WiredWX Hobby Weather ToolsLog in

 


descriptionHard Drive Fake Safe Mode EmptyHard Drive Fake Safe Mode

more_horiz
Hello, I have basically the same problem that daze71 posted the other day, so I'll quote some of their post to give you the problems. I also have the two text files I'll copy below. Thanks in advance.

"
i have a virus called HardDrive which looks the same as harddrive diagnostics but the icon display for this virus is 4 jigsaw puzzle pieces instead of the block icon you get in your system defragger if that makes sense.

i have tried to remove with malwarebytes anti malware going through safe mode and using i explore to cancel the process but to no avail, now when i boot up even in safe mode the virus kicks in so i cannot even see my desktop and cannot use task manager (control alt delete) as it pops up that this has been disabled by my administrator even though i am logged in on that account ?

if i boot up in normal mode it gives the impression i am in safe mode but again i cannot see my desk top to run anything"

My own observations: After running Malwarebytes, upon clicking to reboot computer, several errors flash up and I believe this prevents the malware from being removed. If you accidentally click on one of these errors, they multiply, and I think this is what locks you out of the different profiles. I am now locked out of profiles on normal boot, safe mode, and safe mode with networking. The only thing I can run really is Dafe Mode with the DOS prompt, and I don't know how to access the internet in that mode. Here are the file contents, and thanks again.
OTL.txt:
OTL logfile created on: 3/3/2011 7:39:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 721.00 Mb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.18 Gb Total Space | 76.40 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
Drive D: | 9.58 Gb Total Space | 1.38 Gb Free Space | 14.38% Space Free | Partition Type: FAT32
Drive E: | 510.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 979.53 Mb Total Space | 778.77 Mb Free Space | 79.50% Space Free | Partition Type: FAT

Computer Name: JPITTMAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/03 19:36:34 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\41281.exe
PRC - [2011/03/03 13:16:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2006/02/28 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/03 13:16:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/02 09:22:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/09/02 07:26:16 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/07/09 06:55:39 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2007/12/21 09:00:57 | 000,406,528 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS)
SRV - [2007/10/24 08:01:03 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2007/03/02 10:16:44 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Stopped] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/01/04 23:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper)


========== Driver Services (SafeList) ==========

DRV - [2010/09/02 07:26:10 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Stopped] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/12/21 09:00:57 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2007/10/24 08:00:59 | 000,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007/03/02 10:16:47 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007/03/02 10:16:45 | 000,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi)
DRV - [2007/03/02 10:16:44 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2006/04/18 06:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/03/14 13:02:54 | 001,428,480 | ---- | M] (IntelĀ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/03/02 06:03:32 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/02/28 07:00:00 | 000,200,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RMCast.sys -- (RMCAST)
DRV - [2006/02/28 07:00:00 | 000,072,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/09/19 15:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/09/19 15:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005/09/19 15:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/08/22 10:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/08/22 10:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/08/22 10:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q306&bd=pavilion&pf=laptop
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{4C0068C7-F000-4F78-9564-7CBC4379E925}: C:\Documents and Settings\Jesse\Local Settings\Application Data\{4C0068C7-F000-4F78-9564-7CBC4379E925} [2009/04/15 21:30:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/02/07 08:39:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/08 14:06:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/30 16:09:13 | 000,000,000 | ---D | M]

