\RgGuard\RgGuard.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files (x86)\Webroot\Washer\WashIdx.exe "Administrator"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Folding@Home 5.03.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O15 - Trusted Zone: download.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9742405688
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O18 - Protocol: rgguard - {56C45F7C-9E2A-4208-AF77-1C237D933588} - C:\Program Files (x86)\RgGuard\RgGuard.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\WINDOWS\System32\TuneUpDefragService.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 8331 bytes

[Shaba]

Hi jackistheman and sorry for delay.

If you still need help, please post next a fresh HijackThis log.

[jackistheman]

fresh HJT log......

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:15 AM, on 1/6/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Eset\nod32kui.exe
C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\Program Files (x86)\Eset\nod32krn.exe
C:\WINDOWS\SysWOW64\wwSecure.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~2\COPERN~1\COPERN~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (file missing)
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Index Washer] C:\Program Files (x86)\Webroot\Washer\WashIdx.exe "Administrator"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Folding@Home 5.03.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (file missing)
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (file missing) (HKCU)
O15 - Trusted Zone: download.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9742405688
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files (x86)\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\WINDOWS\System32\TuneUpDefragService.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 7876 bytes

[Shaba]

As said in rules:

"Make sure you have one of the desktop versions of Windows, i.e. Win98, Win98SE, WinMe, Win2000, Windows XP, Windows Media, Vista.
We CANNOT HELP remove malware from any of the Windows Server editions, like Windows 2003."

So I unfortunately can't provide any help with your operating system.

[jackistheman]

but this is NOT a server edition of anything, this is window xp 64 bit. it is built on the server 2003 kernel but it is not a server.

[Shaba]

Sorry I misread header

Let's check this:

1. Please download OTViewIt by OldTimer and save it to your Desktop.
2. Close all applications and windows.
3. Double-click on the OTViewIt.exeto start OTViewIt.
4. Place a checkmark in the blue-colored \"Scan All Users\" checkbox.
5. Click the blue Run Scan button.
6. OTViewIt will now start its scan.
7. When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
8. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.

[jackistheman]

OTViewIt logfile created on: 1/6/2009 9:56:19 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 73.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 29.35 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 0.99 Gb Free Space | 2.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHEESYMOUSE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
[2005/03/25 05:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe
[2008/12/20 15:59:33 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files (x86)\ESET\nod32kui.exe
[2008/09/04 22:56:34 | 00,139,264 | ---- | M] (ShaPlus Software) -- C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
[2007/10/12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
[2008/12/20 15:59:32 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files (x86)\ESET\nod32krn.exe
[2005/04/20 10:34:12 | 00,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\SysWOW64\wwSecure.exe
[2009/01/06 09:55:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/23 22:33:00 | 00,045,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/23 22:33:04 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
[2007/10/16 20:04:28 | 01,769,240 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
File not found -- -- (dmadmin [On_Demand | Stopped])
File not found -- -- (Eventlog [Auto | Running])
[2007/10/09 15:06:28 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (HTTPFilter [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\svchost.exe -- (IASJet [On_Demand | Stopped])
[2007/10/10 22:08:40 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
File not found -- -- (ImapiService [On_Demand | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
File not found -- -- (MSDTC [On_Demand | Stopped])
[2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2007/02/18 11:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2007/10/11 09:50:58 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007/10/12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
[2008/12/20 15:59:32 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files (x86)\ESET\nod32krn.exe -- (NOD32krn [Auto | Running])
File not found -- -- (NtLmSsp [Disabled | Stopped])
File not found -- -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (PlugPlay [Auto | Running])
File not found -- -- (PolicyAgent [Auto | Running])
File not found -- -- (ProtectedStorage [Auto | Running])
File not found -- -- (RDSessMgr [On_Demand | Stopped])
File not found -- -- (SamSs [Auto | Running])
File not found -- -- (TlntSvr [Disabled | Stopped])
File not found -- -- (TuneUp.Defrag [On_Demand | Stopped])
[2005/03/25 05:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
File not found -- -- (vds [On_Demand | Stopped])
File not found -- -- (VSS [On_Demand | Stopped])
File not found -- -- (WmiApSrv [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WSearch [Auto | Stopped])
[2005/04/20 10:34:12 | 00,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\system32\wwSecure.exe -- (wwSecSvc [Auto | Running])

========== Driver Services ==========

File not found -- -- (ACPI [Boot | Running])
File not found -- -- (AFD [System | Running])
File not found -- -- (ALCXWDM [On_Demand | Running])
File not found -- -- (AmdK8 [System | Running])
File not found -- -- (AMON [Auto | Running])
[2008/12/01 09:52:15 | 00,119,744 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
[2005/11/20 22:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\Drivers\ASPI32.SYS -- (Aspi32 [Auto | Stopped])
File not found -- -- (atapi [Boot | Running])
File not found -- -- (audstub [On_Demand | Running])
File not found -- -- (Beep [System | Running])
[2006/10/31 00:25:02 | 00,014,136 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\Drivers\BIOS64.sys -- (BIOS [System | Running])
File not found -- -- (CdaC15BA [Auto | Running])
File not found -- -- (CdaD10BA [Auto | Running])
File not found -- -- (Cdfs [Disabled | Running])
File not found -- -- (Cdrom [System | Running])
File not found -- -- (crcdisk [Boot | Running])
File not found -- -- (Disk [Boot | Running])
File not found -- -- (dmio [Boot | Running])
File not found -- -- (dmload [Boot | Running])
[2008/11/19 10:21:47 | 00,093,128 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll -- (ElbyCDIO [System | Running])
[2007/02/15 17:56:51 | 00,014,032 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
File not found -- -- (Fdc [On_Demand | Running])
File not found -- -- (Fips [System | Running])
File not found -- -- (FltMgr [Boot | Running])
File not found -- -- (Ftdisk [Boot | Running])
File not found -- -- (Gpc [On_Demand | Running])
File not found -- -- (i8042prt [System | Running])
File not found -- -- (imapi [System | Running])
File not found -- -- (IpNat [On_Demand | Running])
File not found -- -- (IPSec [System | Running])
File not found -- -- (isapnp [Boot | Running])
File not found -- -- (Kbdclass [System | Running])
File not found -- -- (kmixer [On_Demand | Running])
File not found -- -- (KSecDD [Boot | Running])
File not found -- -- (ksthunk [On_Demand | Running])
[2005/03/25 05:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll -- (mnmdd [System | Running])
File not found -- -- (Mouclass [System | Running])
File not found -- -- (MountMgr [Boot | Running])
File not found -- -- (MRxDAV [On_Demand | Running])
File not found -- -- (MRxSmb [System | Running])
File not found -- -- (Msfs [System | Running])
File not found -- -- (mssmbios [On_Demand | Running])
File not found -- -- (Mup [Boot | Running])
File not found -- -- (NDIS [Boot | Running])
File not found -- -- (NdisTapi [On_Demand | Running])
File not found -- -- (Ndisuio [On_Demand | Running])
File not found -- -- (NdisWan [On_Demand | Running])
File not found -- -- (NDProxy [On_Demand | Running])
File not found -- -- (NetBIOS [System | Running])
File not found -- -- (NetBT [System | Running])
File not found -- -- (Npfs [System | Running])
File not found -- -- (Ntfs [Disabled | Running])
[2008/12/20 13:48:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
File not found -- -- (nv [On_Demand | Running])
File not found -- -- (nvata64 [Boot | Running])
File not found -- -- (NVENETFD [On_Demand | Running])
File not found -- -- (nvnetbus [On_Demand | Running])
File not found -- -- (Parport [On_Demand | Running])
File not found -- -- (PartMgr [Boot | Running])
File not found -- -- (PCI [Boot | Running])
File not found -- -- (PCIIde [Boot | Running])
File not found -- -- (pcouffin [On_Demand | Running])
File not found -- -- (PptpMiniport [On_Demand | Running])
File not found -- -- (PSched [On_Demand | Running])
File not found -- -- (Ptilink [On_Demand | Running])
File not found -- -- (PxHlpa64 [Boot | Running])
File not found -- -- (RasAcd [System | Running])
File not found -- -- (Rasl2tp [On_Demand | Running])
File not found -- -- (RasPppoe [On_Demand | Running])
File not found -- -- (Raspti [On_Demand | Running])
File not found -- -- (Rdbss [System | Running])
File not found -- -- (RDPCDD [System | Running])
File not found -- -- (rdpdr [On_Demand | Running])
File not found -- -- (redbook [System | Running])
File not found -- -- (SCDEmu [System | Running])
File not found -- -- (Secdrv [Auto | Running])
File not found -- -- (serenum [On_Demand | Running])
File not found -- -- (Serial [System | Running])
File not found -- -- (sptd [Boot | Running])
File not found -- -- (sr [Boot | Running])
File not found -- -- (Srv [On_Demand | Running])
File not found -- -- (swenum [On_Demand | Running])
File not found -- -- (sysaudio [On_Demand | Running])
File not found -- -- (Tcpip [System | Running])
File not found -- -- (TermDD [System | Running])
File not found -- -- (Update [On_Demand | Running])
File not found -- -- (usbehci [On_Demand | Running])
File not found -- -- (usbhub [On_Demand | Running])
File not found -- -- (usbohci [On_Demand | Running])
File not found -- -- (VgaSave [System | Running])
File not found -- -- (VolSnap [Boot | Running])
File not found -- -- (Wanarp [On_Demand | Running])
[2005/03/25 05:00:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv -- (wdmaud [On_Demand | Running])
File not found -- -- (WS2IFSL [System | Running])
[2005/04/28 12:00:56 | 00,006,144 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\system32\Drivers\zntport.sys -- (zntport [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.com/
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{BE89472C-B803-4D1D-9A9A-0A63660E0FE3}" (HKLM) -- C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{BE89472C-B803-4D1D-9A9A-0A63660E0FE3}" (HKLM) -- C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (290793 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
10016 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} (HKCU) -- C:\Program Files (x86)\WOT\WOT.dll ()
{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (HKCU) -- C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll File not found
{F385C231-605B-4d8f-ACA9-DBFF765BBE17} (HKLM) -- C:\Program Files (x86)\Adblock Pro\AdblockPro.dll (Adblock Pro Team)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{71576546-354D-41c9-AAE8-31F2EC22BF0D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{71576546-354D-41c9-AAE8-31F2EC22BF0D}" (HKCU) -- C:\Program Files (x86)\WOT\WOT.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" (HKCU) -- C:\Program Files (x86)\WOT\WOT.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}" (HKLM) -- C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" (HKCU) -- C:\Program Files (x86)\WOT\WOT.dll ()

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}" (HKLM) -- C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE (Eset )
"ShaPlus Bandwidth Meter"="C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"=C:\Program Files (x86)\Webroot\Washer\WashIdx.exe "Administrator" (Webroot Software, Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"=C:\Program Files (x86)\Webroot\Washer\WashIdx.exe "Administrator" (Webroot Software, Inc.)

========== (O4) Startup Folders ==========

[2004/11/09 11:45:06 | 00,323,584 | ---- | M] (Stanford University) -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk = C:\Program Files (x86)\Folding@Home\winFAH.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoUpdateCheck"=1

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"History"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoSelectDownloadDir"=0
"NoBrowserClose"=0
"NoViewSource"=0
"NoBrowserContextMenu"=0
"NoFileNew"=0
"NoFileOpen"=0
"NoBrowserSaveAs"=0
"NoFavorites"=0
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\policies\microsoft\internet explorer\Control Panel]
"History"=0

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\policies\microsoft\internet explorer\Restrictions]
"NoSelectDownloadDir"=0
"NoBrowserClose"=0
"NoViewSource"=0
"NoBrowserContextMenu"=0
"NoFileNew"=0
"NoFileOpen"=0
"NoBrowserSaveAs"=0
"NoFavorites"=0
"NoBrowserOptions"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"LinkResolveIgnoreLinkInfo"=0
"NoResolveSearch"=1
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoSaveSettings"=0
"NoLowDiskSpaceChecks"=0
"DisallowRun"=0
"NoToolbarCustomize"=0
"NoFileMenu"=0
"DriveConfiguration"=[Binary data over 100 bytes]
"LegacyDrive"=[Binary data over 100 bytes]
"LinkResolveIgnoreLinkInfo"=0
"NoWindowsUpdate"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoSaveSettings"=0
"NoLowDiskSpaceChecks"=0
"DisallowRun"=0
"NoToolbarCustomize"=0
"NoFileMenu"=0
"DriveConfiguration"=[Binary data over 100 bytes]
"LegacyDrive"=[Binary data over 100 bytes]
"LinkResolveIgnoreLinkInfo"=0
"NoWindowsUpdate"=0

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Block This Image (ABP): C:\Program Files (x86)\Adblock Pro\blockimg.html [2007/07/15 04:47:08 | 00,000,633 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Save Page As PDF ...: File not found
Search Using Copernic Agent: C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll [2004/12/02 19:17:04 | 01,142,744 | ---- | M] (Copernic Technologies Inc.)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\MenuExt\]
&Block This Image (ABP): C:\Program Files (x86)\Adblock Pro\blockimg.html [2007/07/15 04:47:08 | 00,000,633 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Save Page As PDF ...: File not found
Search Using Copernic Agent: C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll [2004/12/02 19:17:04 | 01,142,744 | ---- | M] (Copernic Technologies Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{AD9E6088-E00B-42f9-9F0C-8480525D234E}: Menu: PDF Download - Options -- Reg Error: Key does not exist or could not be opened. File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{E7FD3540-AB30-40f1-91E7-101F733C1FD5}: Button: Adblock Pro Preferences -- %ProgramFiles%\Adblock Pro\AdblockPro.dll [2008/03/22 18:37:24 | 00,458,752 | ---- | M] (Adblock Pro Team)
{E7FD3540-AB30-40f1-91E7-101F733C1FD5}: Menu: Adblock Pro Preferences -- %ProgramFiles%\Adblock Pro\AdblockPro.dll [2008/03/22 18:37:24 | 00,458,752 | ---- | M] (Adblock Pro Team)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\ClsidExtension [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\ClsidExtension [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\catalog.update: http in My Computer
microsoft.com\v4.windowsupdate: http in My Computer
microsoft.com\windowsupdate: * in My Computer
windowsupdate.com\download: * in My Computer
56 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\catalog.update: http in My Computer
microsoft.com\v4.windowsupdate: http in My Computer
microsoft.com\windowsupdate: * in My Computer
windowsupdate.com\download: * in My Computer
56 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/ ... ontrol.cab -- Office Genuine Advantage Validation Tool
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/ ... ontrol.cab -- Windows Genuine Advantage Validation Tool
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupda ... 9742405688 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab -- Java Plug-in 1.6.0_11
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdat ... /opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
Microsoft XML Parser for Java: file:///C:/WINDOWS/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{319BFCB8-5F3F-4007-B427-4F04EB50AAAA} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2007/02/18 11:05:28 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\explorer.exe