[2011/01/26 08:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2006/11/20 20:05:47 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/01/02 11:46:31 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2004/08/04 16:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG7_CC] C:\Program Files\Grisoft\AVG7\avgcc.exe (GRISOFT, s.r.o.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [WildTangent CDA] C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe (WildTangent, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [AVG7_Run] C:\Program Files\Grisoft\AVG7\avgw.exe (GRISOFT, s.r.o.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\StartUp\Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (Starz)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1294373013609 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Wave.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Wave.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/02 22:56:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 22:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 14:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/02/28 07:00:00 | 000,000,110 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/04/19 06:14:46 | 000,023,555 | ---- | M] () - F:\AutoIDCard.pdf -- [ FAT ]
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\SETUP.EXE -- [2006/02/28 07:00:00 | 001,314,816 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll) - C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll (ACTS)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {971DE41B-157A-CE9F-51EC-576ED6CE1CEA} - Viewpoint Media Player
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CCDA2DF4-95EA-C55F-E2C7-60917D7392D2} - NetShow
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/03/03 19:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AVG7
[2011/03/03 19:38:07 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/03/03 06:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/03/03 06:30:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Hard Drive
[2011/03/03 06:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/02 23:02:43 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/03/02 23:02:43 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/03/02 23:02:41 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2011/03/02 23:02:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/03/02 23:02:40 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2011/03/02 23:02:38 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2011/03/02 23:02:38 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/03/02 23:02:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/03/02 23:02:37 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/03/02 23:02:37 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/03/02 23:02:23 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2011/03/02 23:02:20 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/03/02 23:02:18 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2011/03/02 23:02:16 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/03/02 23:02:15 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/03/02 23:02:15 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/03/02 23:02:10 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2011/03/02 23:02:09 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/03/02 23:02:08 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2011/03/02 23:02:08 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2011/03/02 23:02:06 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/03/02 23:02:01 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2011/03/02 23:02:01 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2011/03/02 23:02:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2011/03/02 23:02:01 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/03/02 23:02:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2011/03/02 23:02:01 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/03/02 23:02:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2011/03/02 23:02:00 | 000,456,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2011/03/02 23:02:00 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2011/03/02 23:02:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2011/03/02 23:01:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/03/02 23:01:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/03/02 23:01:58 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/03/02 23:01:57 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2011/03/02 23:01:57 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/03/02 23:01:57 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/03/02 23:01:57 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/03/02 23:01:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/03/02 23:01:56 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/03/02 23:01:56 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/03/02 23:01:56 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/03/02 23:01:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/03/02 23:01:56 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/03/02 23:01:55 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/03/02 23:01:55 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/03/02 23:01:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/03/02 23:01:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/03/02 23:01:55 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/03/02 23:01:50 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/03/02 23:01:43 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/03/02 23:01:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/03/02 23:01:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/03/02 23:01:35 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/03/02 23:01:35 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/03/02 23:01:35 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2011/03/02 23:01:32 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2011/03/02 23:01:30 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/03/02 23:01:30 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/03/02 23:01:26 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2011/03/02 23:01:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/03/02 23:01:25 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/03/02 23:01:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2011/03/02 23:01:19 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/03/02 23:01:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/03/02 23:01:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/03/02 23:01:17 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/03/02 23:01:14 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/03/02 23:01:06 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/03/02 23:01:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2011/03/02 23:01:02 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/03/02 23:00:55 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2011/03/02 23:00:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2011/03/02 23:00:27 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/03/02 23:00:26 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/03/02 23:00:26 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2011/03/02 23:00:25 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2011/03/02 23:00:25 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/03/02 23:00:23 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/03/02 23:00:22 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2011/03/02 23:00:22 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2011/03/02 23:00:21 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/03/02 23:00:21 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2011/03/02 23:00:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2011/03/02 23:00:10 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/03/02 23:00:09 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2011/03/02 23:00:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/03/02 23:00:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/03/02 23:00:05 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2011/03/02 23:00:03 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2011/03/02 23:00:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/03/02 23:00:02 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2011/03/02 22:59:57 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2011/03/02 22:59:57 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2011/03/02 22:59:57 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/03/02 22:59:57 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/03/02 22:59:56 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2011/03/02 22:59:56 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/03/02 22:59:56 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2011/03/02 22:59:56 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/03/02 22:59:46 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2011/03/02 22:59:45 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2011/03/02 22:59:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2011/03/02 22:59:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2011/03/02 22:59:38 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2011/03/02 22:59:35 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2011/03/02 22:59:34 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2011/03/02 22:59:34 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2011/03/02 22:59:34 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2011/03/02 22:59:34 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2011/03/02 22:59:34 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2011/03/02 22:59:34 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2011/03/02 22:59:33 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2011/03/02 22:59:33 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/03/02 22:59:33 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2011/03/02 22:59:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2011/03/02 22:59:33 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2011/03/02 22:59:33 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/03/02 22:59:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2011/03/02 22:59:33 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2011/03/02 22:59:32 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2011/03/02 22:59:32 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2011/03/02 22:59:32 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/03/02 22:59:32 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2011/03/02 22:59:32 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/03/02 22:59:32 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/03/02 22:59:32 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2011/03/02 22:59:31 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2011/03/02 22:59:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2011/03/02 22:59:30 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/03/02 22:59:29 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2011/03/02 22:59:29 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2011/03/02 22:59:27 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/03/02 22:59:25 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/03/02 22:59:25 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2011/03/02 22:59:24 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2011/03/02 22:59:24 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2011/03/02 22:59:24 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2011/03/02 22:59:23 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/03/02 22:59:22 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/03/02 22:59:22 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/03/02 22:59:22 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/03/02 22:59:09 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2011/03/02 22:59:06 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/03/02 22:59:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/03/02 22:59:05 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/03/02 22:59:05 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/03/02 22:59:03 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2011/03/02 22:58:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/03/02 22:58:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/03/02 22:58:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/03/02 22:58:57 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/03/02 22:58:55 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/03/02 22:58:44 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/03/02 22:58:42 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/03/02 22:58:25 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2011/03/02 22:58:25 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/03/02 