"System"=lsass.exe
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
ScCertProp: "DllName" = wlnotify.dll -- File not found
Schedule: "DllName" = wlnotify.dll -- File not found
SensLogn: "DllName" = WlNotify.dll -- File not found
termsrv: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
wlballoon: "DllName" = wlnotify.dll -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}" (HKLM) -- C:\Program Files (x86)\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/12/18 22:48:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2008/09/05 23:42:57 | 00,000,000 | RHSD | M] -- D:\autorun.inf -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/01/06 09:55:25 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/01/05 20:17:07 | 00,000,000 | ---D | C] -- C:\things being kept
[2009/01/04 21:59:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adblock Pro
[2009/01/04 21:56:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/01/04 21:26:31 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/01/04 18:09:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/04 18:09:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/01/04 18:09:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/01/04 13:52:29 | 01,163,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2009/01/04 01:47:42 | 00,000,956 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/01/03 22:13:36 | 00,000,000 | -HSD | C] -- C:\Diskeeper
[2009/01/03 18:30:22 | 00,198,230 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\oreganol receipt.xps
[2009/01/03 18:19:51 | 00,001,496 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Restart.lnk
[2009/01/03 15:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/01/03 15:06:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/03 15:06:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/03 15:06:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/01/03 15:06:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/02 21:19:04 | 00,000,927 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2009/01/02 20:59:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2008/12/31 22:15:40 | 00,140,288 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\insurance discontinuance notice.doc
[2008/12/31 19:39:21 | 02,049,354 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Fen_www1.wmv
[2008/12/30 21:56:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2008/12/30 17:14:56 | 17,593,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/30 14:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LimeWire
[2008/12/29 23:28:38 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin
[2008/12/29 21:23:13 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quotations.doc
[2008/12/29 12:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2008/12/27 19:03:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/27 14:22:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\PICSRULES files
[2008/12/25 11:25:35 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2008/12/25 10:55:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WOT
[2008/12/25 10:54:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2008/12/25 10:51:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adblock Pro
[2008/12/25 10:42:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hide and Secret
[2008/12/24 20:27:46 | 00,129,502 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\gazelle packing label.pdf
[2008/12/22 16:11:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Software Informer
[2008/12/22 15:30:05 | 00,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/12/22 15:26:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73AF6C86
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[2008/12/22 06:36:28 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2008/12/21 18:45:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2008/12/21 18:44:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/12/21 18:43:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2008/12/21 18:35:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\alphateam medals
[2008/12/21 15:22:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2008/12/21 14:27:44 | 01,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2008/12/21 14:27:44 | 00,991,232 | ---- | C] (Viscom Software ) -- C:\WINDOWS\System32\imageviewer2.ocx
[2008/12/21 14:27:44 | 00,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2008/12/21 14:27:44 | 00,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx
[2008/12/21 14:27:44 | 00,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\threed32.ocx
[2008/12/21 14:27:44 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx
[2008/12/21 14:27:44 | 00,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\WINDOWS\System32\ccrpfd6.ocx
[2008/12/21 14:27:44 | 00,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpbds6.dll
[2008/12/21 14:27:44 | 00,106,496 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\System32\mbprgbar.ocx
[2008/12/21 14:27:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PIXresizer
[2008/12/21 12:40:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2008/12/21 12:40:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2008/12/21 12:19:20 | 00,164,655 | ---- | C] () -- C:\WINDOWS\System32\iuctl.cab
[2008/12/21 12:00:52 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/21 11:57:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2008/12/21 11:54:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2008/12/21 01:58:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2008/12/21 01:58:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/12/21 01:27:01 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
[2008/12/21 01:27:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Folding@Home
[2008/12/21 01:20:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2008/12/21 01:20:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/20 23:57:07 | 11,727,275 | ---- | C] (Joe Pham <djpham@bitpim.org> ) -- C:\bitpim-1.0.6.20080726-setup.exe
[2008/12/20 23:57:06 | 11,679,762 | ---- | C] (Joe Pham <djpham@bitpim.org> ) -- C:\bitpim-1.0.5-setup.exe
[2008/12/20 23:01:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2008/12/20 22:57:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/20 22:57:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2008/12/20 22:57:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2008/12/20 22:52:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/12/20 22:52:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2008/12/20 22:36:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2008/12/20 22:25:36 | 00,000,032 | ---- | C] () -- C:\WINDOWS\go
[2008/12/20 22:25:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\vf_hip
[2008/12/20 22:25:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hide IP Platinum
[2008/12/20 22:22:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DiskTrix
[2008/12/20 22:19:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2008/12/20 22:09:40 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/20 22:09:39 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/20 22:09:39 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2008/12/20 22:08:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2008/12/20 22:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2008/12/20 22:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/12/20 22:07:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Recordings
[2008/12/20 22:03:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Replay Media Catcher
[2008/12/20 22:01:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Power Screen Capture
[2008/12/20 21:31:42 | 00,002,623 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/20 21:27:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2008/12/20 21:27:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2008/12/20 21:27:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/12/20 21:23:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2008/12/20 21:21:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/20 21:19:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\L&H
[2008/12/20 21:19:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2008/12/20 21:18:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2008/12/20 21:18:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2008/12/20 21:18:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2008/12/20 21:17:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2008/12/20 21:17:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2008/12/20 21:17:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2008/12/20 21:07:49 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/12/20 21:07:40 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/12/20 21:03:44 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2008/12/20 21:01:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Phantom EFX
[2008/12/20 20:58:43 | 00,000,439 | ---- | C] () -- C:\WINDOWS\tasks\1 Copernic Intra-Daily ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,425 | ---- | C] () -- C:\WINDOWS\tasks\4 Copernic Monthly ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,420 | ---- | C] () -- C:\WINDOWS\tasks\3 Copernic Weekly ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,415 | ---- | C] () -- C:\WINDOWS\tasks\2 Copernic Daily ~CHEESYMOUSE Administrator.job
[2008/12/20 20:57:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Copernic
[2008/12/20 20:57:52 | 00,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2008/12/20 20:57:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Copernic Agent
[2008/12/20 20:52:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Decrypter
[2008/12/20 20:52:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/20 20:52:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2008/12/20 20:47:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2008/12/20 20:46:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Pogo To Go
[2008/12/20 20:44:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2008/12/20 20:41:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Brain Training for Dummies®
[2008/12/20 20:40:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Jewel Quest Mysteries
[2008/12/20 20:39:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Jewel Match Winter Wonderland
[2008/12/20 20:38:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Glyph 2
[2008/12/20 20:37:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ToGo Game
[2008/12/20 20:36:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Calculator Plus
[2008/12/20 20:20:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Daniusoft
[2008/12/20 20:18:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PhatCat Technologies
[2008/12/20 20:16:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2008/12/20 16:40:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2008/12/20 16:39:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2008/12/20 16:36:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpiralFrog
[2008/12/20 16:35:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ShaPlus Bandwidth Meter
[2008/12/20 16:35:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/12/20 16:31:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\EmailStripper
[2008/12/20 16:30:33 | 00,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll
[2008/12/20 16:29:09 | 00,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2008/12/20 16:29:08 | 00,171,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jit.dll
[2008/12/20 16:29:08 | 00,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2008/12/20 16:29:07 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx3j.dll
[2008/12/20 16:28:57 | 00,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2008/12/20 16:28:56 | 00,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2008/12/20 16:28:56 | 00,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2008/12/20 16:28:55 | 00,286,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vmhelper.dll
[2008/12/20 16:28:55 | 00,021,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjdbc10.dll
[2008/12/20 16:28:54 | 00,947,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjava.dll
[2008/12/20 16:28:54 | 00,154,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msawt.dll
[2008/12/20 16:28:53 | 00,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe
[2008/12/20 16:28:52 | 00,404,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javart.dll
[2008/12/20 16:28:52 | 00,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe
[2008/12/20 16:28:51 | 00,187,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javacypt.dll
[2008/12/20 16:28:51 | 00,063,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaprxy.dll
[2008/12/20 16:28:50 | 00,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2008/12/20 16:20:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2008/12/20 16:10:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2008/12/20 15:59:58 | 00,298,104 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon.dll
[2008/12/20 15:59:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/12/20 15:59:05 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/12/20 15:58:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2008/12/20 15:53:32 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2008/12/20 15:53:32 | 00,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2008/12/20 15:53:31 | 01,645,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\gdiplus.dll
[2008/12/20 15:53:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2008/12/20 15:52:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2008/12/20 15:51:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2008/12/20 15:50:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\AnyDVDHD
[2008/12/20 15:50:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/12/20 15:50:13 | 00,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/12/20 15:49:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2008/12/20 15:27:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVI MPEG RM WMV Joiner
[2008/12/20 15:26:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\LimeWire
[2008/12/20 15:25:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\RCrawler
[2008/12/20 15:23:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImTOO
[2008/12/20 15:12:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\Icons
[2008/12/20 15:03:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2008/12/20 15:02:12 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/12/20 15:01:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Region+CSS Free
[2008/12/20 14:59:46 | 00,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\WNASPI32.DLL
[2008/12/20 14:59:46 | 00,016,512 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS
[2008/12/20 14:59:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2008/12/20 14:59:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2008/12/20 14:58:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2008/12/20 14:56:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2008/12/20 14:56:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2008/12/20 14:53:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2008/12/20 14:53:00 | 00,000,514 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2008/12/20 14:52:57 | 00,028,416 | ---- | C] (TuneUp Software GmbH) -- C:\WINDOWS\System32\uxtuneup.dll
[2008/12/20 14:52:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/12/20 14:52:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2008
[2008/12/20 14:51:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2008/12/20 14:49:57 | 00,000,488 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2008/12/20 14:49:53 | 00,000,402 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2008/12/20 14:49:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\XoftSpySE
[2008/12/20 14:48:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AtomTime Pro
[2008/12/20 14:45:50 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Window Washer.lnk
[2008/12/20 14:45:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Webroot Shared
[2008/12/20 14:45:37 | 00,487,936 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\System32\wwSecure.exe
[2008/12/20 14:45:37 | 00,057,344 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\Unwash6.exe
[2008/12/20 14:18:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AweSEM
[2008/12/20 14:18:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Pogo Auto
[2008/12/20 13:48:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\null.sys
[2008/12/20 13:48:53 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/12/20 13:48:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2008/12/20 13:48:17 | 07,507,296 | ---- | C] (PC Tools ) -- C:\WINDOWS\rminstall.exe
[2008/12/20 13:46:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2008/12/20 13:44:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Super_DVD_Creator_9.8
[2008/12/20 13:31:05 | 00,000,000 | ---D | C] -- C:\Themes
[2008/12/20 13:24:54 | 00,000,000 | ---D | C] -- C:\phantom slots
[2008/12/20 13:24:51 | 00,000,000 | ---D | C] -- C:\Unzipped
[2008/12/20 01:12:35 | 00,000,000 | ---D | C] -- C:\Downloads
[2008/12/20 01:12:06 | 00,000,000 | ---D | C] -- C:\Torrentz
[2008/12/20 01:11:53 | 00,000,000 | ---D | C] -- C:\Pogo Cheats
[2008/12/20 01:11:18 | 00,000,000 | ---D | C] -- C:\Movies
[2008/12/20 01:07:34 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2008/12/20 00:48:56 | 00,097,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\windows update error.doc
[2008/12/20 00:48:56 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Welding resume.doc
[2008/12/20 00:48:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Willmaker plus documents
[2008/12/20 00:48:50 | 00,169,046 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\top ten countdown.xps
[2008/12/20 00:48:50 | 00,156,160 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\time change fix.doc
[2008/12/20 00:48:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual styles
[2008/12/20 00:48:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2008/12/20 00:48:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\torrentz
[2008/12/20 00:48:49 | 03,720,192 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ThesimplelifeVH.pps
[2008/12/20 00:48:49 | 01,058,304 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\pv2009 pics.doc
[2008/12/20 00:48:49 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\starry night resgistration number.doc
[2008/12/20 00:48:49 | 00,068,608 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Resume For Michael.doc
[2008/12/20 00:48:49 | 00,068,608 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Resume For Michael welding.doc
[2008/12/20 00:48:49 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Quotes.doc
[2008/12/20 00:48:49 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Resume.doc
[2008/12/20 00:48:49 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Redbox is giving away free 1 day rentals.doc
[2008/12/20 00:48:49 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Quotes to keep.doc
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\SpiralFrog
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Slingo Supreme Documents
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Slingo Quest Hawaii Documents
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\rul
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ResumeMaker
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RegRun2
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Reciepts
[2008/12/20 00:48:48 | 00,151,117 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\power of attorney forms.xps
[2008/12/20 00:48:48 | 00,057,344 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\puzzles.doc
[2008/12/20 00:48:48 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\NEW FIREFOX TWEAK.doc
[2008/12/20 00:48:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Puzzle Quest
[2008/12/20 00:48:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Nolo Documents Backup
[2008/12/20 00:48:19 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2008/12/20 00:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2008/12/20 00:45:12 | 00,293,527 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MovieList2008.pdf
[2008/12/20 00:45:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My ISO Files
[2008/12/20 00:45:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games
[2008/12/20 00:45:11 | 00,164,352 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\esxi license.doc
[2008/12/20 00:45:11 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\For F rmastered questions.doc
[2008/12/20 00:45:11 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\K1 and K2 keys.doc
[2008/12/20 00:45:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\logon screens
[2008/12/20 00:43:14 | 04,840,017 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\bad nintendo run.rtf
[2008/12/20 00:43:14 | 01,015,808 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\donate proof.doc
[2008/12/20 00:43:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WorldWinner.com
[2008/12/20 00:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SpiralfrogClient
[2008/12/20 00:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\RoxioCentralFx
[2008/12/20 00:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Real
[2008/12/20 00:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Paint.NET
[2008/12/20 00:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Oberon Games
[2008/12/20 00:43:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2008/12/20 00:43:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2008/12/20 00:40:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ken_Salter
[2008/12/20 00:40:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Imaginova Canada
[2008/12/20 00:40:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2008/12/20 00:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
[2008/12/20 00:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Grubby Games
[2008/12/20 00:40:05 | 00,071,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/20 00:39:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
[2008/12/20 00:39:50 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/20 00:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2008/12/20 00:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2008/12/20 00:39:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
[2008/12/20 00:39:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2008/12/20 00:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2008/12/20 00:39:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2008/12/20 00:39:41 | 00,000,398 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Pogo Cheats.lnk
[2008/12/20 00:39:41 | 00,000,383 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Torrentz.lnk
[2008/12/20 00:39:41 | 00,000,371 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Movies.lnk
[2008/12/20 00:39:41 | 00,000,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Music.lnk
[2008/12/20 00:39:40 | 00,000,388 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Downloads.lnk
[2008/12/20 00:39:39 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2008/12/20 00:39:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2008/12/20 00:39:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Webroot
[2008/12/20 00:39:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2008/12/20 00:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2008/12/20 00:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2008/12/20 00:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2008/12/20 00:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2008/12/20 00:39:25 | 00,010,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Puzzle Quest.ini
[2008/12/20 00:39:25 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data\SecuROM
[2008/12/20 00:39:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reflexive
[2008/12/20 00:39:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2008/12/20 00:39:21 | 00,082,816 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2008/12/20 00:39:21 | 00,007,859 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/12/20 00:39:21 | 00,001,167 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/12/20 00:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Pogo Games
[2008/12/20 00:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment
[2008/12/20 00:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PlanetPlayMore
[2008/12/20 00:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PE Explorer
[2008/12/20 00:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
[2008/12/20 00:39:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2008/12/20 00:39:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2008/12/20 00:39:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2008/12/20 00:39:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2008/12/20 00:39:02 | 00,099,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/12/20 00:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iWin
[2008/12/20 00:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2008/12/20 00:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Individual Software
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\funkitron
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Folding@home-x86
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\EA
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DivX
[2008/12/20 00:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
[2008/12/20 00:38:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Copernic
[2008/12/20 00:37:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2008/12/20 00:37:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ancient Quest of Saqqarah__oberon
[2008/12/20 00:33:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Utilities
[2008/12/20 00:30:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2008/12/20 00:28:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Games
[2008/12/20 00:28:26 | 01,347,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Msvbvm50.dll
[2008/12/19 23:55:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/12/19 23:54:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6.5
[2008/12/19 23:09:00 | 01,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2008/12/19 23:09:00 | 00,118,784 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msstdfmt.dll
[2008/12/19 23:08:59 | 00,102,912 | R--- | C] (Zeal SoftStudio) -- C:\WINDOWS\System32\Ntport.dll
[2008/12/19 23:08:59 | 00,046,080 | R--- | C] () -- C:\WINDOWS\System32\itevio.dll
[2008/12/19 23:08:59 | 00,006,144 | ---- | C] (Zeal SoftStudio) -- C:\WINDOWS\System32\drivers\zntport.sys
[2008/12/19 23:08:59 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\drivers\a.bat
[2008/12/19 23:08:34 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/19 23:08:05 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2008/12/19 22:44:10 | 00,000,099 | -HS- | C] () -- C:\Documents and Settings\All Users\Desktop\desktop.ini
[2008/12/19 22:43:22 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icacls.exe
[2008/12/19 22:43:22 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2008/12/19 22:43:22 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/12/19 22:43:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
[2008/12/19 22:43:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
[2008/12/19 22:43:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
[2008/12/19 22:43:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
[2008/12/19 22:43:22 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
[2008/12/19 22:43:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
[2008/12/19 22:43:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
[2008/12/19 22:43:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/12/19 22:43:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/12/19 22:43:22 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/12/19 22:43:22 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/12/19 22:43:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
[2008/12/19 22:43:21 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/12/19 22:43:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\adfs
[2008/12/19 22:43:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/19 22:41:20 | 01,364,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2008/12/19 22:41:19 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\actxprxy.dll
[2008/12/19 22:41:18 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2008/12/19 22:41:18 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\apphelp.dll
[2008/12/19 22:41:18 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl.dll
[2008/12/19 22:41:17 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cabinet.dll
[2008/12/19 22:41:15 | 00,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2008/12/19 22:41:14 | 00,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2008/12/19 22:41:13 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32.dll
[2008/12/19 22:41:13 | 00,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptui.dll
[2008/12/19 22:41:13 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cscui.dll
[2008/12/19 22:41:13 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cscdll.dll
[2008/12/19 22:41:06 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hnetcfg.dll
[2008/12/19 22:41:05 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2008/12/19 22:41:05 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imm32.dll
[2008/12/19 22:41:05 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iphlpapi.dll
[2008/12/19 22:41:02 | 00,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mlang.dll
[2008/12/19 22:41:01 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpr.dll
[2008/12/19 22:41:00 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msctf.dll
[2008/12/19 22:41:00 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msasn1.dll
[2008/12/19 22:40:59 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msctfime.ime
[2008/12/19 22:40:58 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msihnd.dll
[2008/12/19 22:40:58 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msimtf.dll
[2008/12/19 22:40:58 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe
[2008/12/19 22:40:57 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msutb.dll
[2008/12/19 22:40:57 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/12/19 22:40:56 | 00,348,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrt.dll
[2008/12/19 22:40:52 | 00,766,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2008/12/19 22:40:49 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ole32.dll
[2008/12/19 22:40:49 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecli32.dll
[2008/12/19 22:40:49 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2008/12/19 22:40:47 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\psapi.dll
[2008/12/19 22:40:45 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2008/12/19 22:40:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasadhlp.dll
[2008/12/19 22:40:44 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2008/12/19 22:40:43 | 00,213,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsaenh.dll
[2008/12/19 22:40:41 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secur32.dll
[2008/12/19 22:40:41 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sensapi.dll
[2008/12/19 22:40:40 | 01,508,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll
[2008/12/19 22:40:40 | 01,069,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2008/12/19 22:40:40 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc_os.dll
[2008/12/19 22:40:37 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shlwapi.dll
[2008/12/19 22:40:36 | 00,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sxs.dll
[2008/12/19 22:40:36 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stdole2.tlb
[2008/12/19 22:40:35 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tapi32.dll
[2008/12/19 22:40:33 | 00,780,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userenv.dll
[2008/12/19 22:40:33 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll
[2008/12/19 22:40:31 | 00,174,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmm.dll
[2008/12/19 22:40:31 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2008/12/19 22:40:31 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrnr.dll
[2008/12/19 22:40:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wldap32.dll
[2008/12/19 22:40:30 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wintrust.dll
[2008/12/19 22:40:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsta.dll
[2008/12/19 22:40:29 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ws2_32.dll
[2008/12/19 22:40:29 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wtsapi32.dll
[2008/12/19 22:40:29 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshtcpip.dll
[2008/12/19 22:40:27 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2008/12/19 22:30:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/12/19 22:29:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2008/12/19 22:29:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/12/19 22:28:03 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2008/12/19 22:28:03 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/12/19 22:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/12/19 22:01:07 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2008/12/19 22:01:07 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2008/12/19 22:01:07 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2008/12/19 22:01:06 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2008/12/19 22:01:06 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2008/12/19 22:01:06 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2008/12/19 22:01:06 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2008/12/19 22:00:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/12/19 22:00:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/19 21:58:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/19 21:57:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/19 21:57:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/19 21:46:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 6.0
[2008/12/19 20:40:49 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\config
[2008/12/19 20:32:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2008/12/19 20:26:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2008/12/19 20:25:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2008/12/19 20:24:52 | 00,000,000 | ---D | C] -- C:\af893bc19402ad1a98f18d434c686d6c
[2008/12/19 20:23:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2008/12/19 20:16:45 | 00,565,600 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/19 20:16:06 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/12/19 20:15:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/12/19 20:09:57 | 01,009,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2008/12/19 20:09:54 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2008/12/19 20:09:49 | 00,553,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2008/12/19 20:09:15 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/12/19 20:09:14 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/12/19 20:09:14 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/12/19 20:09:13 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/12/19 20:09:10 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diskraid.exe
[2008/12/19 20:07:42 | 00,292,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32.dll
[2008/12/19 20:07:40 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w03a2409.dll
[2008/12/19 20:07:24 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browseui.dll
[2008/12/19 20:07:19 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2008/12/19 20:06:55 | 08,360,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll
[2008/12/19 20:06:50 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswsock.dll
[2008/12/19 20:06:50 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dnsapi.dll
[2008/12/19 20:06:45 | 01,121,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3.dll
[2008/12/19 20:06:42 | 02,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msi.dll
[2008/12/19 20:06:41 | 00,629,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcrt4.dll
[2008/12/19 20:06:40 | 00,345,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/12/19 20:05:03 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/12/19 20:05:03 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/19 20:05:03 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/12/19 20:05:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/12/19 06:37:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WindowsUpdate
[2008/12/19 03:00:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\$hf_mig$
[2008/12/18 23:57:20 | 01,099,264 | ---- | C] () -- C:\WINDOWS\adfs.msp
[2008/12/18 23:55:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/18 23:54:51 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32(4).dll
[2008/12/18 23:54:51 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32(3).dll
[2008/12/18 23:54:30 | 00,345,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32(3).dll
[2008/12/18 23:54:25 | 00,552,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32(3).dll
[2008/12/18 23:54:20 | 00,629,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcrt4(3).dll
[2008/12/18 23:54:09 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\user32(3).dll
[2008/12/18 23:45:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/12/18 23:45:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\PolicyBackup
[2008/12/18 23:43:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2008/12/18 23:41:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2008/12/18 23:37:32 | 00,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/12/18 23:36:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2008/12/18 23:35:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2008/12/18 23:32:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow PowerPack Pro
[2008/12/18 23:32:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TweakNow PowerPack
[2008/12/18 23:30:52 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/18 23:23:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ICQ
[2008/12/18 23:23:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/12/18 23:22:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2008/12/18 23:17:38 | 02,106,750 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/18 23:17:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2008/12/18 23:16:45 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/12/18 23:16:45 | 00,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2008/12/18 23:16:45 | 00,037,376 | ---- | C] () -- C:\WINDOWS\CPLUtl64.exe
[2008/12/18 23:16:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek AC97
[2008/12/18 23:14:57 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2008/12/18 23:14:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ITE
[2008/12/18 23:14:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2008/12/18 23:13:32 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2008/12/18 23:11:59 | 00,014,136 | R--- | C] (BIOSTAR Group) -- C:\WINDOWS\System32\drivers\BIOS64.sys
[2008/12/18 22:54:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/12/18 22:54:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2008/12/18 22:54:08 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2008/12/18 22:54:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2008/12/18 22:54:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2008/12/18 22:54:03 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/12/18 22:54:03 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2008/12/18 22:54:03 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/12/18 22:54:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2008/12/18 22:53:57 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/18 22:53:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/18 22:52:28 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/18 22:49:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2008/12/18 22:49:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ime
[2008/12/18 22:49:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\system
[2008/12/18 22:49:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\speechengines
[2008/12/18 22:49:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\microsoft shared
[2008/12/18 22:48:58 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/18 22:48:58 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/18 22:48:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/12/18 22:48:58 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2008/12/18 22:48:58 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2008/12/18 22:48:54 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/18 22:48:54 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/18 22:48:54 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/18 22:48:49 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2008/12/18 22:48:09 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2008/12/18 22:47:26 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2008/12/18 22:47:26 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2008/12/18 22:47:26 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2008/12/18 22:47:26 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2008/12/18 22:47:26 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2008/12/18 22:47:26 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2008/12/18 22:47:26 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2008/12/18 22:47:26 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2008/12/18 22:47:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeeting
[2008/12/18 22:47:21 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2008/12/18 22:47:21 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2008/12/18 22:47:05 | 00,000,527 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/12/18 22:46:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2008/12/18 22:46:54 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/12/18 22:46:53 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/12/18 22:46:52 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/12/18 22:46:52 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/12/18 22:46:52 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/12/18 22:46:52 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/12/18 22:46:52 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups(2).dll
[2008/12/18 22:46:52 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/12/18 22:46:51 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2008/12/18 22:46:51 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2008/12/18 22:46:51 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2008/12/18 22:46:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker
[2008/12/18 22:46:40 | 00,144,128 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2008/12/18 22:46:40 | 00,144,128 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2008/12/18 22:46:39 | 00,000,002 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2008/12/18 22:46:39 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/12/18 22:46:35 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2008/12/18 22:46:33 | 00,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2008/12/18 22:46:33 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2008/12/18 22:46:33 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2008/12/18 22:46:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2008/12/18 22:46:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Services
[2008/12/18 22:46:31 | 00,694,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2008/12/18 22:46:31 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2008/12/18 22:46:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Outlook Express
[2008/12/18 22:46:24 | 00,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2008/12/18 22:46:24 | 00,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2008/12/18 22:46:24 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2008/12/18 22:46:24 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2008/12/18 22:46:24 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2008/12/18 22:46:23 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2008/12/18 22:46:23 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2008/12/18 22:46:23 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2008/12/18 22:46:23 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2008/12/18 22:46:23 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2008/12/18 22:46:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\System
[2008/12/18 22:46:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer
[2008/12/18 22:46:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2008/12/18 22:45:48 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/12/18 22:45:48 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/12/18 22:45:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2008/12/18 22:45:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2008/12/18 22:45:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2008/12/18 22:45:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Gaming Zone
[2008/12/18 22:45:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows NT
[2008/12/18 22:45:13 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2008/12/18 22:45:13 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2008/12/18 22:45:08 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2008/12/18 22:45:07 | 00,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2008/12/18 22:45:01 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/12/18 22:45:01 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/12/18 22:45:01 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/12/18 22:45:01 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/12/18 22:45:01 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/12/18 22:45:00 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2008/12/18 22:45:00 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/18 22:45:00 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/12/18 22:45:00 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/12/18 22:45:00 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/12/18 22:45:00 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/12/18 22:45:00 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/12/18 22:44:59 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2008/12/18 22:44:59 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2008/12/18 22:44:58 | 00,541,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2008/12/18 22:44:58 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2008/12/18 22:44:57 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2008/12/18 22:44:57 | 00,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2008/12/18 22:44:57 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2008/12/18 22:44:56 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2008/12/18 22:44:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSN
[2008/12/18 22:44:45 | 01,865,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2008/12/18 22:44:45 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2008/12/18 22:44:45 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2008/12/18 22:44:45 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2008/12/18 22:44:42 | 00,616,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2008/12/18 22:44:42 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2008/12/18 22:44:42 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2008/12/18 22:44:42 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comadmin.dll
[2008/12/18 22:44:42 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2008/12/18 22:44:42 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2008/12/18 22:44:42 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2008/12/18 22:44:42 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2008/12/18 22:44:42 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2008/12/18 22:44:42 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2008/12/18 22:44:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2008/12/18 22:44:41 | 01,295,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2008/12/18 22:44:41 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2008/12/18 22:44:41 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2008/12/18 22:44:41 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2008/12/18 22:44:41 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2008/12/18 22:44:38 | 00,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2008/12/18 22:44:38 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2008/12/18 22:44:38 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2008/12/18 22:44:38 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2008/12/18 22:44:34 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2008/12/18 22:44:34 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2008/12/18 15:19:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ODBC
[2008/12/18 15:19:23 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2008/12/18 15:19:22 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/18 15:19:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeechEngines
[2008/12/18 15:19:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Shared
[2008/12/18 15:19:17 | 00,000,000 | R--D | C] -- C:\Program Files (x86)
[2008/12/18 15:19:17 | 00,000,000 | R--D | C] -- C:\Program Files
[2008/12/18 15:19:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files
[2008/12/18 15:19:16 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2008/12/18 15:19:16 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2008/12/18 15:19:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2008/12/18 15:19:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2008/12/18 15:19:15 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2008/12/18 15:19:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2008/12/18 15:19:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2008/12/18 15:19:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2008/12/18 15:19:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2008/12/18 15:19:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2008/12/18 15:19:14 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2008/12/18 15:19:14 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2008/12/18 15:19:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2008/12/18 15:19:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2008/12/18 15:19:05 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2008/12/18 15:19:04 | 00,000,150 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/12/18 15:18:58 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/18 15:18:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/18 15:18:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/18 15:18:42 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/12/18 15:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2008/12/18 15:18:33 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/12/18 15:15:44 | 00,000,393 | -HS- | C] () -- C:\boot.ini
[2008/12/18 15:10:53 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2008/12/18 15:10:53 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2008/12/18 15:10:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWOW64
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\InstallShield
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Drivers
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent64
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime (x86)
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:6BA3FE57F52AA31C
[2008/12/18 00:37:18 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\msdrve.dll
[2008/12/18 00:37:16 | 00,010,816 | ---- | C] () -- C:\WINDOWS\vmoptver.dll
[2008/12/13 02:05:28 | 03,593,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/01/06 09:55:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/01/06 09:15:05 | 00,000,402 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/01/06 09:00:00 | 00,000,514 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/01/05 17:00:01 | 00,000,488 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/01/04 21:53:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/04 21:53:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/04 21:48:06 | 00,000,956 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/04 21:24:07 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/04 18:47:10 | 02,106,750 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/01/04 18:39:58 | 00,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/04 14:39:31 | 00,000,393 | -HS- | M] () -- C:\boot.ini
[2009/01/04 13:53:09 | 00,000,099 | -HS- | M] () -- C:\Documents and Settings\All Users\Desktop\desktop.ini
[2009/01/03 18:30:24 | 00,198,230 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\oreganol receipt.xps
[2009/01/03 18:20:10 | 00,001,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Restart.lnk
[2009/01/03 01:06:06 | 00,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/01/02 21:19:04 | 00,000,927 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2009/01/02 18:25:40 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/31 22:15:40 | 00,140,288 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\insurance discontinuance notice.doc
[2008/12/31 19:39:21 | 02,049,354 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Fen_www1.wmv
[2008/12/29 23:28:49 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2008/12/29 21:23:14 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quotations.doc
[2008/12/24 20:27:46 | 00,129,502 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\gazelle packing label.pdf
[2008/12/21 21:54:45 | 00,071,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/21 12:58:35 | 00,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/12/21 12:19:20 | 00,164,655 | ---- | M] () -- C:\WINDOWS\System32\iuctl.cab
[2008/12/21 01:27:01 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
[2008/12/21 01:24:07 | 00,000,527 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/20 22:25:36 | 00,000,032 | ---- | M] () -- C:\WINDOWS\go
[2008/12/20 22:08:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2008/12/20 22:08:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2008/12/20 21:31:42 | 00,002,623 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[2008/12/20 21:21:20 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2008/12/20 20:58:43 | 00,000,439 | ---- | M] () -- C:\WINDOWS\tasks\1 Copernic Intra-Daily ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,425 | ---- | M] () -- C:\WINDOWS\tasks\4 Copernic Monthly ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\3 Copernic Weekly ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,415 | ---- | M] () -- C:\WINDOWS\tasks\2 Copernic Daily ~CHEESYMOUSE Administrator.job
[2008/12/20 15:59:34 | 00,298,104 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll
[2008/12/20 15:59:05 | 00,009,728 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/12/20 15:53:37 | 00,099,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/12/20 15:53:37 | 00,082,816 | ---- | M] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2008/12/20 15:53:37 | 00,007,859 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/12/20 15:53:36 | 00,001,167 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/12/20 15:52:55 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2008/12/20 14:45:50 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Window Washer.lnk
[2008/12/20 13:48:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\null.sys
[2008/12/20 13:48:19 | 07,507,296 | ---- | M] (PC Tools ) -- C:\WINDOWS\rminstall.exe
[2008/12/19 23:06:44 | 00,565,600 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/19 20:35:53 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/19 20:35:53 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/18 23:52:10 | 00,297,072 | RHS- | M] () -- C:\ntldr
[2008/12/18 22:49:02 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/18 22:48:58 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/18 22:48:58 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/18 22:48:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2008/12/18 22:48:58 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/18 22:48:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/18 22:48:55 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/18 22:48:49 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/18 22:45:48 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/12/18 22:45:48 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2008/12/18 15:19:17 | 00,000,150 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/18 15:18:58 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/18 15:18:58 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/18 00:37:18 | 00,016,384 | ---- | M] () -- C:\WINDOWS\System32\msdrve.dll
[2008/12/18 00:37:16 | 00,010,816 | ---- | M] () -- C:\WINDOWS\vmoptver.dll
[2008/12/15 12:09:11 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Redbox is giving away free 1 day rentals.doc
[2008/12/14 16:01:52 | 00,097,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\windows update error.doc
[2008/12/13 02:05:28 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 19:22:47 | 00,293,527 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MovieList2008.pdf
[2008/12/10 22:17:00 | 00,169,046 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\top ten countdown.xps
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