22:58:25 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/03/02 22:58:23 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2011/03/02 22:58:23 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2011/03/02 22:58:23 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/03/02 22:58:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/03/02 22:58:10 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/03/02 22:58:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/03/02 22:58:09 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2011/03/02 22:58:02 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2011/03/02 22:58:02 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/03/02 22:58:01 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2011/03/02 22:58:01 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2011/03/02 22:57:59 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2011/03/02 22:57:59 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2011/03/02 22:57:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2011/03/02 22:57:51 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2011/03/02 22:57:50 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/03/02 22:57:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2011/03/02 22:57:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/03/02 22:57:49 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2011/03/02 22:57:49 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/03/02 22:57:49 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2011/03/02 22:57:48 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2011/03/02 22:57:48 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2011/03/02 22:57:48 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2011/03/02 22:57:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/03/02 22:57:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/03/02 22:57:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/03/02 22:57:47 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2011/03/02 22:57:47 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2011/03/02 22:57:46 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2011/03/02 22:57:46 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2011/03/02 22:57:46 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2011/03/02 22:57:46 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2011/03/02 22:57:46 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2011/03/02 22:57:46 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2011/03/02 22:57:46 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2011/03/02 22:57:45 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2011/03/02 22:57:45 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2011/03/02 22:57:45 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2011/03/02 22:57:45 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2011/03/02 22:57:45 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2011/03/02 22:57:45 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2011/03/02 22:57:44 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2011/03/02 22:57:41 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2011/03/02 22:57:41 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2011/03/02 22:57:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2011/03/02 22:57:40 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2011/03/02 22:57:40 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/03/02 22:57:40 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2011/03/02 22:57:39 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2011/03/02 22:57:38 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2011/03/02 22:57:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2011/03/02 22:57:37 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2011/03/02 22:57:35 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2011/03/02 22:54:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/03/02 22:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2011/03/02 22:06:48 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/03/02 22:06:48 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/03/02 22:06:48 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/03/02 22:06:48 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CINTLGNT.IME
[2011/03/02 22:06:47 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TINTLGNT.IME
[2011/03/02 22:06:47 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/03/02 22:06:47 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/03/02 22:06:47 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/03/02 22:06:47 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winar30.ime
[2011/03/02 22:06:47 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/03/02 22:06:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/03/02 22:06:47 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/03/02 22:06:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/03/02 22:06:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/03/02 22:06:46 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\phon.ime
[2011/03/02 22:06:46 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/03/02 22:06:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/03/02 22:06:46 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dayi.ime
[2011/03/02 22:06:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/03/02 22:06:46 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chajei.ime
[2011/03/02 22:06:46 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\quick.ime
[2011/03/02 22:06:46 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/03/02 22:06:46 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\uniime.dll
[2011/03/02 22:06:46 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/03/02 22:06:46 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winime.ime
[2011/03/02 22:06:46 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/03/02 22:06:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicdime.ime
[2011/03/02 22:06:46 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/03/02 22:06:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\romanime.ime
[2011/03/02 22:06:46 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/03/02 22:06:46 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\miniime.tpl
[2011/03/02 22:06:45 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/03/02 22:06:45 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/03/02 22:06:38 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/03/02 22:06:38 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/03/02 22:06:37 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME
[2011/03/02 22:06:37 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/03/02 22:06:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINZM.IME
[2011/03/02 22:06:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/03/02 22:06:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINSP.IME
[2011/03/02 22:06:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/03/02 22:06:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINPY.IME
[2011/03/02 22:06:37 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/03/02 22:06:37 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/03/02 22:06:37 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/03/02 22:06:37 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/03/02 22:06:37 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/03/02 22:06:36 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81k.dll
[2011/03/02 22:06:36 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/03/02 22:06:36 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/03/02 22:06:36 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\imjp81.ime
[2011/03/02 22:06:36 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/03/02 22:06:36 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/03/02 22:06:36 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/03/02 22:06:35 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/03/02 22:06:35 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/03/02 22:06:35 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/03/02 22:06:35 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/03/02 22:06:35 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/03/02 22:06:35 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/03/02 22:06:34 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/03/02 22:06:34 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/03/02 22:06:34 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/03/02 22:06:33 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/03/02 22:06:33 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chsbrkr.dll
[2011/03/02 22:06:33 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/03/02 22:06:33 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\chtbrkr.dll
[2011/03/02 22:06:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\korwbrkr.dll
[2011/03/02 22:06:32 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/03/02 22:06:31 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.lex
[2011/03/02 22:06:31 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/03/02 22:06:31 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msir3jp.dll
[2011/03/02 22:06:31 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/03/02 22:06:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2011/03/02 22:06:25 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/03/02 22:06:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2011/03/02 22:06:07 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2011/03/02 22:06:07 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_g18030.dll
[2011/03/02 22:06:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WINGB.IME
[2011/03/02 22:06:07 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/03/02 22:06:06 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/03/02 22:06:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101a.dll
[2011/03/02 22:06:06 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/03/02 22:06:01 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/03/02 22:06:01 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/03/02 22:06:00 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/03/02 22:06:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/03/02 22:06:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2011/03/02 22:05:52 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2011/03/02 22:05:51 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/03/02 22:05:51 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/03/02 22:05:51 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/03/02 22:05:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecAT.dll
[2011/03/02 22:05:51 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/03/02 22:05:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnec95.dll
[2011/03/02 22:05:51 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/03/02 22:05:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41a.dll
[2011/03/02 22:05:51 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2011/03/02 22:05:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlk41j.dll
[2011/03/02 22:05:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2011/03/02 22:05:50 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/03/02 22:05:50 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/03/02 22:05:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnecNT.dll
[2011/03/02 22:05:50 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/03/02 22:05:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdibm02.dll
[2011/03/02 22:05:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2011/03/02 22:05:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\f3ahvoas.dll
[2011/03/02 22:05:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2011/03/02 22:05:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdax2.dll
[2011/03/02 22:05:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2011/03/02 22:05:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106n.dll
[2011/03/02 22:05:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2011/03/02 22:05:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101.dll
[2011/03/02 22:05:50 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2011/03/02 22:05:49 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/03/02 22:05:49 | 000,315,452 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/03/02 22:05:23 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/03/02 22:05:23 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/03/02 22:05:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/03/02 22:05:13 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\c_is2022.dll
[2011/03/02 22:05:11 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2011/03/02 22:05:11 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2011/03/02 22:05:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2011/03/02 22:05:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll



descriptionHard Drive Fake Safe Mode Emptyotl.txt (cont)

more_horiz
[2011/03/02 22:05:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2011/03/02 22:04:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/03/02 22:04:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/03/02 22:04:52 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/03/02 22:04:52 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/03/02 14:02:32 | 000,733,184 | ---- | C] (ACTS) -- C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/03 19:45:24 | 000,453,278 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/03 19:45:24 | 000,074,858 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/03 19:36:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/03 19:36:38 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\41281
[2011/03/03 19:36:34 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\41281.exe
[2011/03/03 19:36:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/03 15:52:32 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1748A759-EB32-4CC7-A4EB-7DD00519BBA7}.job
[2011/03/03 15:50:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/03 13:16:50 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/03/03 06:30:12 | 000,000,782 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard Drive.lnk
[2011/03/03 06:29:39 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\48375
[2011/03/03 06:22:46 | 000,360,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/02 23:06:08 | 000,000,449 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/02 22:56:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/02 22:56:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/03/02 22:56:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/02 22:56:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/03/02 22:56:13 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/02 22:56:12 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/02 22:56:12 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/02 22:55:58 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/02 22:55:09 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/03/02 22:51:43 | 000,024,184 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/02 22:50:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/03/02 22:50:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/03/02 22:15:44 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/02 22:14:36 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NetWaiting.lnk
[2011/03/02 21:21:12 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\54562
[2011/03/02 21:00:00 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\rveaievd.job
[2011/03/02 20:59:18 | 000,002,425 | ---- | M] () -- C:\hpqp.ini
[2011/03/02 20:59:01 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2011/03/02 20:57:36 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\46875
[2011/03/02 19:55:14 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\377796
[2011/03/02 19:55:10 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\377796.exe
[2011/03/02 17:50:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/02 14:02:33 | 000,733,184 | ---- | M] (ACTS) -- C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll
[2011/02/24 06:17:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/23 21:00:32 | 000,988,664 | ---- | M] () -- C:\WINDOWS\setupapi.old
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/03 19:36:38 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\41281
[2011/03/03 19:36:34 | 000,671,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\41281.exe
[2011/03/03 06:30:12 | 000,000,782 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard Drive.lnk
[2011/03/03 06:29:39 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\48375
[2011/03/02 22:59:29 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/03/02 22:56:16 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/03/02 22:56:16 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/03/02 22:56:16 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/03/02 22:56:16 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/03/02 22:50:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/03/02 22:14:36 | 000,001,580 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NetWaiting.lnk
[2011/03/02 22:06:47 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/03/02 22:06:45 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/03/02 22:06:38 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/03/02 22:06:35 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/03/02 22:06:33 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/03/02 22:06:32 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/03/02 22:06:32 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/03/02 22:06:32 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/03/02 22:06:19 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/03/02 22:06:19 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/03/02 22:06:19 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/03/02 22:06:19 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/03/02 22:06:19 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/03/02 22:06:18 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/03/02 22:06:18 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/03/02 22:06:18 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/03/02 22:06:18 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/03/02 22:06:18 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/03/02 22:06:18 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/03/02 22:06:18 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/03/02 22:06:18 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/03/02 22:06:18 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/03/02 22:06:18 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/03/02 22:06:08 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/03/02 22:06:08 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/03/02 22:06:08 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/03/02 22:06:01 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/03/02 22:06:01 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/03/02 22:05:44 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/03/02 22:04:38 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/03/02 22:04:38 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/03/02 22:04:38 | 000,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2011/03/02 22:04:38 | 000,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2011/03/02 22:04:38 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/03/02 22:04:38 | 000,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2011/03/02 22:04:38 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/03/02 22:04:38 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/03/02 22:04:38 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/03/02 22:04:38 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/03/02 22:04:38 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/03/02 22:04:38 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/03/02 22:04:38 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/03/02 22:04:38 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/03/02 22:04:38 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/03/02 22:04:38 | 000,007,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/03/02 22:04:37 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/03/02 22:04:37 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/03/02 22:04:37 | 000,504,678 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/03/02 21:21:12 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\54562
[2011/03/02 20:57:36 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\46875
[2011/03/02 19:55:14 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\377796
[2011/03/02 19:55:10 | 000,671,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\377796.exe
[2011/01/07 03:38:25 | 000,198,184 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/07 00:19:11 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/12/30 15:34:02 | 000,208,200 | ---- | C] () -- C:\WINDOWS\hpoins43.dat
[2010/12/30 15:34:02 | 000,000,601 | ---- | C] () -- C:\WINDOWS\hpomdl43.dat
[2010/07/27 19:40:11 | 000,074,540 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/05/16 19:26:11 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/15 21:30:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Hqatak.bin
[2009/04/15 21:30:06 | 000,000,408 | ---- | C] () -- C:\WINDOWS\Yxaqezaxeqetal.dat
[2008/02/20 16:12:05 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI
[2007/05/19 13:10:27 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/05/19 13:10:27 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/21 16:38:30 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/28 21:36:00 | 000,090,643 | ---- | C] () -- C:\WINDOWS\hpiins01.dat
[2006/12/28 21:36:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpimdl01.dat
[2006/12/28 21:25:51 | 000,124,404 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2006/12/28 21:25:51 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2006/11/29 11:01:35 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/09/05 15:06:30 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM21.dll
[2006/09/05 15:06:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2006/09/05 13:47:41 | 000,000,043 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/09/05 12:36:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/05 12:36:20 | 000,007,437 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/09/05 12:30:33 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/09/05 12:30:22 | 000,796,584 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2006/05/10 03:29:47 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/10 03:27:06 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/05/10 03:27:06 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/05/10 03:07:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/10 03:04:35 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/05/10 02:51:17 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2006/05/10 00:45:42 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/05/10 00:45:42 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/05/10 00:45:42 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/05/10 00:45:41 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/05/10 00:45:40 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/05/10 00:45:40 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/05/10 00:45:40 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/05/10 00:45:40 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/05/10 00:45:39 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/03/27 11:54:48 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/27 11:54:36 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/27 11:23:14 | 000,087,268 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/03/27 11:18:52 | 000,000,696 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/03/27 11:15:14 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/03/27 11:05:02 | 000,453,278 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/27 11:05:02 | 000,074,858 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/27 11:01:16 | 000,360,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/03/27 10:57:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/27 10:54:34 | 000,024,184 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 07:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 07:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 07:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/12/02 13:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/21 03:41:32 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/03/21 03:41:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1997/06/25 13:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll

========== Custom Scans ==========


< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >
[2005/09/24 00:49:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

< %systemroot%\Fonts\*.ini >
[2011/03/02 22:55:32 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
[2006/06/03 21:29:06 | 000,076,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4pi.dll
[2003/06/18 19:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 05:50:04 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2011/03/02 22:56:18 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/05/10 02:51:04 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/03/27 11:02:06 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2010/12/10 09:15:41 | 000,107,480 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2010/12/10 09:15:42 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2009/10/17 09:35:36 | 001,686,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\MoveMediaPlayerWin_071503000010.exe
[2010/11/22 06:31:50 | 000,331,128 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mstsc.exe
[2010/12/10 09:15:42 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2010/12/10 09:15:45 | 000,245,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/05/10 02:51:04 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Administrator\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/03/27 02:47:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/03/27 02:47:52 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[1 C:\WINDOWS\System32\config\*.tmp files -> C:\WINDOWS\System32\config\*.tmp -> ]

< %systemroot%\system32\*.sys >
[2006/02/28 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\system32\ansi.sys
[2006/02/28 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\system32\country.sys
[2006/02/28 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\system32\himem.sys
[2006/02/28 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\system32\key01.sys
[2006/02/28 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\system32\keyboard.sys
[2006/02/28 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\system32\ntdos.sys
[2006/02/28 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos404.sys
[2006/02/28 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\system32\ntdos411.sys
[2006/02/28 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\system32\ntdos412.sys
[2006/02/28 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\system32\ntdos804.sys
[2006/02/28 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\system32\ntio.sys
[2006/02/28 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio404.sys
[2006/02/28 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\system32\ntio411.sys
[2006/02/28 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\system32\ntio412.sys
[2006/02/28 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\system32\ntio804.sys
[2002/10/15 12:13:34 | 000,032,356 | ---- | M] (Phoenix Technologies K.K.) -- C:\WINDOWS\system32\pusbfd1.sys
[2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\vsdatant.sys
[2006/02/28 07:00:00 | 000,017,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\watchdog.sys
[2006/02/28 07:00:00 | 001,835,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\win32k.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.dll >
[2004/08/04 00:56:42 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2004/08/04 00:56:42 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2004/08/04 00:56:42 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2004/08/04 00:56:42 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2004/08/04 00:56:42 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2004/08/04 00:56:42 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2004/08/04 00:56:42 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004/08/04 00:56:42 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2004/08/04 00:56:42 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2004/08/04 00:56:42 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2004/08/04 00:56:42 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2004/08/04 00:56:42 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2004/08/04 00:56:42 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004/08/04 00:56:46 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2004/08/04 00:56:48 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll
[2006/06/03 21:29:06 | 000,076,288 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4pi.dll
[2003/06/18 19:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %SYSTEMDRIVE%\*.* >
[2009/01/01 14:19:42 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2011/03/02 22:56:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/09/05 22:25:51 | 012,174,543 | ---- | M] () -- C:\AVG7QT.DAT
[2011/03/02 22:50:12 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/03/02 22:56:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/02 20:59:18 | 000,002,425 | ---- | M] () -- C:\hpqp.ini
[2011/03/02 22:56:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/31 16:12:19 | 000,002,740 | -H-- | M] () -- C:\IPH.PH
[2010/07/09 19:08:16 | 000,013,994 | ---- | M] () -- C:\isorecorder.log
[2011/03/02 22:56:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 16:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2011/01/29 13:43:42 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2006/10/01 15:53:20 | 000,000,505 | -H-- | M] () -- C:\os633022.bin
[2011/03/03 19:36:07 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2011/03/02 20:59:01 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini

< %PROGRAMFILES%\*. >
[2009/05/31 10:08:50 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2010/07/07 17:17:17 | 000,000,000 | ---D | M] -- C:\Program Files\Alex Feinman
[2010/12/18 19:21:26 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/12/27 00:39:48 | 000,000,000 | ---D | M] -- C:\Program Files\ArcGIS
[2008/02/20 15:58:04 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity
[2010/07/07 17:06:31 | 000,000,000 | ---D | M] -- C:\Program Files\Avidemux 2.4
[2008/12/29 09:23:05 | 000,000,000 | ---D | M] -- C:\Program Files\Azureus
[2011/03/02 16:59:40 | 000,000,000 | ---D | M] -- C:\Program Files\BeerSmith
[2010/04/20 18:02:43 | 000,000,000 | ---D | M] -- C:\Program Files\BeerTools Pro 1.5
[2010/07/07 14:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Bing Bar Installer
[2010/12/18 19:20:21 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2011/01/26 07:09:45 | 000,000,000 | ---D | M] -- C:\Program Files\CheckPoint
[2011/02/12 08:23:56 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/05/10 00:44:46 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2011/01/26 07:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/03/02 22:14:31 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2010/12/30 16:09:12 | 000,000,000 | ---D | M] -- C:\Program Files\Coupons
[2006/11/16 21:43:18 | 000,000,000 | ---D | M] -- C:\Program Files\Dictionary
[2011/03/02 20:32:28 | 000,000,000 | ---D | M] -- C:\Program Files\DNA
[2007/03/04 10:46:29 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2007/03/04 10:47:24 | 000,000,000 | ---D | M] -- C:\Program Files\DVD Shrink
[2007/06/02 14:49:08 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
[2007/12/27 00:35:19 | 000,000,000 | ---D | M] -- C:\Program Files\ESRI
[2011/02/12 08:32:30 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2007/03/02 10:16:37 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2010/12/30 16:05:57 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2010/12/30 16:08:12 | 000,000,000 | ---D | M] -- C:\Program Files\Hp
[2010/12/30 16:08:58 | 000,000,000 | ---D | M] -- C:\Program Files\HP Photo Creations
[2006/09/05 19:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\HPQ
[2009/04/26 12:35:20 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/05/10 02:55:40 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2011/03/02 22:53:05 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/18 19:26:40 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/12/18 19:27:28 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/04/26 12:41:01 | 000,000,000 | ---D | M] -- C:\Program Files\iWin.com
[2010/01/01 13:34:00 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2008/02/20 16:18:23 | 000,000,000 | ---D | M] -- C:\Program Files\Lame MP3 Extractor
[2006/09/06 22:47:03 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2006/09/05 14:58:26 | 000,000,000 | ---D | M] -- C:\Program Files\Leica Geosystems
[2008/02/22 15:55:15 | 000,000,000 | ---D | M] -- C:\Program Files\LP Recorder
[2008/02/22 16:05:28 | 000,000,000 | ---D | M] -- C:\Program Files\LP Ripper
[2011/01/19 14:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/29 13:58:30 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/08/31 02:16:27 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2006/05/10 00:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2007/12/27 00:38:19 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2006/05/10 03:29:18 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office Trial Wizard
[2011/02/24 07:07:52 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2011/01/07 03:08:15 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2007/08/29 14:56:42 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/06/02 14:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\MINITAB 14
[2011/03/02 22:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2011/03/02 15:42:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2007/12/27 02:28:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2009/12/26 15:32:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2006/05/10 00:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/05/10 03:05:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Plus
[2006/05/10 00:44:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/11/16 01:13:05 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/12/26 15:28:07 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/02/07 08:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\music_now
[2006/05/10 03:28:47 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2006/11/29 14:36:55 | 000,000,000 | ---D | M] -- C:\Program Files\NASA
[2011/03/02 22:53:31 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2006/05/10 03:26:56 | 000,000,000 | ---D | M] -- C:\Program Files\Netscape
[2011/03/02 22:14:34 | 000,000,000 | ---D | M] -- C:\Program Files\NetWaiting
[2009/10/29 05:02:59 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2006/05/10 03:27:26 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2007/08/29 15:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 2.0
[2011/03/02 22:53:25 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2006/09/05 14:50:55 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2006/05/10 03:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\Quickensetup
[2010/12/18 19:23:40 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2007/11/14 01:18:47 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2009/12/26 15:32:09 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2010/07/09 07:19:47 | 000,000,000 | ---D | M] -- C:\Program Files\Rosetta Stone
[2010/03/13 22:38:37 | 000,000,000 | ---D | M] -- C:\Program Files\Snood 4
[2011/02/12 08:23:56 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2009/08/09 20:24:16 | 000,000,000 | ---D | M] -- C:\Program Files\Soulseek
[2009/08/09 20:24:59 | 000,000,000 | ---D | M] -- C:\Program Files\SoulseekNS
[2006/05/10 03:08:27 | 000,000,000 | ---D | M] -- C:\Program Files\Synaptics
[2010/02/20 16:13:17 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom DesktopSuite
[2010/02/20 16:16:48 | 000,000,000 | ---D | M] -- C:\Program Files\TomTom International B.V
[2007/02/28 13:33:47 | 000,000,000 | ---D | M] -- C:\Program Files\TryMedia
[2006/05/10 00:44:48 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/08/31 16:11:56 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2010/05/31 09:06:23 | 000,000,000 | ---D | M] -- C:\Program Files\Vongo
[2010/07/07 14:05:49 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze
[2008/02/22 16:02:11 | 000,000,000 | ---D | M] -- C:\Program Files\WaveCorDC
[2006/10/27 13:14:35 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital Technologies
[2006/09/08 04:32:15 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2011/03/02 22:57:19 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/03/02 22:51:17 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2006/05/10 00:44:48 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2007/05/20 22:40:57 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2006/05/10 00:44:48 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2007/05/19 13:10:28 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2011/02/12 08:33:34 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo! Games
[2006/09/05 12:30:19 | 000,000,000 | ---D | M] -- C:\Program Files\Zone Labs
[2011/01/26 07:10:06 | 000,000,000 | ---D | M] -- C:\Program Files\ZoneAlarm_Security