the extras

OTViewIt Extras logfile created on: 1/6/2009 9:56:19 AM - Run
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 73.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 29.35 Gb Free Space | 19.69% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 0.99 Gb Free Space | 2.59% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHEESYMOUSE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/30 06:41:05 | 00,172,792 | ---- | M] (ICQ, Inc.) -- C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
[2008/12/20 16:39:23 | 00,270,128 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/12/15 10:31:46 | 03,945,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application
[2008/12/11 12:51:57 | 00,528,384 | ---- | M] () -- C:\Program Files (x86)\Phantom EFX\OnlineCasino\Launcher\OLCLauncher.exe:*:Enabled:OLCLauncher
[2007/10/25 16:58:52 | 00,122,880 | ---- | M] () -- C:\Program Files (x86)\Phantom EFX\OnlineCasino\Bin\Prelauncher.exe:*:Enabled:Prelauncher
[2008/11/25 15:12:06 | 01,302,528 | ---- | M] () -- C:\Program Files (x86)\Phantom EFX\OnlineCasino\Bin\OnlineCasino.exe:*:Enabled:OnlineCasino
[2008/11/05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\imon.dll (Eset )

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/12/02 19:17:04 | 01,142,744 | ---- | M] (Copernic Technologies Inc.) C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (copernicagent:{A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} (HKLM) [])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/12/02 19:17:04 | 01,142,744 | ---- | M] (Copernic Technologies Inc.) C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (copernicagentcache:{AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} (HKLM) [])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 05:17:24 | 01,160,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 14:14:54 | 00,694,784 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 02:05:28 | 03,593,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/03/25 05:00:00 | 00,074,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/11/08 00:55:44 | 08,360,448 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{08E16CBF-7029-4881-83DF-D0B3A63030B4}"=WOT for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{2712C3CA-931D-4B12-9605-06FF0DFDFADA}"=Reel Deal Card Games
"{417E7710-C77B-4CB9-839A-D586A12C64E2}"=Smart Guardian
"{5888428E-699C-4E71-BF71-94EE06B497DA}"=TuneUp Utilities 2008
"{60DE4033-9503-48D1-A483-7846BD217CA9}"=ICQ6.5
"{68FF1339-3628-4D37-B6D9-A49FCA562930}"=GoldRush
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1"=ConvertXtoDVD 3.0.0.1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{83073C45-3003-4671-9A86-243AAADD915A}"=Microsoft Calculator Plus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}"=Nero 8
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{92B79901-C57D-409F-8D2F-4E5337383569}"=OpenOffice.org 3.0
"{95738B44-49CF-4C62-A620-320F1007B14A}"=SpiralFrog Download Manager 0.8.25
"{963A7A63-1326-4D68-81F2-DB9E01ED7EA5}"=Card Games 2009
"{A53459B9-6C96-4A02-805F-262C10E81BB7}"=Bejeweled 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B43A3C5D-7F74-4493-840E-D7B74520BC19}"=PDF Download for Internet Explorer
"{B6F3282D-3782-4FBC-B6A6-2F68F382F2C7}"=HighRoller
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B8E30EC8-166C-46CD-B148-1EEDCA880FD0}"=Vegas Experience
"{C1D37ACC-A99F-4A0D-B361-451CC005759B}"=Ghost Town
"{C662595F-CDF9-4BF5-8323-3F7C6A7EADF7}"=Bonus Mania
"{D75DCC6C-5D97-48AC-B74B-68DBC2E84F2F}"=MysticForest
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1"=NOD32 FiX
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"{FD5913FA-5617-4A81-95F2-6A87FA349DD5}"=Sweet Tooth To Go
"Adblock Pro"=Adblock Pro 2.6
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Advanced SystemCare 3_is1"=Advanced SystemCare 3
"AnyDVD"=AnyDVD
"AtomTime Pro_is1"=AtomTime Pro 3.1d
"AVI MPEG RM WMV Joiner_is1"=AVI/MPEG/RM/WMV Joiner 4.81
"Bejeweled Twist 1.0"=Bejeweled Twist 1.0
"Brain Training for Dummies®"=Brain Training for Dummies®
"CCleaner"=CCleaner (remove only)
"CloneDVD2"=CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Copernic Agent Professional"=Copernic Agent Professional
"Daniusoft Media Converter Pro_is1"=Daniusoft Media Converter Pro(Build 2.2.4.0)
"DivX Content Uploader"=DivX Content Uploader
"DVD Creator3"=DVD Creator3
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Region+CSS Free_is1"=DVD Region+CSS Free 5.9.8.5
"DVD Ripper Platinum 4"=DVD Ripper Platinum 4
"DVD Shrink_is1"=DVD Shrink 3.2
"EmailStripper_is1"=EmailStripper 2.2
"Glyph 2"=Glyph 2
"Hide and Secret"=Hide and Secret
"Hide IP Platinum_is1"=Hide IP Platinum 3.5
"HijackThis"=HijackThis 2.0.2
"Jewel Match Winter Wonderland "=Jewel Match Winter Wonderland
"Jewel Quest Mysteries"=Jewel Quest Mysteries
"LimeWire"=LimeWire PRO 4.18.8
"Magic ISO Maker v5.4 (build 0251)"=Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"NOD32"=NOD32 antivirus system
"PCRepair 2005_is1"=PCRepair 2005
"PIXresizer_is1"=PIXresizer 2.0.3
"Power Screen Capture_is1"=Power Screen Capture 7.0.0.760
"PowerISO"=PowerISO
"Registry Crawler"=Registry Crawler
"Registry Mechanic_is1"=Registry Mechanic 8.0
"Replay Media Catcher"=Replay Media Catcher
"Revo Uninstaller"=Revo Uninstaller 1.75
"ShaPlus Bandwidth Meter"=ShaPlus Bandwidth Meter 1.2
"Super DVD Creator_is1"=Super DVD Creator 9.8 Full Version
"TeamViewer 4"=TeamViewer 4
"TweakNow PowerPack Professional_is1"=TweakNow PowerPack Professional
"UltimateDefrag 2008"=UltimateDefrag 2008
"UltraISO_is1"=UltraISO Premium V8.65
"Winamp"=Winamp
"Window Washer"=Window Washer
"WinGimp-2.0_is1"=GIMP 2.6.3
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"Xilisoft DVD Ripper Platinum"=Xilisoft DVD Ripper Platinum 4
"Xilisoft DVD to DivX Converter"=Xilisoft DVD to DivX Converter
"XoftSpySE"=XoftSpySE
"Yahoo! Messenger"=Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2008 2:25:12 AM | Computer Name = CHEESYMOUSE | Source = wwSecure.exe | ID = 0
Description =

Error - 12/31/2008 11:09:36 PM | Computer Name = CHEESYMOUSE | Source = VSS | ID = 8211
Description =

Error - 1/4/2009 12:38:46 AM | Computer Name = CHEESYMOUSE | Source = Diskeeper | ID = 5
Description =

Error - 1/10/2009 1:26:45 AM | Computer Name = CHEESYMOUSE | Source = Diskeeper | ID = 5
Description =

Error - 1/4/2009 4:13:21 PM | Computer Name = CHEESYMOUSE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module wot.dll, version 8.8.11.0, fault address 0x0001208b.

Error - 1/4/2009 4:13:25 PM | Computer Name = CHEESYMOUSE | Source = Application Error | ID = 1001
Description = Fault bucket 1047785817.

Error - 1/4/2009 9:44:31 PM | Computer Name = CHEESYMOUSE | Source = Application Error | ID = 1005
Description = Windows cannot access the file D:\Music\90's\Billboard Top 100 of
1995\1995-053-Dr._Dre-Keep_Their_Heads_Ringin' (Friday Soundtrack).MP3 for one of
the following reasons: there is a problem with the network connection, the disk
that the file is stored on, or the storage drivers installed on this computer; or
the disk is missing. Windows closed the program 1995-053-Dr._Dre-Keep_Their_Heads_Ringin'
(Friday Soundtrack).MP3 because of this error. Program: 1995-053-Dr._Dre-Keep_Their_Heads_Ringin'
(Friday Soundtrack).MP3 File: D:\Music\90's\Billboard Top 100 of 1995\1995-053-Dr._Dre-Keep_Their_Heads_Ringin'
(Friday Soundtrack).MP3 The error value is listed in the Additional Data section.
User
Action 1. Open the file again. This situation might be a temporary problem that corrects
itself when the program runs again. 2. If the file still cannot be accessed and -
It is on the network, your network administrator should verify that there is not
a problem with the network and that the server can be contacted. - It is on a removable
disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted
into the computer. 3. Check and repair the file system by running CHKDSK. To run
CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt,
type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file
from a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value:
C000009C Disk type: 3

Error - 1/4/2009 9:44:36 PM | Computer Name = CHEESYMOUSE | Source = Application Error | ID = 1000
Description = Faulting application FixVundo[1].exe, version 1.5.1.0, faulting module
FixVundo[1].exe, version 1.5.1.0, fault address 0x00003933.

Error - 1/4/2009 9:44:41 PM | Computer Name = CHEESYMOUSE | Source = Application Error | ID = 1001
Description = Fault bucket 00470146.

Error - 1/4/2009 9:48:26 PM | Computer Name = CHEESYMOUSE | Source = VSS | ID = 8211
Description =

[ System Events ]
Error - 1/6/2009 12:15:00 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:04 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:04 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:08 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:14 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:19 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:27 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:33 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:36 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:39 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.


< End of report >

[Shaba]

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

uTorrent
LimeWire PRO 4.18.8


I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

[b]Please run a new otviewit scan when finished and post the logs back here.[/b

[jackistheman]

OTViewIt logfile created on: 1/6/2009 10:52:20 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 69.78% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 29.30 Gb Free Space | 19.66% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 1.00 Gb Free Space | 2.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHEESYMOUSE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
[2005/03/25 05:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\ctfmon.exe
[2008/12/20 15:59:33 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files (x86)\ESET\nod32kui.exe
[2008/09/04 22:56:34 | 00,139,264 | ---- | M] (ShaPlus Software) -- C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
[2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
[2007/10/12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
[2008/12/20 15:59:32 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files (x86)\ESET\nod32krn.exe
[2005/04/20 10:34:12 | 00,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\SysWOW64\wwSecure.exe
[2008/12/02 13:11:53 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
[2009/01/06 09:55:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2007/10/23 22:33:00 | 00,045,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/10/23 22:33:04 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
[2007/10/16 20:04:28 | 01,769,240 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
File not found -- -- (dmadmin [On_Demand | Stopped])
File not found -- -- (Eventlog [Auto | Running])
[2007/10/09 15:06:28 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
File not found -- -- (HTTPFilter [On_Demand | Stopped])
[2007/02/18 11:05:52 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWOW64\svchost.exe -- (IASJet [On_Demand | Stopped])
[2007/10/10 22:08:40 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
File not found -- -- (ImapiService [On_Demand | Stopped])
[2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
File not found -- -- (MSDTC [On_Demand | Stopped])
[2007/08/08 09:25:08 | 00,836,904 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
[2007/02/18 11:05:42 | 00,430,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2007/10/11 09:50:58 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2007/08/03 12:51:18 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
[2007/10/12 08:34:56 | 00,071,096 | ---- | M] () -- C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU [Auto | Running])
[2008/12/20 15:59:32 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files (x86)\ESET\nod32krn.exe -- (NOD32krn [Auto | Running])
File not found -- -- (NtLmSsp [Disabled | Stopped])
File not found -- -- (NVSvc [Auto | Running])
[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
File not found -- -- (PlugPlay [Auto | Running])
File not found -- -- (PolicyAgent [Auto | Running])
File not found -- -- (ProtectedStorage [Auto | Running])
File not found -- -- (RDSessMgr [On_Demand | Stopped])
File not found -- -- (SamSs [Auto | Running])
File not found -- -- (TlntSvr [Disabled | Stopped])
File not found -- -- (TuneUp.Defrag [On_Demand | Stopped])
[2005/03/25 05:00:00 | 00,039,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [On_Demand | Stopped])
File not found -- -- (vds [On_Demand | Stopped])
File not found -- -- (VSS [On_Demand | Stopped])
File not found -- -- (WmiApSrv [On_Demand | Stopped])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
File not found -- -- (WSearch [Auto | Stopped])
[2005/04/20 10:34:12 | 00,487,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\system32\wwSecure.exe -- (wwSecSvc [Auto | Running])

========== Driver Services ==========

File not found -- -- (ACPI [Boot | Running])
File not found -- -- (AFD [System | Running])
File not found -- -- (ALCXWDM [On_Demand | Running])
File not found -- -- (AmdK8 [System | Running])
File not found -- -- (AMON [Auto | Running])
[2008/12/01 09:52:15 | 00,119,744 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\system32\Drivers\AnyDVD.sys -- (AnyDVD [On_Demand | Running])
[2005/11/20 22:48:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\Drivers\ASPI32.SYS -- (Aspi32 [Auto | Stopped])
File not found -- -- (atapi [Boot | Running])
File not found -- -- (audstub [On_Demand | Running])
File not found -- -- (Beep [System | Running])
[2006/10/31 00:25:02 | 00,014,136 | R--- | M] (BIOSTAR Group) -- C:\WINDOWS\system32\Drivers\BIOS64.sys -- (BIOS [System | Running])
File not found -- -- (CdaC15BA [Auto | Running])
File not found -- -- (CdaD10BA [Auto | Running])
File not found -- -- (Cdfs [Disabled | Running])
File not found -- -- (Cdrom [System | Running])
File not found -- -- (crcdisk [Boot | Running])
File not found -- -- (Disk [Boot | Running])
File not found -- -- (dmio [Boot | Running])
File not found -- -- (dmload [Boot | Running])
[2008/11/19 10:21:47 | 00,093,128 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll -- (ElbyCDIO [System | Running])
[2007/02/15 17:56:51 | 00,014,032 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\system32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
File not found -- -- (Fdc [On_Demand | Running])
File not found -- -- (Fips [System | Running])
File not found -- -- (FltMgr [Boot | Running])
File not found -- -- (Ftdisk [Boot | Running])
File not found -- -- (Gpc [On_Demand | Running])
File not found -- -- (i8042prt [System | Running])
File not found -- -- (imapi [System | Running])
File not found -- -- (IpNat [On_Demand | Running])
File not found -- -- (IPSec [System | Running])
File not found -- -- (isapnp [Boot | Running])
File not found -- -- (Kbdclass [System | Running])
File not found -- -- (kmixer [On_Demand | Running])
File not found -- -- (KSecDD [Boot | Running])
File not found -- -- (ksthunk [On_Demand | Running])
[2005/03/25 05:00:00 | 00,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll -- (mnmdd [System | Running])
File not found -- -- (Mouclass [System | Running])
File not found -- -- (MountMgr [Boot | Running])
File not found -- -- (MRxDAV [On_Demand | Running])
File not found -- -- (MRxSmb [System | Running])
File not found -- -- (Msfs [System | Running])
File not found -- -- (mssmbios [On_Demand | Running])
File not found -- -- (Mup [Boot | Running])
File not found -- -- (NDIS [Boot | Running])
File not found -- -- (NdisTapi [On_Demand | Running])
File not found -- -- (Ndisuio [On_Demand | Running])
File not found -- -- (NdisWan [On_Demand | Running])
File not found -- -- (NDProxy [On_Demand | Running])
File not found -- -- (NetBIOS [System | Running])
File not found -- -- (NetBT [System | Running])
File not found -- -- (Npfs [System | Running])
File not found -- -- (Ntfs [Disabled | Running])
[2008/12/20 13:48:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\null.sys -- (Null [System | Running])
File not found -- -- (nv [On_Demand | Running])
File not found -- -- (nvata64 [Boot | Running])
File not found -- -- (NVENETFD [On_Demand | Running])
File not found -- -- (nvnetbus [On_Demand | Running])
File not found -- -- (Parport [On_Demand | Running])
File not found -- -- (PartMgr [Boot | Running])
File not found -- -- (PCI [Boot | Running])
File not found -- -- (PCIIde [Boot | Running])
File not found -- -- (pcouffin [On_Demand | Running])
File not found -- -- (PptpMiniport [On_Demand | Running])
File not found -- -- (PSched [On_Demand | Running])
File not found -- -- (Ptilink [On_Demand | Running])
File not found -- -- (PxHlpa64 [Boot | Running])
File not found -- -- (RasAcd [System | Running])
File not found -- -- (Rasl2tp [On_Demand | Running])
File not found -- -- (RasPppoe [On_Demand | Running])
File not found -- -- (Raspti [On_Demand | Running])
File not found -- -- (Rdbss [System | Running])
File not found -- -- (RDPCDD [System | Running])
File not found -- -- (rdpdr [On_Demand | Running])
File not found -- -- (redbook [System | Running])
File not found -- -- (SCDEmu [System | Running])
File not found -- -- (Secdrv [Auto | Running])
File not found -- -- (serenum [On_Demand | Running])
File not found -- -- (Serial [System | Running])
File not found -- -- (sptd [Boot | Running])
File not found -- -- (sr [Boot | Running])
File not found -- -- (Srv [On_Demand | Running])
File not found -- -- (swenum [On_Demand | Running])
File not found -- -- (sysaudio [On_Demand | Running])
File not found -- -- (Tcpip [System | Running])
File not found -- -- (TermDD [System | Running])
File not found -- -- (Update [On_Demand | Running])
File not found -- -- (usbehci [On_Demand | Running])
File not found -- -- (usbhub [On_Demand | Running])
File not found -- -- (usbohci [On_Demand | Running])
File not found -- -- (VgaSave [System | Running])
File not found -- -- (VolSnap [Boot | Running])
File not found -- -- (Wanarp [On_Demand | Running])
[2005/03/25 05:00:00 | 00,023,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdmaud.drv -- (wdmaud [On_Demand | Running])
File not found -- -- (WS2IFSL [System | Running])
[2005/04/28 12:00:56 | 00,006,144 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\system32\Drivers\zntport.sys -- (zntport [Auto | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.google.com/
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{BE89472C-B803-4D1D-9A9A-0A63660E0FE3}" (HKLM) -- C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Page_Transitions"=
"Search Page"=http://www.google.com
"Start Page"=http://www.google.com/

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{BE89472C-B803-4D1D-9A9A-0A63660E0FE3}" (HKLM) -- C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (290793 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
10016 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{C920E44A-7F78-4E64-BDD7-A57026E7FEB7} (HKCU) -- C:\Program Files (x86)\WOT\WOT.dll ()
{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (HKCU) -- C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll File not found
{F385C231-605B-4d8f-ACA9-DBFF765BBE17} (HKLM) -- C:\Program Files (x86)\Adblock Pro\AdblockPro.dll (Adblock Pro Team)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{71576546-354D-41c9-AAE8-31F2EC22BF0D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{71576546-354D-41c9-AAE8-31F2EC22BF0D}" (HKCU) -- C:\Program Files (x86)\WOT\WOT.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" (HKCU) -- C:\Program Files (x86)\WOT\WOT.dll ()

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}" (HKLM) -- C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}" (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found
"{71576546-354D-41C9-AAE8-31F2EC22BF0D}" (HKCU) -- C:\Program Files (x86)\WOT\WOT.dll ()

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F2E259E8-0FC8-438C-A6E0-342DD80FA53E}" (HKLM) -- C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files (x86)\Eset\nod32kui.exe" /WAITSERVICE (Eset )
"ShaPlus Bandwidth Meter"="C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s File not found

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) RunOnce Keys ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"=C:\Program Files (x86)\Webroot\Washer\WashIdx.exe "Administrator" (Webroot Software, Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"=%systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Index Washer"=C:\Program Files (x86)\Webroot\Washer\WashIdx.exe "Administrator" (Webroot Software, Inc.)

========== (O4) Startup Folders ==========

[2004/11/09 11:45:06 | 00,323,584 | ---- | M] (Stanford University) -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk = C:\Program Files (x86)\Folding@Home\winFAH.exe

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\Software\policies\microsoft\internet explorer\Infodelivery\Restrictions]
"NoUpdateCheck"=1

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Control Panel]
"History"=0

[HKEY_CURRENT_USER\Software\policies\microsoft\internet explorer\Restrictions]
"NoSelectDownloadDir"=0
"NoBrowserClose"=0
"NoViewSource"=0
"NoBrowserContextMenu"=0
"NoFileNew"=0
"NoFileOpen"=0
"NoBrowserSaveAs"=0
"NoFavorites"=0
"NoBrowserOptions"=0

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\policies\microsoft\internet explorer\Control Panel]
"History"=0

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\policies\microsoft\internet explorer\Restrictions]
"NoSelectDownloadDir"=0
"NoBrowserClose"=0
"NoViewSource"=0
"NoBrowserContextMenu"=0
"NoFileNew"=0
"NoFileOpen"=0
"NoBrowserSaveAs"=0
"NoFavorites"=0
"NoBrowserOptions"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"LinkResolveIgnoreLinkInfo"=0
"NoResolveSearch"=1
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoSaveSettings"=0
"NoLowDiskSpaceChecks"=0
"DisallowRun"=0
"NoToolbarCustomize"=0
"NoFileMenu"=0
"DriveConfiguration"=[Binary data over 100 bytes]
"LegacyDrive"=[Binary data over 100 bytes]
"LinkResolveIgnoreLinkInfo"=0
"NoWindowsUpdate"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoSaveSettings"=0
"NoLowDiskSpaceChecks"=0
"DisallowRun"=0
"NoToolbarCustomize"=0
"NoFileMenu"=0
"DriveConfiguration"=[Binary data over 100 bytes]
"LegacyDrive"=[Binary data over 100 bytes]
"LinkResolveIgnoreLinkInfo"=0
"NoWindowsUpdate"=0

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"DisableTaskMgr"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
&Block This Image (ABP): C:\Program Files (x86)\Adblock Pro\blockimg.html [2007/07/15 04:47:08 | 00,000,633 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Save Page As PDF ...: File not found
Search Using Copernic Agent: C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll [2004/12/02 19:17:04 | 01,142,744 | ---- | M] (Copernic Technologies Inc.)

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\Software\Microsoft\Internet Explorer\MenuExt\]
&Block This Image (ABP): C:\Program Files (x86)\Adblock Pro\blockimg.html [2007/07/15 04:47:08 | 00,000,633 | ---- | M] ()
E&xport to Microsoft Excel: C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [2008/10/13 11:29:28 | 10,351,944 | ---- | M] (Microsoft Corporation)
Save Page As PDF ...: File not found
Search Using Copernic Agent: C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll [2004/12/02 19:17:04 | 01,142,744 | ---- | M] (Copernic Technologies Inc.)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{AD9E6088-E00B-42f9-9F0C-8480525D234E}: Menu: PDF Download - Options -- Reg Error: Key does not exist or could not be opened. File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{E7FD3540-AB30-40f1-91E7-101F733C1FD5}: Button: Adblock Pro Preferences -- %ProgramFiles%\Adblock Pro\AdblockPro.dll [2008/03/22 18:37:24 | 00,458,752 | ---- | M] (Adblock Pro Team)
{E7FD3540-AB30-40f1-91E7-101F733C1FD5}: Menu: Adblock Pro Preferences -- %ProgramFiles%\Adblock Pro\AdblockPro.dll [2008/03/22 18:37:24 | 00,458,752 | ---- | M] (Adblock Pro Team)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\ClsidExtension [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\ButtonText [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\CLSID [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\ClsidExtension [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\Default Visible [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\HotIcon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
{F1C0FD6C-A6A0-49a7-A932-71A56461867F}\\Icon [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\catalog.update: http in My Computer
microsoft.com\v4.windowsupdate: http in My Computer
microsoft.com\windowsupdate: * in My Computer
windowsupdate.com\download: * in My Computer
56 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-2212686455-2087382447-3015153210-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
microsoft.com\catalog.update: http in My Computer
microsoft.com\v4.windowsupdate: http in My Computer
microsoft.com\windowsupdate: * in My Computer
windowsupdate.com\download: * in My Computer
56 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/ ... ontrol.cab -- Office Genuine Advantage Validation Tool
{17492023-C23A-453E-A040-C7C580BBF700}: http://download.microsoft.com/download/ ... ontrol.cab -- Windows Genuine Advantage Validation Tool
{6414512B-B978-451D-A0D8-FCFDF33E833C}: http://update.microsoft.com/windowsupda ... 9742405688 -- WUWebControl Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab -- Java Plug-in 1.6.0_11
{C7DB51B4-BCF7-4923-8874-7F1A0DC92277}: http://office.microsoft.com/officeupdat ... /opuc4.cab -- Office Update Installation Engine
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab -- Java Plug-in 1.6.0_11
Microsoft XML Parser for Java: file:///C:/WINDOWS/Java/classes/xmldso.cab -- Reg Error: Key does not exist or could not be opened.

========== (O17) DNS Name Servers ==========

{319BFCB8-5F3F-4007-B427-4F04EB50AAAA} (Servers: | Description: NVIDIA nForce Networking Controller)

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=Explorer.exe
>[2007/02/18 11:05:28 | 01,053,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\explorer.exe

"System"=lsass.exe
>File not found --


========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
ScCertProp: "DllName" = wlnotify.dll -- File not found
Schedule: "DllName" = wlnotify.dll -- File not found
SensLogn: "DllName" = WlNotify.dll -- File not found
termsrv: "DllName" = Reg Error: Value DLLName does not exist or could not be read. -- File not found
wlballoon: "DllName" = wlnotify.dll -- File not found

========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"CDBurn"={fbeb8a05-beee-4442-804e-409d6c4515e9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"={7849596a-48ea-486e-8937-a2a3009f31a9} (HKLM) -- C:\WINDOWS\SysWOW64\shell32.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SysTray"={35CEC8A3-2BE6-11D2-8773-92E220524153} (HKLM) -- C:\WINDOWS\SysWOW64\stobject.dll (Microsoft Corporation)

========== (O22) Shared Task Scheduler ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}" (HKLM) = Browseui preloader -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{8C7461EF-2B13-11d2-BE35-3078302C2030}" (HKLM) = Component Categories cache daemon -- C:\WINDOWS\SysWOW64\browseui.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}" (HKLM) -- C:\Program Files (x86)\DVD Region+CSS Free\DVDShell.dll (Fengtao Software Inc.)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/12/18 22:48:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