< %appdata%\*.* >
[2006/03/27 02:48:48 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini


< MD5 for: AGP440.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: DISK.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:disk.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2006/02/28 07:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: EVENTLOG.DLL >
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2005/10/13 04:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SWSETUP\HDD\iastor.sys
[2005/11/22 19:50:02 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$NtUninstallKB975467_0$\netlogon.dll
[2004/08/04 16:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006/02/28 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USBSTOR.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:usbstor.sys
[2006/02/28 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:usbstor.sys
[2006/02/28 07:00:00 | 000,026,496 | ---- | M] (Microsoft Corporation) MD5=6CD7B22193718F1D17A47A1CD6D37E75 -- C:\WINDOWS\system32\drivers\usbstor.sys

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-02-24 11:17:33

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24905485

< End of report >

descriptionHard Drive Fake Safe Mode Emptyextras.txt

more_horiz
OTL Extras logfile created on: 3/3/2011 7:39:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 721.00 Mb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 101.18 Gb Total Space | 76.40 Gb Free Space | 75.51% Space Free | Partition Type: NTFS
Drive D: | 9.58 Gb Total Space | 1.38 Gb Free Space | 14.38% Space Free | Partition Type: FAT32
Drive E: | 510.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 979.53 Mb Total Space | 778.77 Mb Free Space | 79.50% Space Free | Partition Type: FAT

Computer Name: JPITTMAN | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"" =
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"" =
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"" =
"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP
"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"" =
"C:\Program Files\Vongo\VongoService.exe" = C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService -- (Starz Entertainment Group LLC)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\HP Software Update\hpwucli.exe" = C:\Program Files\Hp\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hp\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgemc.exe" = C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe -- (GRISOFT, s.r.o.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application -- ()
"C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe" = C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Online Component -- ()
"E:\setup\hpznui01.exe" = E:\setup\hpznui01.exe:*:Enabled:hpznui01.exe
"C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\Hp\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Hp\HP Software Update\hpwucli.exe" = C:\Program Files\Hp\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\Hp\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\Hp\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{30956325-B59F-4B86-8E2D-8AA712981D25}" = A310_Help
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.00 E2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 E1
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 2.1
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{61CF89F5-5175-4b3b-ABB8-C89821252D50}" = HP Photosmart Cameras 6.0
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{729DF902-05F9-4C00-9E6D-411119824E5F}" = hpiCamDrvQFolder
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext
"{AEF7A12C-CD9B-4773-8AD1-6916138CA7EA}" = SmartAudio
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B19F9155-9337-4807-B5EF-ED471DDB2CCE}" = hph_software_req
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BEE57402-51C0-17D1-73F7-93839A0CEFE9}" = Burger Island
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5A5C573-FB6D-48d8-9F7F-08FC4AD4B488}" = CameraUserGuides
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCEABD53-C30B-4556-9A71-148B7C178858}" = A310
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}" = HP Photosmart and Deskjet 7.0 Software
"{D755C7A3-C03E-4460-8C00-AC6E55505FB5}" = LightScribe 1.4.74.1
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB7E00C9-6DEF-489A-8112-D8F81614F45A}" = Vongo
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E74E3D81-773B-4DCF-B706-50236F80BD81}" = HP User Guides 0019
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F876A4EC-DD7A-4bf8-A169-E4FD6C60BA3F}" = CameraDrivers
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"8461-7759-5462-8226" = Vuze
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity_is1" = Audacity 1.2.6
"AVG7Uninstall" = AVG 7.5
"Avidemux 2.4" = Avidemux 2.4
"BeerSmith" = BeerSmith
"BeerTools Pro 1.5_is1" = BeerTools Pro version 1.5
"Burger Island" = Burger Island (remove only)
"CNXT_HDAUDIO" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_CPL30A5m" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"LP Recorder" = LP Recorder
"LP Ripper" = LP Ripper
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel(R) PRO Network Connections Drivers
"Python 2.1" = Python 2.1
"RealPlayer 6.0" = RealPlayer
"Snood 4_is1" = Snood 4
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Soulseek" = SoulSeek Client 156c
"Soulseek2" = SoulSeek 157 NS 13e
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wave Corrector DeClick_is1" = Wave Corrector DeClick version 1.1
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Xvid_is1" = Xvid 1.1.2 final uninstall
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
"Zuma" = Zuma (remove only)
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/3/2011 4:55:51 PM | Computer Name = JPITTMAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4219