autorun.inf []
[2008/09/05 23:42:57 | 00,000,000 | RHSD | M] -- D:\autorun.inf -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/01/06 09:55:25 | 00,422,912 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/01/05 20:17:07 | 00,000,000 | ---D | C] -- C:\things being kept
[2009/01/04 21:59:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adblock Pro
[2009/01/04 21:56:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/01/04 21:26:31 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/01/04 18:09:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/04 18:09:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SUPERAntiSpyware
[2009/01/04 18:09:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2009/01/04 13:52:29 | 01,163,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc42u.dll
[2009/01/04 01:47:42 | 00,000,956 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/01/03 22:13:36 | 00,000,000 | -HSD | C] -- C:\Diskeeper
[2009/01/03 18:30:22 | 00,198,230 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\oreganol receipt.xps
[2009/01/03 18:19:51 | 00,001,496 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Restart.lnk
[2009/01/03 15:06:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/01/03 15:06:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/03 15:06:42 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/03 15:06:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/01/03 15:06:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/02 21:19:04 | 00,000,927 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2009/01/02 20:59:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
[2008/12/31 22:15:40 | 00,140,288 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\insurance discontinuance notice.doc
[2008/12/31 19:39:21 | 02,049,354 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Fen_www1.wmv
[2008/12/30 21:56:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2008/12/30 17:14:56 | 17,593,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/30 14:14:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\LimeWire
[2008/12/29 23:28:38 | 00,003,532 | ---- | C] () -- C:\drmHeader.bin
[2008/12/29 21:23:13 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\quotations.doc
[2008/12/29 12:42:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2008/12/27 19:03:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/12/27 14:22:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\PICSRULES files
[2008/12/25 11:25:35 | 00,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2008/12/25 10:55:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WOT
[2008/12/25 10:54:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2008/12/25 10:51:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adblock Pro
[2008/12/25 10:42:06 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hide and Secret
[2008/12/24 20:27:46 | 00,129,502 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\gazelle packing label.pdf
[2008/12/22 16:11:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Software Informer
[2008/12/22 15:30:05 | 00,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2008/12/22 15:26:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 159 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:73AF6C86
@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
[2008/12/22 06:36:28 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2008/12/21 18:45:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Yahoo
[2008/12/21 18:44:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2008/12/21 18:43:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2008/12/21 18:35:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\alphateam medals
[2008/12/21 15:22:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2008/12/21 14:27:44 | 01,703,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdiplus.dll
[2008/12/21 14:27:44 | 00,991,232 | ---- | C] (Viscom Software ) -- C:\WINDOWS\System32\imageviewer2.ocx
[2008/12/21 14:27:44 | 00,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2008/12/21 14:27:44 | 00,224,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx
[2008/12/21 14:27:44 | 00,200,704 | ---- | C] (Sheridan Software Systems, Inc.) -- C:\WINDOWS\System32\threed32.ocx
[2008/12/21 14:27:44 | 00,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx
[2008/12/21 14:27:44 | 00,151,552 | ---- | C] (Domenico Statuto - CCRP) -- C:\WINDOWS\System32\ccrpfd6.ocx
[2008/12/21 14:27:44 | 00,110,592 | ---- | C] (Common Controls Replacement Project (CCRP)) -- C:\WINDOWS\System32\ccrpbds6.dll
[2008/12/21 14:27:44 | 00,106,496 | ---- | C] (Marco Bellinaso) -- C:\WINDOWS\System32\mbprgbar.ocx
[2008/12/21 14:27:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PIXresizer
[2008/12/21 12:40:25 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache
[2008/12/21 12:40:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Redirected
[2008/12/21 12:19:20 | 00,164,655 | ---- | C] () -- C:\WINDOWS\System32\iuctl.cab
[2008/12/21 12:00:52 | 00,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/21 11:57:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2008/12/21 11:54:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2008/12/21 01:58:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2008/12/21 01:58:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2008/12/21 01:27:01 | 00,000,615 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
[2008/12/21 01:27:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Folding@Home
[2008/12/21 01:20:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2008/12/21 01:20:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/20 23:57:07 | 11,727,275 | ---- | C] (Joe Pham <djpham@bitpim.org> ) -- C:\bitpim-1.0.6.20080726-setup.exe
[2008/12/20 23:57:06 | 11,679,762 | ---- | C] (Joe Pham <djpham@bitpim.org> ) -- C:\bitpim-1.0.5-setup.exe
[2008/12/20 23:01:11 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2008/12/20 22:57:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/12/20 22:57:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2008/12/20 22:57:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2008/12/20 22:52:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/12/20 22:52:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2008/12/20 22:36:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2008/12/20 22:25:36 | 00,000,032 | ---- | C] () -- C:\WINDOWS\go
[2008/12/20 22:25:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\vf_hip
[2008/12/20 22:25:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Hide IP Platinum
[2008/12/20 22:22:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DiskTrix
[2008/12/20 22:19:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2008/12/20 22:09:40 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/12/20 22:09:39 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/12/20 22:09:39 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2008/12/20 22:08:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PopCap Games
[2008/12/20 22:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2008/12/20 22:08:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/12/20 22:07:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Recordings
[2008/12/20 22:03:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Replay Media Catcher
[2008/12/20 22:01:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Power Screen Capture
[2008/12/20 21:31:42 | 00,002,623 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/20 21:27:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2008/12/20 21:27:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2008/12/20 21:27:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008/12/20 21:23:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2008/12/20 21:21:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/12/20 21:19:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\L&H
[2008/12/20 21:19:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ActiveSync
[2008/12/20 21:18:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2008/12/20 21:18:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2008/12/20 21:18:00 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2008/12/20 21:17:46 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2008/12/20 21:17:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2008/12/20 21:17:36 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2008/12/20 21:07:49 | 02,388,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_30.dll
[2008/12/20 21:07:40 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2008/12/20 21:03:44 | 00,000,000 | RH-D | C] -- C:\MSOCache
[2008/12/20 21:01:59 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Phantom EFX
[2008/12/20 20:58:43 | 00,000,439 | ---- | C] () -- C:\WINDOWS\tasks\1 Copernic Intra-Daily ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,425 | ---- | C] () -- C:\WINDOWS\tasks\4 Copernic Monthly ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,420 | ---- | C] () -- C:\WINDOWS\tasks\3 Copernic Weekly ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,415 | ---- | C] () -- C:\WINDOWS\tasks\2 Copernic Daily ~CHEESYMOUSE Administrator.job
[2008/12/20 20:57:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Copernic
[2008/12/20 20:57:52 | 00,109,782 | ---- | C] () -- C:\WINDOWS\CopernicAgentUninstall.exe
[2008/12/20 20:57:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Copernic Agent
[2008/12/20 20:52:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Decrypter
[2008/12/20 20:52:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/20 20:52:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Shrink
[2008/12/20 20:47:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0
[2008/12/20 20:46:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Pogo To Go
[2008/12/20 20:44:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2008/12/20 20:41:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Brain Training for Dummies®
[2008/12/20 20:40:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Jewel Quest Mysteries
[2008/12/20 20:39:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Jewel Match Winter Wonderland
[2008/12/20 20:38:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Glyph 2
[2008/12/20 20:37:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ToGo Game
[2008/12/20 20:36:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Calculator Plus
[2008/12/20 20:20:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Daniusoft
[2008/12/20 20:18:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PhatCat Technologies
[2008/12/20 20:16:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2008/12/20 16:40:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2008/12/20 16:36:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SpiralFrog
[2008/12/20 16:35:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ShaPlus Bandwidth Meter
[2008/12/20 16:35:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2008/12/20 16:31:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\EmailStripper
[2008/12/20 16:30:33 | 00,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll
[2008/12/20 16:29:09 | 00,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2008/12/20 16:29:08 | 00,171,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jit.dll
[2008/12/20 16:29:08 | 00,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2008/12/20 16:29:07 | 00,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx3j.dll
[2008/12/20 16:28:57 | 00,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2008/12/20 16:28:56 | 00,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2008/12/20 16:28:56 | 00,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2008/12/20 16:28:55 | 00,286,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vmhelper.dll
[2008/12/20 16:28:55 | 00,021,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjdbc10.dll
[2008/12/20 16:28:54 | 00,947,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjava.dll
[2008/12/20 16:28:54 | 00,154,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msawt.dll
[2008/12/20 16:28:53 | 00,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe
[2008/12/20 16:28:52 | 00,404,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javart.dll
[2008/12/20 16:28:52 | 00,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe
[2008/12/20 16:28:51 | 00,187,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javacypt.dll
[2008/12/20 16:28:51 | 00,063,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaprxy.dll
[2008/12/20 16:28:50 | 00,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2008/12/20 16:20:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2008/12/20 16:10:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2008/12/20 15:59:58 | 00,298,104 | ---- | C] (Eset ) -- C:\WINDOWS\System32\imon.dll
[2008/12/20 15:59:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2008/12/20 15:59:05 | 00,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/12/20 15:58:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2008/12/20 15:53:32 | 01,184,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wvc1dmod.dll
[2008/12/20 15:53:32 | 00,626,688 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp7vfw.dll
[2008/12/20 15:53:31 | 01,645,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\gdiplus.dll
[2008/12/20 15:53:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VSO
[2008/12/20 15:52:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2008/12/20 15:51:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2008/12/20 15:50:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\AnyDVDHD
[2008/12/20 15:50:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/12/20 15:50:13 | 00,000,083 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008/12/20 15:49:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2008/12/20 15:27:55 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVI MPEG RM WMV Joiner
[2008/12/20 15:25:27 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\RCrawler
[2008/12/20 15:23:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ImTOO
[2008/12/20 15:12:12 | 00,000,000 | -H-D | C] -- C:\WINDOWS\Icons
[2008/12/20 15:03:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2008/12/20 15:02:12 | 00,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/12/20 15:01:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVD Region+CSS Free
[2008/12/20 14:59:46 | 00,045,056 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\WNASPI32.DLL
[2008/12/20 14:59:46 | 00,016,512 | ---- | C] (Adaptec) -- C:\WINDOWS\System32\drivers\ASPI32.SYS
[2008/12/20 14:59:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2008/12/20 14:59:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2008/12/20 14:58:05 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2008/12/20 14:56:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\UltraISO
[2008/12/20 14:56:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2008/12/20 14:53:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2008/12/20 14:53:00 | 00,000,514 | ---- | C] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2008/12/20 14:52:57 | 00,028,416 | ---- | C] (TuneUp Software GmbH) -- C:\WINDOWS\System32\uxtuneup.dll
[2008/12/20 14:52:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2008/12/20 14:52:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2008
[2008/12/20 14:51:16 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2008/12/20 14:49:57 | 00,000,488 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2008/12/20 14:49:53 | 00,000,402 | ---- | C] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2008/12/20 14:49:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\XoftSpySE
[2008/12/20 14:48:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AtomTime Pro
[2008/12/20 14:45:50 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Window Washer.lnk
[2008/12/20 14:45:42 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Webroot Shared
[2008/12/20 14:45:37 | 00,487,936 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\System32\wwSecure.exe
[2008/12/20 14:45:37 | 00,057,344 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\Unwash6.exe
[2008/12/20 14:18:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AweSEM
[2008/12/20 14:18:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Pogo Auto
[2008/12/20 13:48:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\null.sys
[2008/12/20 13:48:53 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2008/12/20 13:48:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Registry Mechanic
[2008/12/20 13:48:17 | 07,507,296 | ---- | C] (PC Tools ) -- C:\WINDOWS\rminstall.exe
[2008/12/20 13:46:30 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2008/12/20 13:44:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Super_DVD_Creator_9.8
[2008/12/20 13:31:05 | 00,000,000 | ---D | C] -- C:\Themes
[2008/12/20 13:24:54 | 00,000,000 | ---D | C] -- C:\phantom slots
[2008/12/20 13:24:51 | 00,000,000 | ---D | C] -- C:\Unzipped
[2008/12/20 01:12:35 | 00,000,000 | ---D | C] -- C:\Downloads
[2008/12/20 01:12:06 | 00,000,000 | ---D | C] -- C:\Torrentz
[2008/12/20 01:11:53 | 00,000,000 | ---D | C] -- C:\Pogo Cheats
[2008/12/20 01:11:18 | 00,000,000 | ---D | C] -- C:\Movies
[2008/12/20 01:07:34 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2008/12/20 00:48:56 | 00,097,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\windows update error.doc
[2008/12/20 00:48:56 | 00,029,696 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Welding resume.doc
[2008/12/20 00:48:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Willmaker plus documents
[2008/12/20 00:48:50 | 00,169,046 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\top ten countdown.xps
[2008/12/20 00:48:50 | 00,156,160 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\time change fix.doc
[2008/12/20 00:48:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual styles
[2008/12/20 00:48:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Visual Studio 2008
[2008/12/20 00:48:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\torrentz
[2008/12/20 00:48:49 | 03,720,192 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ThesimplelifeVH.pps
[2008/12/20 00:48:49 | 01,058,304 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\pv2009 pics.doc
[2008/12/20 00:48:49 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\starry night resgistration number.doc
[2008/12/20 00:48:49 | 00,068,608 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Resume For Michael.doc
[2008/12/20 00:48:49 | 00,068,608 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Resume For Michael welding.doc
[2008/12/20 00:48:49 | 00,038,912 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Quotes.doc
[2008/12/20 00:48:49 | 00,030,720 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Resume.doc
[2008/12/20 00:48:49 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Redbox is giving away free 1 day rentals.doc
[2008/12/20 00:48:49 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Quotes to keep.doc
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\SpiralFrog
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Slingo Supreme Documents
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Slingo Quest Hawaii Documents
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\rul
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ResumeMaker
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\RegRun2
[2008/12/20 00:48:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Reciepts
[2008/12/20 00:48:48 | 00,151,117 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\power of attorney forms.xps
[2008/12/20 00:48:48 | 00,057,344 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\puzzles.doc
[2008/12/20 00:48:48 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\NEW FIREFOX TWEAK.doc
[2008/12/20 00:48:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Puzzle Quest
[2008/12/20 00:48:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Nolo Documents Backup
[2008/12/20 00:48:19 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2008/12/20 00:48:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2008/12/20 00:45:12 | 00,293,527 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MovieList2008.pdf
[2008/12/20 00:45:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My ISO Files
[2008/12/20 00:45:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Games
[2008/12/20 00:45:11 | 00,164,352 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\esxi license.doc
[2008/12/20 00:45:11 | 00,048,640 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\For F rmastered questions.doc
[2008/12/20 00:45:11 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\K1 and K2 keys.doc
[2008/12/20 00:45:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\logon screens
[2008/12/20 00:43:14 | 04,840,017 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\bad nintendo run.rtf
[2008/12/20 00:43:14 | 01,015,808 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\donate proof.doc
[2008/12/20 00:43:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WorldWinner.com
[2008/12/20 00:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SpiralfrogClient
[2008/12/20 00:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\RoxioCentralFx
[2008/12/20 00:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Real
[2008/12/20 00:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Paint.NET
[2008/12/20 00:43:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Oberon Games
[2008/12/20 00:43:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2008/12/20 00:43:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2008/12/20 00:40:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ken_Salter
[2008/12/20 00:40:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Imaginova Canada
[2008/12/20 00:40:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2008/12/20 00:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Help
[2008/12/20 00:40:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Grubby Games
[2008/12/20 00:40:05 | 00,071,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/20 00:39:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET
[2008/12/20 00:39:50 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/20 00:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2008/12/20 00:39:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Deployment
[2008/12/20 00:39:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Autodesk
[2008/12/20 00:39:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2008/12/20 00:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2008/12/20 00:39:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2008/12/20 00:39:41 | 00,000,398 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Pogo Cheats.lnk
[2008/12/20 00:39:41 | 00,000,383 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Torrentz.lnk
[2008/12/20 00:39:41 | 00,000,371 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Movies.lnk
[2008/12/20 00:39:41 | 00,000,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Music.lnk
[2008/12/20 00:39:40 | 00,000,388 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Downloads.lnk
[2008/12/20 00:39:39 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2008/12/20 00:39:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2008/12/20 00:39:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Webroot
[2008/12/20 00:39:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2008/12/20 00:39:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2008/12/20 00:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2008/12/20 00:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2008/12/20 00:39:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2008/12/20 00:39:25 | 00,010,790 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Puzzle Quest.ini
[2008/12/20 00:39:25 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data\SecuROM
[2008/12/20 00:39:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Reflexive
[2008/12/20 00:39:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Real
[2008/12/20 00:39:21 | 00,082,816 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2008/12/20 00:39:21 | 00,007,859 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/12/20 00:39:21 | 00,001,167 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/12/20 00:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Pogo Games
[2008/12/20 00:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Playrix Entertainment
[2008/12/20 00:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PlanetPlayMore
[2008/12/20 00:39:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PE Explorer
[2008/12/20 00:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
[2008/12/20 00:39:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2008/12/20 00:39:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Nero
[2008/12/20 00:39:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2008/12/20 00:39:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2008/12/20 00:39:02 | 00,099,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/12/20 00:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\iWin
[2008/12/20 00:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2008/12/20 00:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Individual Software
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Help
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\funkitron
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Folding@home-x86
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\EA
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dvdcss
[2008/12/20 00:39:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DivX
[2008/12/20 00:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
[2008/12/20 00:38:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Copernic
[2008/12/20 00:37:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
[2008/12/20 00:37:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ancient Quest of Saqqarah__oberon
[2008/12/20 00:33:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Utilities
[2008/12/20 00:30:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2008/12/20 00:28:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Games
[2008/12/20 00:28:26 | 01,347,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\Msvbvm50.dll
[2008/12/19 23:55:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2008/12/19 23:54:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6.5
[2008/12/19 23:09:00 | 01,081,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCTL.OCX
[2008/12/19 23:09:00 | 00,118,784 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msstdfmt.dll
[2008/12/19 23:08:59 | 00,102,912 | R--- | C] (Zeal SoftStudio) -- C:\WINDOWS\System32\Ntport.dll
[2008/12/19 23:08:59 | 00,046,080 | R--- | C] () -- C:\WINDOWS\System32\itevio.dll
[2008/12/19 23:08:59 | 00,006,144 | ---- | C] (Zeal SoftStudio) -- C:\WINDOWS\System32\drivers\zntport.sys
[2008/12/19 23:08:59 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\drivers\a.bat
[2008/12/19 23:08:34 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/19 23:08:05 | 00,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2008/12/19 22:44:10 | 00,000,099 | -HS- | C] () -- C:\Documents and Settings\All Users\Desktop\desktop.ini
[2008/12/19 22:43:22 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icacls.exe
[2008/12/19 22:43:22 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2008/12/19 22:43:22 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/12/19 22:43:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsno.dll
[2008/12/19 22:43:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsmsfi.dll
[2008/12/19 22:43:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdno1.dll
[2008/12/19 22:43:22 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdfi1.dll
[2008/12/19 22:43:22 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdukx.dll
[2008/12/19 22:43:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt48.dll
[2008/12/19 22:43:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmlt47.dll
[2008/12/19 22:43:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/12/19 22:43:22 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/12/19 22:43:22 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/12/19 22:43:22 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/12/19 22:43:22 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmaori.dll
[2008/12/19 22:43:21 | 00,121,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xmllite.dll
[2008/12/19 22:43:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\adfs
[2008/12/19 22:43:20 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/19 22:41:20 | 01,364,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2008/12/19 22:41:19 | 00,098,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\actxprxy.dll
[2008/12/19 22:41:18 | 00,618,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\advapi32.dll
[2008/12/19 22:41:18 | 00,148,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\apphelp.dll
[2008/12/19 22:41:18 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl.dll
[2008/12/19 22:41:17 | 00,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cabinet.dll
[2008/12/19 22:41:15 | 00,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.dll
[2008/12/19 22:41:14 | 00,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comdlg32.dll
[2008/12/19 22:41:13 | 00,595,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\crypt32.dll
[2008/12/19 22:41:13 | 00,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cryptui.dll
[2008/12/19 22:41:13 | 00,326,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cscui.dll
[2008/12/19 22:41:13 | 00,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cscdll.dll
[2008/12/19 22:41:06 | 00,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hnetcfg.dll
[2008/12/19 22:41:05 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imagehlp.dll
[2008/12/19 22:41:05 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imm32.dll
[2008/12/19 22:41:05 | 00,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iphlpapi.dll
[2008/12/19 22:41:02 | 00,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mlang.dll
[2008/12/19 22:41:01 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mpr.dll
[2008/12/19 22:41:00 | 00,316,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msctf.dll
[2008/12/19 22:41:00 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msasn1.dll
[2008/12/19 22:40:59 | 00,177,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msctfime.ime
[2008/12/19 22:40:58 | 00,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msihnd.dll
[2008/12/19 22:40:58 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msimtf.dll
[2008/12/19 22:40:58 | 00,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msiexec.exe
[2008/12/19 22:40:57 | 00,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msutb.dll
[2008/12/19 22:40:57 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msv1_0.dll
[2008/12/19 22:40:56 | 00,348,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcrt.dll
[2008/12/19 22:40:52 | 00,766,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdll.dll
[2008/12/19 22:40:49 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ole32.dll
[2008/12/19 22:40:49 | 00,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecli32.dll
[2008/12/19 22:40:49 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\olecnv32.dll
[2008/12/19 22:40:47 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\psapi.dll
[2008/12/19 22:40:45 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasapi32.dll
[2008/12/19 22:40:45 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasadhlp.dll
[2008/12/19 22:40:44 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasman.dll
[2008/12/19 22:40:43 | 00,213,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rsaenh.dll
[2008/12/19 22:40:41 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\secur32.dll
[2008/12/19 22:40:41 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sensapi.dll
[2008/12/19 22:40:40 | 01,508,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shdocvw.dll
[2008/12/19 22:40:40 | 01,069,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupapi.dll
[2008/12/19 22:40:40 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sfc_os.dll
[2008/12/19 22:40:37 | 00,320,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shlwapi.dll
[2008/12/19 22:40:36 | 00,762,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sxs.dll
[2008/12/19 22:40:36 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stdole2.tlb
[2008/12/19 22:40:35 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tapi32.dll
[2008/12/19 22:40:33 | 00,780,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\userenv.dll
[2008/12/19 22:40:33 | 00,215,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uxtheme.dll
[2008/12/19 22:40:31 | 00,174,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmm.dll
[2008/12/19 22:40:31 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winspool.drv
[2008/12/19 22:40:31 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winrnr.dll
[2008/12/19 22:40:30 | 00,179,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wldap32.dll
[2008/12/19 22:40:30 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wintrust.dll
[2008/12/19 22:40:30 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winsta.dll
[2008/12/19 22:40:29 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ws2_32.dll
[2008/12/19 22:40:29 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wtsapi32.dll
[2008/12/19 22:40:29 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshtcpip.dll
[2008/12/19 22:40:27 | 02,897,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp2res.dll
[2008/12/19 22:30:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2008/12/19 22:29:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2008/12/19 22:29:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2008/12/19 22:28:03 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2008/12/19 22:28:03 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2008/12/19 22:27:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2008/12/19 22:01:07 | 01,160,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2008/12/19 22:01:07 | 00,826,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2008/12/19 22:01:07 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2008/12/19 22:01:06 | 00,477,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2008/12/19 22:01:06 | 00,347,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2008/12/19 22:01:06 | 00,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2008/12/19 22:01:06 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2008/12/19 22:00:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008/12/19 22:00:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008/12/19 21:58:07 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008/12/19 21:57:55 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008/12/19 21:57:49 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008/12/19 21:46:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 6.0
[2008/12/19 20:40:49 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\config
[2008/12/19 20:32:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSBuild
[2008/12/19 20:26:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2008/12/19 20:25:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2008/12/19 20:24:52 | 00,000,000 | ---D | C] -- C:\af893bc19402ad1a98f18d434c686d6c
[2008/12/19 20:23:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2008/12/19 20:16:45 | 00,565,600 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/19 20:16:06 | 00,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2008/12/19 20:15:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2008/12/19 20:09:57 | 01,009,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kernel32.dll
[2008/12/19 20:09:54 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tzchange.exe
[2008/12/19 20:09:49 | 00,553,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32.dll
[2008/12/19 20:09:15 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/12/19 20:09:14 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/12/19 20:09:14 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/12/19 20:09:13 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/12/19 20:09:10 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\diskraid.exe
[2008/12/19 20:07:42 | 00,292,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32.dll
[2008/12/19 20:07:40 | 00,453,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w03a2409.dll
[2008/12/19 20:07:24 | 01,033,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browseui.dll
[2008/12/19 20:07:19 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\user32.dll
[2008/12/19 20:06:55 | 08,360,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shell32.dll
[2008/12/19 20:06:50 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswsock.dll
[2008/12/19 20:06:50 | 00,160,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dnsapi.dll
[2008/12/19 20:06:45 | 01,121,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3.dll
[2008/12/19 20:06:42 | 02,854,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msi.dll
[2008/12/19 20:06:41 | 00,629,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcrt4.dll
[2008/12/19 20:06:40 | 00,345,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32.dll
[2008/12/19 20:05:03 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl.mui
[2008/12/19 20:05:03 | 00,023,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2008/12/19 20:05:03 | 00,018,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll.mui
[2008/12/19 20:05:02 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2008/12/19 06:37:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WindowsUpdate
[2008/12/19 03:00:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\$hf_mig$
[2008/12/18 23:57:20 | 01,099,264 | ---- | C] () -- C:\WINDOWS\adfs.msp
[2008/12/18 23:55:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2008/12/18 23:54:51 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32(4).dll
[2008/12/18 23:54:51 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gdi32(3).dll
[2008/12/18 23:54:30 | 00,345,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\netapi32(3).dll
[2008/12/18 23:54:25 | 00,552,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oleaut32(3).dll
[2008/12/18 23:54:20 | 00,629,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rpcrt4(3).dll
[2008/12/18 23:54:09 | 00,602,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\user32(3).dll
[2008/12/18 23:45:50 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2008/12/18 23:45:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\PolicyBackup
[2008/12/18 23:43:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2008/12/18 23:41:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2008/12/18 23:37:32 | 00,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/12/18 23:36:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2008/12/18 23:35:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2008/12/18 23:32:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TweakNow PowerPack Pro
[2008/12/18 23:32:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TweakNow PowerPack
[2008/12/18 23:30:52 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2008/12/18 23:23:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ICQ
[2008/12/18 23:23:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2008/12/18 23:22:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2008/12/18 23:17:38 | 02,106,750 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2008/12/18 23:17:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\nview
[2008/12/18 23:16:45 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/12/18 23:16:45 | 00,141,016 | ---- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2008/12/18 23:16:45 | 00,037,376 | ---- | C] () -- C:\WINDOWS\CPLUtl64.exe
[2008/12/18 23:16:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek AC97
[2008/12/18 23:14:57 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2008/12/18 23:14:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ITE
[2008/12/18 23:14:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2008/12/18 23:13:32 | 02,337,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_25.dll
[2008/12/18 23:11:59 | 00,014,136 | R--- | C] (BIOSTAR Group) -- C:\WINDOWS\System32\drivers\BIOS64.sys
[2008/12/18 22:54:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008/12/18 22:54:09 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2008/12/18 22:54:08 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\My Documents\desktop.ini
[2008/12/18 22:54:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2008/12/18 22:54:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2008/12/18 22:54:03 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
[2008/12/18 22:54:03 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2008/12/18 22:54:03 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2008/12/18 22:54:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2008/12/18 22:53:57 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/18 22:53:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/18 22:52:28 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/18 22:49:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2008/12/18 22:49:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ime
[2008/12/18 22:49:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\system
[2008/12/18 22:49:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\speechengines
[2008/12/18 22:49:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\microsoft shared
[2008/12/18 22:48:58 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2008/12/18 22:48:58 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2008/12/18 22:48:58 | 00,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/12/18 22:48:58 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2008/12/18 22:48:58 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2008/12/18 22:48:54 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/18 22:48:54 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/18 22:48:54 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/18 22:48:49 | 00,115,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2008/12/18 22:48:09 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Uninstall Information
[2008/12/18 22:47:26 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2008/12/18 22:47:26 | 00,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2008/12/18 22:47:26 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2008/12/18 22:47:26 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2008/12/18 22:47:26 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2008/12/18 22:47:26 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2008/12/18 22:47:26 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2008/12/18 22:47:26 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2008/12/18 22:47:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeeting
[2008/12/18 22:47:21 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2008/12/18 22:47:21 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2008/12/18 22:47:05 | 00,000,527 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/12/18 22:46:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2008/12/18 22:46:54 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2008/12/18 22:46:53 | 00,213,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2008/12/18 22:46:52 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2008/12/18 22:46:52 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2008/12/18 22:46:52 | 00,202,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2008/12/18 22:46:52 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups2.dll
[2008/12/18 22:46:52 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups(2).dll
[2008/12/18 22:46:52 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2008/12/18 22:46:51 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2008/12/18 22:46:51 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2008/12/18 22:46:51 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2008/12/18 22:46:48 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker
[2008/12/18 22:46:40 | 00,144,128 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2008/12/18 22:46:40 | 00,144,128 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2008/12/18 22:46:39 | 00,000,002 | -HS- | C] () -- C:\Program Files (x86)\desktop.ini
[2008/12/18 22:46:39 | 00,000,002 | ---- | C] () -- C:\WINDOWS\desktop.ini
[2008/12/18 22:46:35 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2008/12/18 22:46:33 | 00,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2008/12/18 22:46:33 | 00,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2008/12/18 22:46:33 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2008/12/18 22:46:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2008/12/18 22:46:33 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Services
[2008/12/18 22:46:31 | 00,694,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2008/12/18 22:46:31 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2008/12/18 22:46:28 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Outlook Express
[2008/12/18 22:46:24 | 00,300,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2008/12/18 22:46:24 | 00,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2008/12/18 22:46:24 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2008/12/18 22:46:24 | 00,000,065 | RH-- | C] () -- C:\WINDOWS\tasks\desktop.ini
[2008/12/18 22:46:24 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2008/12/18 22:46:23 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2008/12/18 22:46:23 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2008/12/18 22:46:23 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2008/12/18 22:46:23 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2008/12/18 22:46:23 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2008/12/18 22:46:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\System
[2008/12/18 22:46:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Internet Explorer
[2008/12/18 22:46:08 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2008/12/18 22:45:48 | 00,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/12/18 22:45:48 | 00,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/12/18 22:45:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2008/12/18 22:45:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Media Player
[2008/12/18 22:45:19 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2008/12/18 22:45:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Gaming Zone
[2008/12/18 22:45:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Windows NT
[2008/12/18 22:45:13 | 00,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2008/12/18 22:45:13 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2008/12/18 22:45:08 | 00,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2008/12/18 22:45:07 | 00,343,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2008/12/18 22:45:01 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/12/18 22:45:01 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/12/18 22:45:01 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2008/12/18 22:45:01 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2008/12/18 22:45:01 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2008/12/18 22:45:00 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2008/12/18 22:45:00 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/12/18 22:45:00 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2008/12/18 22:45:00 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/12/18 22:45:00 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/12/18 22:45:00 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/12/18 22:45:00 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/12/18 22:44:59 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2008/12/18 22:44:59 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2008/12/18 22:44:58 | 00,541,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2008/12/18 22:44:58 | 00,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2008/12/18 22:44:57 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2008/12/18 22:44:57 | 00,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2008/12/18 22:44:57 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2008/12/18 22:44:56 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2008/12/18 22:44:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSN
[2008/12/18 22:44:45 | 01,865,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2008/12/18 22:44:45 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2008/12/18 22:44:45 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2008/12/18 22:44:45 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2008/12/18 22:44:42 | 00,616,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2008/12/18 22:44:42 | 00,593,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2008/12/18 22:44:42 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2008/12/18 22:44:42 | 00,181,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comadmin.dll
[2008/12/18 22:44:42 | 00,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2008/12/18 22:44:42 | 00,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2008/12/18 22:44:42 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2008/12/18 22:44:42 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2008/12/18 22:44:42 | 00,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2008/12/18 22:44:42 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2008/12/18 22:44:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2008/12/18 22:44:41 | 01,295,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2008/12/18 22:44:41 | 00,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2008/12/18 22:44:41 | 00,272,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2008/12/18 22:44:41 | 00,058,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2008/12/18 22:44:41 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2008/12/18 22:44:38 | 00,468,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2008/12/18 22:44:38 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2008/12/18 22:44:38 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2008/12/18 22:44:38 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2008/12/18 22:44:34 | 00,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2008/12/18 22:44:34 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2008/12/18 15:19:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ODBC
[2008/12/18 15:19:23 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2008/12/18 15:19:22 | 00,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/18 15:19:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeechEngines
[2008/12/18 15:19:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Shared
[2008/12/18 15:19:17 | 00,000,000 | R--D | C] -- C:\Program Files (x86)
[2008/12/18 15:19:17 | 00,000,000 | R--D | C] -- C:\Program Files
[2008/12/18 15:19:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files
[2008/12/18 15:19:16 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2008/12/18 15:19:16 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2008/12/18 15:19:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2008/12/18 15:19:16 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2008/12/18 15:19:16 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2008/12/18 15:19:15 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2008/12/18 15:19:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2008/12/18 15:19:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2008/12/18 15:19:15 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2008/12/18 15:19:15 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2008/12/18 15:19:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2008/12/18 15:19:15 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2008/12/18 15:19:14 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2008/12/18 15:19:14 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2008/12/18 15:19:14 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2008/12/18 15:19:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2008/12/18 15:19:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2008/12/18 15:19:05 | 00,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2008/12/18 15:19:04 | 00,000,150 | ---- | C] () -- C:\WINDOWS\system.ini
[2008/12/18 15:18:58 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/18 15:18:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/18 15:18:58 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/18 15:18:42 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/12/18 15:18:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2008/12/18 15:18:33 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2008/12/18 15:15:44 | 00,000,393 | -HS- | C] () -- C:\boot.ini
[2008/12/18 15:10:53 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2008/12/18 15:10:53 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2008/12/18 15:10:53 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\SysWOW64
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\InstallShield
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Drivers
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent64
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime (x86)
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2008/12/18 15:10:53 | 00,000,000 | ---D | C] -- C:\WINDOWS
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:6BA3FE57F52AA31C
[2008/12/18 00:37:18 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\msdrve.dll
[2008/12/18 00:37:16 | 00,010,816 | ---- | C] () -- C:\WINDOWS\vmoptver.dll
[2008/12/13 02:05:28 | 03,593,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/01/06 10:00:00 | 00,000,514 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009/01/06 09:55:29 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTViewIt.exe
[2009/01/06 09:15:05 | 00,000,402 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE.job
[2009/01/05 17:00:01 | 00,000,488 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/01/04 21:53:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/04 21:53:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/04 21:48:06 | 00,000,956 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/04 21:24:07 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/01/04 18:47:10 | 02,106,750 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/01/04 18:39:58 | 00,000,016 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2009/01/04 18:38:22 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/04 18:38:18 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/04 14:39:31 | 00,000,393 | -HS- | M] () -- C:\boot.ini
[2009/01/04 13:53:09 | 00,000,099 | -HS- | M] () -- C:\Documents and Settings\All Users\Desktop\desktop.ini
[2009/01/03 18:30:24 | 00,198,230 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\oreganol receipt.xps
[2009/01/03 18:20:10 | 00,001,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Restart.lnk
[2009/01/03 01:06:06 | 00,000,083 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2009/01/02 21:19:04 | 00,000,927 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk
[2009/01/02 18:25:40 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/31 22:15:40 | 00,140,288 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\insurance discontinuance notice.doc
[2008/12/31 19:39:21 | 02,049,354 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Fen_www1.wmv
[2008/12/29 23:28:49 | 00,003,532 | ---- | M] () -- C:\drmHeader.bin
[2008/12/29 21:23:14 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\quotations.doc
[2008/12/24 20:27:46 | 00,129,502 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\gazelle packing label.pdf
[2008/12/21 21:54:45 | 00,071,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/12/21 12:58:35 | 00,000,067 | ---- | M] () -- C:\WINDOWS\DVDRegionFree.INI
[2008/12/21 12:19:20 | 00,164,655 | ---- | M] () -- C:\WINDOWS\System32\iuctl.cab
[2008/12/21 01:27:01 | 00,000,615 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Folding@Home 5.03.lnk
[2008/12/21 01:24:07 | 00,000,527 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/20 22:25:36 | 00,000,032 | ---- | M] () -- C:\WINDOWS\go
[2008/12/20 22:08:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2008/12/20 22:08:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2008/12/20 21:31:42 | 00,002,623 | ---- | M] () -- C:\WINDOWS\Irremote.ini
[2008/12/20 21:21:20 | 00,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2008/12/20 20:58:43 | 00,000,439 | ---- | M] () -- C:\WINDOWS\tasks\1 Copernic Intra-Daily ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,425 | ---- | M] () -- C:\WINDOWS\tasks\4 Copernic Monthly ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,420 | ---- | M] () -- C:\WINDOWS\tasks\3 Copernic Weekly ~CHEESYMOUSE Administrator.job
[2008/12/20 20:58:43 | 00,000,415 | ---- | M] () -- C:\WINDOWS\tasks\2 Copernic Daily ~CHEESYMOUSE Administrator.job
[2008/12/20 15:59:34 | 00,298,104 | ---- | M] (Eset ) -- C:\WINDOWS\System32\imon.dll
[2008/12/20 15:59:05 | 00,009,728 | ---- | M] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008/12/20 15:53:37 | 00,099,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2008/12/20 15:53:37 | 00,082,816 | ---- | M] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2008/12/20 15:53:37 | 00,007,859 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2008/12/20 15:53:36 | 00,001,167 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2008/12/20 15:52:55 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2008/12/20 14:45:50 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Window Washer.lnk
[2008/12/20 13:48:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\null.sys
[2008/12/20 13:48:19 | 07,507,296 | ---- | M] (PC Tools ) -- C:\WINDOWS\rminstall.exe
[2008/12/19 23:06:44 | 00,565,600 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/19 20:35:53 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2008/12/19 20:35:53 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2008/12/18 23:52:10 | 00,297,072 | RHS- | M] () -- C:\ntldr
[2008/12/18 22:49:02 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[2008/12/18 22:48:58 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/18 22:48:58 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/18 22:48:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2008/12/18 22:48:58 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/12/18 22:48:58 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/12/18 22:48:55 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2008/12/18 22:48:49 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/18 22:45:48 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2008/12/18 22:45:48 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2008/12/18 15:19:17 | 00,000,150 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/18 15:18:58 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini
[2008/12/18 15:18:58 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2008/12/18 00:37:18 | 00,016,384 | ---- | M] () -- C:\WINDOWS\System32\msdrve.dll
[2008/12/18 00:37:16 | 00,010,816 | ---- | M] () -- C:\WINDOWS\vmoptver.dll
[2008/12/15 12:09:11 | 00,024,064 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Redbox is giving away free 1 day rentals.doc
[2008/12/14 16:01:52 | 00,097,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\windows update error.doc
[2008/12/13 02:05:28 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 19:22:47 | 00,293,527 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MovieList2008.pdf
[2008/12/10 22:17:00 | 00,169,046 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\top ten countdown.xps
[2008/12/09 15:24:38 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
< End of report >


Extra's

OTViewIt Extras logfile created on: 1/6/2009 10:52:20 AM - Run 2
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.05 Gb Available Physical Memory | 69.78% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 29.30 Gb Free Space | 19.66% Space Free | Partition Type: NTFS
Drive D: | 38.28 Gb Total Space | 1.00 Gb Free Space | 2.60% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHEESYMOUSE
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\Program Files (x86)\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
File not found -- C:\Program Files (x86)\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
File not found -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/11/30 06:41:05 | 00,172,792 | ---- | M] (ICQ, Inc.) -- C:\Program Files (x86)\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
[2008/12/15 10:31:46 | 03,945,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application
[2008/12/11 12:51:57 | 00,528,384 | ---- | M] () -- C:\Program Files (x86)\Phantom EFX\OnlineCasino\Launcher\OLCLauncher.exe:*:Enabled:OLCLauncher
[2007/10/25 16:58:52 | 00,122,880 | ---- | M] () -- C:\Program Files (x86)\Phantom EFX\OnlineCasino\Bin\Prelauncher.exe:*:Enabled:Prelauncher
[2008/11/25 15:12:06 | 01,302,528 | ---- | M] () -- C:\Program Files (x86)\Phantom EFX\OnlineCasino\Bin\OnlineCasino.exe:*:Enabled:OnlineCasino
[2008/11/05 21:59:00 | 04,347,120 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\imon.dll (Eset )
Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\imon.dll (Eset )

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/12/02 19:17:04 | 01,142,744 | ---- | M] (Copernic Technologies Inc.) C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (copernicagent:{A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} (HKLM) [])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2004/12/02 19:17:04 | 01,142,744 | ---- | M] (Copernic Technologies Inc.) C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll (copernicagentcache:{AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} (HKLM) [])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/10/17 05:17:24 | 01,160,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll (gopher:{79eac9e4-baf9-11ce-8c82-00aa004ba90b} (HKLM) [gopher: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/07/03 14:14:54 | 00,694,784 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll (mhtml:{05300401-BCBC-11d0-85E3-00C04FD85AB4} (HKLM) [MHTML Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2005/09/20 12:33:58 | 00,843,984 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:32 | 00,137,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll (ms-its:{9D148291-B9C8-11D0-A4CC-0000F80149F6} (HKLM) [Microsoft InfoTech Protocols for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/12/13 02:05:28 | 03,593,216 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll (sysimage:{76E67A63-06E9-11D2-A840-006008059382} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2007/02/18 11:05:42 | 01,563,136 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvidctl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2005/03/25 05:00:00 | 00,074,240 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiascr.dll (wia:{13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} (HKLM) [WiaProtocol Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/11/08 00:55:44 | 08,360,448 | ---- | M] (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll text/webviewhtml:{733AC4CB-F1A4-11d0-B951-00A0C90312E1} (HKLM) [WebView MIME Filter]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}"=Adobe AIR
"{08E16CBF-7029-4881-83DF-D0B3A63030B4}"=WOT for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}"=Java(TM) 6 Update 11
"{2712C3CA-931D-4B12-9605-06FF0DFDFADA}"=Reel Deal Card Games
"{417E7710-C77B-4CB9-839A-D586A12C64E2}"=Smart Guardian
"{5888428E-699C-4E71-BF71-94EE06B497DA}"=TuneUp Utilities 2008
"{60DE4033-9503-48D1-A483-7846BD217CA9}"=ICQ6.5
"{68FF1339-3628-4D37-B6D9-A49FCA562930}"=GoldRush
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1"=ConvertXtoDVD 3.0.0.1
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}"=DivX Codec
"{83073C45-3003-4671-9A86-243AAADD915A}"=Microsoft Calculator Plus
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}"=Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}"=DivX Player
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1033}"=Nero 8
"{90110409-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}"=Compatibility Pack for the 2007 Office system
"{92B79901-C57D-409F-8D2F-4E5337383569}"=OpenOffice.org 3.0
"{95738B44-49CF-4C62-A620-320F1007B14A}"=SpiralFrog Download Manager 0.8.25
"{963A7A63-1326-4D68-81F2-DB9E01ED7EA5}"=Card Games 2009
"{A53459B9-6C96-4A02-805F-262C10E81BB7}"=Bejeweled 2
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}"=DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B43A3C5D-7F74-4493-840E-D7B74520BC19}"=PDF Download for Internet Explorer
"{B6F3282D-3782-4FBC-B6A6-2F68F382F2C7}"=HighRoller
"{B7050CBDB2504B34BC2A9CA0A692CC29}"=DivX Web Player
"{B8E30EC8-166C-46CD-B148-1EEDCA880FD0}"=Vegas Experience
"{C1D37ACC-A99F-4A0D-B361-451CC005759B}"=Ghost Town
"{C662595F-CDF9-4BF5-8323-3F7C6A7EADF7}"=Bonus Mania
"{D75DCC6C-5D97-48AC-B74B-68DBC2E84F2F}"=MysticForest
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1"=NOD32 FiX
"{FB08F381-6533-4108-B7DD-039E11FBC27E}"=Realtek AC'97 Audio
"{FD5913FA-5617-4A81-95F2-6A87FA349DD5}"=Sweet Tooth To Go
"Adblock Pro"=Adblock Pro 2.6
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Advanced SystemCare 3_is1"=Advanced SystemCare 3
"AnyDVD"=AnyDVD
"AtomTime Pro_is1"=AtomTime Pro 3.1d
"AVI MPEG RM WMV Joiner_is1"=AVI/MPEG/RM/WMV Joiner 4.81
"Bejeweled Twist 1.0"=Bejeweled Twist 1.0
"Brain Training for Dummies®"=Brain Training for Dummies®
"CCleaner"=CCleaner (remove only)
"CloneDVD2"=CloneDVD2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Copernic Agent Professional"=Copernic Agent Professional
"Daniusoft Media Converter Pro_is1"=Daniusoft Media Converter Pro(Build 2.2.4.0)
"DivX Content Uploader"=DivX Content Uploader
"DVD Creator3"=DVD Creator3
"DVD Decrypter"=DVD Decrypter (Remove Only)
"DVD Region+CSS Free_is1"=DVD Region+CSS Free 5.9.8.5
"DVD Ripper Platinum 4"=DVD Ripper Platinum 4
"DVD Shrink_is1"=DVD Shrink 3.2
"EmailStripper_is1"=EmailStripper 2.2
"Glyph 2"=Glyph 2
"Hide and Secret"=Hide and Secret
"Hide IP Platinum_is1"=Hide IP Platinum 3.5
"HijackThis"=HijackThis 2.0.2
"Jewel Match Winter Wonderland "=Jewel Match Winter Wonderland
"Jewel Quest Mysteries"=Jewel Quest Mysteries
"Magic ISO Maker v5.4 (build 0251)"=Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"NOD32"=NOD32 antivirus system
"PCRepair 2005_is1"=PCRepair 2005
"PIXresizer_is1"=PIXresizer 2.0.3
"Power Screen Capture_is1"=Power Screen Capture 7.0.0.760
"PowerISO"=PowerISO
"Registry Crawler"=Registry Crawler
"Registry Mechanic_is1"=Registry Mechanic 8.0
"Replay Media Catcher"=Replay Media Catcher
"Revo Uninstaller"=Revo Uninstaller 1.75
"ShaPlus Bandwidth Meter"=ShaPlus Bandwidth Meter 1.2
"Super DVD Creator_is1"=Super DVD Creator 9.8 Full Version
"TeamViewer 4"=TeamViewer 4
"TweakNow PowerPack Professional_is1"=TweakNow PowerPack Professional
"UltimateDefrag 2008"=UltimateDefrag 2008
"UltraISO_is1"=UltraISO Premium V8.65
"Winamp"=Winamp
"Window Washer"=Window Washer
"WinGimp-2.0_is1"=GIMP 2.6.3
"WinRAR archiver"=WinRAR archiver
"WinZip"=WinZip
"Xilisoft DVD Ripper Platinum"=Xilisoft DVD Ripper Platinum 4
"Xilisoft DVD to DivX Converter"=Xilisoft DVD to DivX Converter
"XoftSpySE"=XoftSpySE
"Yahoo! Messenger"=Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/30/2008 2:25:12 AM | Computer Name = CHEESYMOUSE | Source = wwSecure.exe | ID = 0
Description =

Error - 12/31/2008 11:09:36 PM | Computer Name = CHEESYMOUSE | Source = VSS | ID = 8211
Description =

Error - 1/4/2009 12:38:46 AM | Computer Name = CHEESYMOUSE | Source = Diskeeper | ID = 5
Description =

Error - 1/10/2009 1:26:45 AM | Computer Name = CHEESYMOUSE | Source = Diskeeper | ID = 5
Description =

Error - 1/4/2009 4:13:21 PM | Computer Name = CHEESYMOUSE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16762, faulting
module wot.dll, version 8.8.11.0, fault address 0x0001208b.

Error - 1/4/2009 4:13:25 PM | Computer Name = CHEESYMOUSE | Source = Application Error | ID = 1001
Description = Fault bucket 1047785817.

Error - 1/4/2009 9:44:31 PM | Computer Name = CHEESYMOUSE | Source = Application Error | ID = 1005
Description = Windows cannot access the file D:\Music\90's\Billboard Top 100 of
1995\1995-053-Dr._Dre-Keep_Their_Heads_Ringin' (Friday Soundtrack).MP3 for one of
the following reasons: there is a problem with the network connection, the disk
that the file is stored on, or the storage drivers installed on this computer; or
the disk is missing. Windows closed the program 1995-053-Dr._Dre-Keep_Their_Heads_Ringin'
(Friday Soundtrack).MP3 because of this error. Program: 1995-053-Dr._Dre-Keep_Their_Heads_Ringin'
(Friday Soundtrack).MP3 File: D:\Music\90's\Billboard Top 100 of 1995\1995-053-Dr._Dre-Keep_Their_Heads_Ringin'
(Friday Soundtrack).MP3 The error value is listed in the Additional Data section.
User
Action 1. Open the file again. This situation might be a temporary problem that corrects
itself when the program runs again. 2. If the file still cannot be accessed and -
It is on the network, your network administrator should verify that there is not
a problem with the network and that the server can be contacted. - It is on a removable
disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted
into the computer. 3. Check and repair the file system by running CHKDSK. To run
CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt,
type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file
from a backup copy. 5. Determine whether other files on the same disk can be opened.
If not, the disk might be damaged. If it is a hard disk, contact your administrator
or computer hardware vendor for further assistance. Additional Data Error value:
C000009C Disk type: 3

Error - 1/4/2009 9:44:36 PM | Computer Name = CHEESYMOUSE | Source = Application Error | ID = 1000
Description = Faulting application FixVundo[1].exe, version 1.5.1.0, faulting module
FixVundo[1].exe, version 1.5.1.0, fault address 0x00003933.

Error - 1/4/2009 9:44:41 PM | Computer Name = CHEESYMOUSE | Source = Application Error | ID = 1001
Description = Fault bucket 00470146.

Error - 1/4/2009 9:48:26 PM | Computer Name = CHEESYMOUSE | Source = VSS | ID = 8211
Description =

[ System Events ]
Error - 1/6/2009 12:15:08 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:14 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:19 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:27 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:33 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:36 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:39 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 12:15:47 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 1:04:26 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/6/2009 1:04:29 PM | Computer Name = CHEESYMOUSE | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.


< End of report >

[Shaba]

It also looks that you have illegal NOD32.

Uninstall these:

NOD32 FiX
NOD32 antivirus system

Install one antivirus from below:

1) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Post back a fresh HijackThis log afterwards, please.

[jackistheman]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:26 AM, on 1/6/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Folding@Home\winFAH.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Folding@Home\FahCore_78.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\SysWOW64\wwSecure.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~2\COPERN~1\COPERN~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (file missing)
O2 - BHO: Adblock Pro - {F385C231-605B-4d8f-ACA9-DBFF765BBE17} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O4 - HKLM\..\Run: [ShaPlus Bandwidth Meter] "C:\Program Files (x86)\ShaPlus Bandwidth Meter\ShaPlus Bandwidth Meter" /s
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Folding@Home 5.03.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Block This Image (ABP) - C:\Program Files (x86)\Adblock Pro\blockimg.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files (x86)\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (file missing)
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O9 - Extra 'Tools' menuitem: Adblock Pro Preferences - {E7FD3540-AB30-40f1-91E7-101F733C1FD5} - C:\Program Files (x86)\Adblock Pro\AdblockPro.dll
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll (file missing) (HKCU)
O15 - Trusted Zone: download.windowsupdate.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 9742405688
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files (x86)\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\WINDOWS\System32\TuneUpDefragService.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
O23 - Service: Washer AutoComplete (wwSecSvc) - Webroot Software, Inc. - C:\WINDOWS\system32\wwSecure.exe

--
End of file - 8373 bytes

[Shaba]

Thank you

Please post next any errors messages you got from MS update.

[jackistheman]

now this is what it is giving me, even though i am currently signed in as administrator, and i do not have a shortcut in my start menu for windows update, i have to use the tools menu to get there.



Administrators Only


To install items from Windows Update, you must be logged on as an administrator or a member of the Administrators group. If your computer is connected to a network, network policy settings may also prevent you from completing this procedure.

Note If you are running a Windows 2000 (except DataCenter), Windows XP, or Windows Server 2003 operating system, you can run the local administrator account on your computer without having to log off and then log on again.

To run as the local administrator in Windows XP or Windows Server 2003:


Click Start, and then click All Programs (or right-click Windows Update if it is available).
Right-click Windows Update.
Click Run as on the menu that appears.
Do one of the following:
Enter the password for the administrator.
Enter the user name, domain name, and password of a different user account that has administrative permissions on this computer.

To run as the local administrator in Windows 2000:


Click Start, right-click Windows Update, and then click Run As on the menu that appears.
Do one of the following:
Enter the password for the administrator.
Enter the user name, domain name, and password of a different user account that has administrative permissions on this computer.

If the option to run as the local administrator is not available:


Click Start, right-click Windows Update, and then click Properties.
Click the Shortcut tab, and then select the Run as different user check box.

[Shaba]

Does that same happen if you create another admin account and try to access windows update via that?

[jackistheman]

got it, tyvm for your help