Error - 3/3/2011 4:55:51 PM | Computer Name = JPITTMAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4219

Error - 3/3/2011 4:55:53 PM | Computer Name = JPITTMAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/3/2011 4:55:53 PM | Computer Name = JPITTMAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6188

Error - 3/3/2011 4:55:53 PM | Computer Name = JPITTMAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6188

Error - 3/3/2011 5:56:28 PM | Computer Name = JPITTMAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/3/2011 5:56:28 PM | Computer Name = JPITTMAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15468

Error - 3/3/2011 5:56:28 PM | Computer Name = JPITTMAN | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15468

Error - 3/3/2011 8:44:39 PM | Computer Name = JPITTMAN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 3/3/2011 8:44:39 PM | Computer Name = JPITTMAN | Source = PerfNet | ID = 2002
Description = Unable to open the Redirector service. Redirector performance data
will
not be returned. Error code returned is in data DWORD 0.

[ OSession Events ]
Error - 9/14/2007 2:57:01 AM | Computer Name = JPITTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 6464 seconds with 1200 seconds of active time. This session ended with a
crash.

Error - 10/1/2007 3:42:59 AM | Computer Name = JPITTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 29243
seconds with 14280 seconds of active time. This session ended with a crash.

Error - 10/22/2007 4:49:34 AM | Computer Name = JPITTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 3408 seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/25/2007 12:00:32 AM | Computer Name = JPITTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6024.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 16166
seconds with 10080 seconds of active time. This session ended with a crash.

Error - 10/26/2007 2:03:13 AM | Computer Name = JPITTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 30814 seconds with 4920 seconds of active time. This session ended with
a crash.

Error - 3/30/2008 2:33:34 PM | Computer Name = JPITTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 665 seconds with 240 seconds of active time. This session ended with a crash.

Error - 10/6/2008 6:11:42 PM | Computer Name = JPITTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 118372
seconds with 360 seconds of active time. This session ended with a crash.

Error - 10/16/2008 3:09:35 AM | Computer Name = JPITTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 807762
seconds with 360 seconds of active time. This session ended with a crash.

Error - 10/19/2008 8:37:20 AM | Computer Name = JPITTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 55904
seconds with 240 seconds of active time. This session ended with a crash.

Error - 1/5/2009 8:01:33 PM | Computer Name = JPITTMAN | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1365
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/3/2011 8:37:54 PM | Computer Name = JPITTMAN | Source = Service Control Manager | ID = 7001
Description = The TrueVector Internet Monitor service depends on the vsdatant service
which failed to start because of the following error: %%31

Error - 3/3/2011 8:37:54 PM | Computer Name = JPITTMAN | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 3/3/2011 8:37:54 PM | Computer Name = JPITTMAN | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 3/3/2011 8:37:54 PM | Computer Name = JPITTMAN | Source = Service Control Manager | ID = 7001
Description = The Message Queuing service depends on the Distributed Transaction
Coordinator service which failed to start because of the following error: %%1068

Error - 3/3/2011 8:37:54 PM | Computer Name = JPITTMAN | Source = Service Control Manager | ID = 7001
Description = The Message Queuing Triggers service depends on the Message Queuing
service which failed to start because of the following error: %%1068

Error - 3/3/2011 8:37:54 PM | Computer Name = JPITTMAN | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 3/3/2011 8:37:54 PM | Computer Name = JPITTMAN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Avg7Core Avg7RsW Avg7RsXP Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip vsdatant

Error - 3/3/2011 8:39:03 PM | Computer Name = JPITTMAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/3/2011 8:39:03 PM | Computer Name = JPITTMAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 3/3/2011 8:53:53 PM | Computer Name = JPITTMAN | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}


< End of report >

descriptionHard Drive Fake Safe Mode EmptyRe: Hard Drive Fake Safe Mode

more_horiz
Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    Hard Drive Fake Safe Mode CF_download_FF

    Hard Drive Fake Safe Mode CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    Hard Drive Fake Safe Mode Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    Hard Drive Fake Safe Mode Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

descriptionHard Drive Fake Safe Mode EmptyRe: Hard Drive Fake Safe Mode

more_horiz
Thank you for the response. The problem with this virus, however, is that once you enter a different account, it will lock the account down, meaning no access to anything on your computer, including the internet. I tried downloading Combofix to another computer and moving it over to mine, but Combofix seems to block that, or there is an error in simply moving it from one place to another. I'll try accessing the internet again this evening from my own computer, but if I still can't, is there any other way to go about it?

descriptionHard Drive Fake Safe Mode EmptyRe: Hard Drive Fake Safe Mode

more_horiz
Possibly yes, but let me know what happens.

descriptionHard Drive Fake Safe Mode EmptyRe: Hard Drive Fake Safe Mode

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum