Yes, it's clear sorry about that.
I have followed your instructions exactly like you've posted.
Here are the logs
CombofixComboFix 09-09-25.01 - jack 09/26/2009 15:41.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.815 [GMT 2:00]
Running from: c:\documents and settings\jack\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\jack\Desktop\CFScript.txt
FILE ::
"C:\winsystem.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH
c:\documents and settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\Desktop.ini
c:\documents and settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe
C:\winsystem.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.
2009-09-20 15:53 . 2009-09-20 15:53 -------- d-----w- c:\documents and settings\jack\Application Data\InstallShield
2009-09-20 15:03 . 2009-09-20 15:03 -------- d-----w- c:\documents and settings\jack\Application Data\Malwarebytes
2009-09-20 15:03 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-20 15:03 . 2009-09-21 12:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-20 15:03 . 2009-09-20 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-20 15:03 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 15:59 . 2009-09-17 20:38 -------- d-----w- c:\program files\PowerArchiver
2009-09-20 15:53 . 2009-09-17 20:52 -------- d-----w- c:\program files\Trend Micro
2009-09-20 15:53 . 2009-09-17 20:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-17 20:38 . 2009-09-17 20:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ConeXware
2009-09-17 20:17 . 2009-09-17 20:17 0 ----a-w- c:\windows\nsreg.dat
2009-09-17 20:14 . 2009-09-17 20:14 -------- d-----w- c:\program files\VentriloMIX
2009-09-17 20:14 . 2009-09-17 20:14 -------- d-----w- c:\program files\NIERSOFT
2009-09-17 20:13 . 2009-09-17 20:13 -------- d-----w- c:\program files\PopCap Games
2009-09-17 20:13 . 2009-09-17 20:13 0 ----a-w- c:\windows\popcreg.dat
2009-09-17 20:13 . 2009-09-17 20:13 0 ----a-w- c:\windows\popcinfot.dat
2009-09-17 20:13 . 2009-09-17 20:13 -------- d-----w- c:\program files\foobar2000
2009-09-17 20:12 . 2009-09-17 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-09-17 20:12 . 2009-09-17 20:12 -------- d-----w- c:\program files\Ulead Systems
2009-09-17 20:12 . 2009-09-17 20:12 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-17 20:11 . 2009-09-17 20:11 -------- d-----w- c:\program files\mIRC
2009-09-17 20:11 . 2009-09-17 20:11 -------- d-----w- c:\documents and settings\jack\Application Data\mIRC
2009-09-17 19:57 . 2009-09-17 19:57 -------- d-----w- c:\program files\microsoft frontpage
2009-09-17 19:52 . 2009-09-17 19:52 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2008-12-28 18:16 . 2009-09-17 20:45 55858 --sh--r- c:\windows\sysrest32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Octoshape Streaming Services"="c:\documents and settings\jack\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2008-05-22 156944]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-18 288088]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
S2 gupdate1c9d6e793718690;Google Update Service (gupdate1c9d6e793718690);c:\program files\Google\Update\GoogleUpdate.exe [17.05.2009 14:04 133104]
S2 RUBotted;Trend Micro RUBotted Service;"c:\program files\Trend Micro\RUBotted\TMRUBotted.exe" --> c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1.tmp --> c:\windows\system32\1.tmp [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4175C5F3-D47F-143B-DD4D-E67A0EB4E773}]
"c:\documents and settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
[HKEY_CURRENT_USER\software\microsoft\active setup\installed components\{4175C5F3-D47F-143B-DD4D-E67A0EB4E773}]
"c:\documents and settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe"
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\documents and settings\jack\Application Data\Mozilla\Firefox\Profiles\z3u8esrr.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - plugin: c:\documents and settings\jack\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\jack\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0907280_SUA_000\npoctoshape.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Windows Login Assistance - c:\documents and settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe
HKLM-Run-Windows Login Assistance - c:\documents and settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe
HKLM-Explorer_Run-Windows Login Assistance - c:\documents and settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe
HKCU-Explorer_Run-Windows Login Assistance - c:\documents and settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-26 15:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
c:\documents and settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe [236] 0x86603C08
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1.tmp"
.
Completion time: 2009-09-26 15:47
ComboFix-quarantined-files.txt 2009-09-26 13:47
ComboFix2.txt 2009-09-25 18:29
Pre-Run: 1,883,197,440 bytes free
Post-Run: 1,857,400,832 bytes free
116
OTLOTL logfile created on: 9/26/2009 3:49:55 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\jack\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 798.72 Mb Available Physical Memory | 78.04% Memory free
926.10 Mb Paging File | 815.69 Mb Available in Paging File | 88.08% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.24 Gb Total Space | 30.74 Gb Free Space | 80.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: j-7D5BCBCF9
Current User Name: jack
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ========== PRC - C:\WINDOWS\System32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\jack\Desktop\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ========== SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (RUBotted [Auto | Stopped]) -- File not found
========== Driver Services (SafeList) ========== DRV - (catchme [On_Demand | Running]) -- File not found
DRV - (es1371 [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\es1371mp.sys (Creative Technology Ltd.)
DRV - (gameenum [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys (Microsoft Corporation)
DRV - (PCnet [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\pcntpci5.sys (AMD Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dl ... r=iesearchIE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.microsoft.com/isapi/redir.dl ... ar=msnhomeIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.com"
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/09/17 22:17:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/09/17 22:11:21 | 00,000,000 | ---D | M]
[2009/09/17 22:17:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jack\Application Data\mozilla\Extensions
[2009/09/17 22:28:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jack\Application Data\mozilla\Firefox\Profiles\z3u8esrr.default\extensions
[2009/09/17 22:11:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/09/17 22:11:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/24 15:26:10 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/24 15:26:11 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/06/24 15:26:12 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/06/24 13:27:00 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/06/24 13:27:00 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/06/24 13:27:00 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/06/24 13:27:00 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/06/24 13:27:00 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/06/24 13:27:00 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/06/24 13:27:00 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [Windows Login Assistance] C:\Documents and Settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe File not found
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Documents and Settings\jack\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Windows Login Assistance] C:\Documents and Settings\jack\Application Data\S05-3636-T34636-7574-BLAZEBOT-ASGET-UEIAASH\winlogon.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername=0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/17 21:56:39 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
========== Files/Folders - Created Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/09/26 15:49:00 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jack\Desktop\OTL.exe
[2009/09/26 15:47:53 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/25 20:20:04 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/09/25 20:20:03 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/09/25 20:20:01 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/09/25 20:17:29 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/25 20:17:29 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/25 20:17:29 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/25 20:17:29 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/25 20:17:29 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/25 20:17:29 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/25 20:17:29 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/25 20:17:29 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/25 20:17:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/25 20:17:07 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/25 20:13:34 | 03,321,356 | R--- | C] () -- C:\Documents and Settings\jack\Desktop\Combo-Fix.exe
[2009/09/23 21:03:42 | 00,000,210 | -H-- | C] () -- C:\Documents and Settings\jack\Desktop\7a445c7453c44c30f3505e094ebefceef4c374ab.frd
[2009/09/20 17:53:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jack\Application Data\InstallShield
[2009/09/20 17:53:09 | 05,183,696 | ---- | C] (Macrovision Corporation) -- C:\Documents and Settings\jack\Desktop\RUBotted.exe
[2009/09/20 17:03:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jack\Application Data\Malwarebytes
[2009/09/20 17:03:30 | 00,000,701 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/20 17:03:28 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/20 17:03:26 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/20 17:03:26 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/20 17:03:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/20 17:02:55 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jack\Desktop\mbam-setup.exe
[2009/09/17 23:49:45 | 00,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2009/09/17 23:49:10 | 00,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\splitter.sys
[2009/09/17 23:49:09 | 00,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\aec.sys
[2009/09/17 23:49:08 | 00,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\swmidi.sys
[2009/09/17 23:49:06 | 00,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\DMusic.sys
[2009/09/17 23:49:06 | 00,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmkaud.sys
[2009/09/17 23:49:04 | 00,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSKSSRV.sys
[2009/09/17 23:49:03 | 00,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPQM.sys
[2009/09/17 23:49:02 | 00,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\wdmaud.sys
[2009/09/17 23:49:01 | 00,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\kmixer.sys
[2009/09/17 23:48:59 | 00,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MSPCLOCK.sys
[2009/09/17 23:48:58 | 00,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sysaudio.sys
[2009/09/17 23:48:55 | 00,003,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\audstub.sys
[2009/09/17 23:48:37 | 00,010,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\gameenum.sys
[2009/09/17 23:48:19 | 00,057,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\redbook.sys
[2009/09/17 23:48:08 | 00,040,704 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\es1371mp.sys
[2009/09/17 23:48:07 | 00,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2009/09/17 23:48:07 | 00,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2009/09/17 23:48:07 | 00,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2009/09/17 23:48:07 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2009/09/17 23:48:05 | 00,035,328 | ---- | C] (AMD Inc.) -- C:\WINDOWS\System32\drivers\pcntpci5.sys
[2009/09/17 23:47:54 | 00,042,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\AGP440.SYS
[2009/09/17 23:47:48 | 00,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2009/09/17 23:47:45 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\compbatt.sys
[2009/09/17 23:47:44 | 00,014,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\battc.sys
[2009/09/17 23:47:44 | 00,013,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\CmBatt.sys
[2009/09/17 23:46:15 | 00,004,382 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/09/17 23:46:11 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/09/17 23:46:09 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/09/17 23:46:04 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/09/17 23:46:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/09/17 23:46:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/09/17 23:46:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/09/17 23:45:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/09/17 23:45:52 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2009/09/17 23:45:52 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2009/09/17 23:45:52 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2009/09/17 23:45:51 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/09/17 23:45:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/09/17 23:45:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2009/09/17 23:45:51 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2009/09/17 23:45:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/09/17 23:45:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/09/17 23:45:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/09/17 23:45:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/09/17 23:45:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/09/17 23:45:50 | 00,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2009/09/17 23:45:50 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2009/09/17 23:45:50 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2009/09/17 23:45:50 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2009/09/17 23:45:50 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2009/09/17 23:45:50 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2009/09/17 23:45:50 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2009/09/17 23:45:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/09/17 23:45:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/09/17 23:45:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/09/17 23:45:49 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/09/17 23:45:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/09/17 23:45:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/09/17 23:45:49 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2009/09/17 23:45:49 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2009/09/17 23:45:49 | 00,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2009/09/17 23:45:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2009/09/17 23:45:49 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2009/09/17 23:45:48 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/09/17 23:45:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/09/17 23:45:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/09/17 23:45:48 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/09/17 23:45:48 | 00,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2009/09/17 23:45:48 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2009/09/17 23:45:48 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2009/09/17 23:45:48 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2009/09/17 23:45:48 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2009/09/17 23:45:48 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2009/09/17 23:45:48 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2009/09/17 23:45:48 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2009/09/17 23:45:48 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2009/09/17 23:45:48 | 00,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2009/09/17 23:45:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2009/09/17 23:45:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2009/09/17 23:45:48 | 00,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2009/09/17 23:45:44 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/09/17 23:45:43 | 00,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2009/09/17 23:45:43 | 00,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2009/09/17 23:45:43 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2009/09/17 23:45:43 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2009/09/17 23:45:42 | 00,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2009/09/17 23:45:42 | 00,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2009/09/17 23:45:42 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2009/09/17 23:45:42 | 00,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2009/09/17 23:45:42 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2009/09/17 23:45:42 | 00,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2009/09/17 23:45:42 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2009/09/17 23:45:42 | 00,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2009/09/17 23:45:42 | 00,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2009/09/17 23:45:42 | 00,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2009/09/17 23:45:42 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2009/09/17 23:45:42 | 00,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2009/09/17 23:45:42 | 00,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2009/09/17 23:45:42 | 00,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2009/09/17 23:45:42 | 00,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2009/09/17 23:45:42 | 00,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2009/09/17 23:45:42 | 00,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2009/09/17 23:45:42 | 00,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2009/09/17 23:45:41 | 00,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2009/09/17 23:45:41 | 00,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2009/09/17 23:45:41 | 00,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2009/09/17 23:45:41 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\NOTEPAD.EXE
[2009/09/17 23:45:41 | 00,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2009/09/17 23:45:41 | 00,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2009/09/17 23:45:41 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2009/09/17 23:45:41 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irenum.sys
[2009/09/17 23:45:41 | 00,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2009/09/17 23:45:41 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2009/09/17 23:45:41 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/09/17 23:45:39 | 00,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2009/09/17 23:45:29 | 00,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/09/17 23:45:29 | 00,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/09/17 23:45:29 | 00,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/09/17 23:45:29 | 00,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/09/17 23:45:29 | 00,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/09/17 23:45:29 | 00,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/09/17 23:45:29 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/09/17 23:45:29 | 00,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/09/17 23:45:28 | 01,088,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/09/17 23:45:28 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/09/17 23:45:28 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/09/17 23:45:28 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/09/17 23:45:28 | 00,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/09/17 23:45:28 | 00,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/09/17 23:45:28 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/09/17 23:45:28 | 00,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/09/17 23:45:28 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/09/17 23:45:27 | 02,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/09/17 23:45:27 | 01,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2009/09/17 23:45:27 | 00,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/09/17 23:45:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/09/17 23:45:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/09/17 23:45:07 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/09/17 23:44:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/09/17 23:44:51 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/09/17 23:44:50 | 00,091,088 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/17 23:44:17 | 00,000,281 | RHS- | C] () -- C:\boot.ini
[2009/09/17 23:44:15 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/09/17 23:41:42 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/09/17 23:41:42 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/09/17 23:41:42 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/09/17 23:41:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/09/17 23:41:42 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/09/17 22:52:09 | 00,001,739 | ---- | C] () -- C:\Documents and Settings\jack\Desktop\HijackThis.lnk
[2009/09/17 22:52:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/17 22:51:49 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\jack\Desktop\HJTInstall.exe
[2009/09/17 22:45:43 | 00,055,858 | RHS- | C] () -- C:\WINDOWS\sysrest32.exe
[2009/09/17 22:38:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ConeXware
[2009/09/17 22:38:49 | 00,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PowerArchiver.lnk
[2009/09/17 22:38:47 | 00,000,000 | ---D | C] -- C:\Program Files\PowerArchiver
[2009/09/17 22:38:19 | 04,638,112 | ---- | C] () -- C:\Documents and Settings\jack\Desktop\powarc1020.exe
[2009/09/17 22:17:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jack\Application Data\Macromedia
[2009/09/17 22:17:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jack\Application Data\Adobe
[2009/09/17 22:17:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/17 22:17:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jack\Local Settings\Application Data\Mozilla
[2009/09/17 22:14:44 | 00,000,000 | ---D | C] -- C:\Program Files\VentriloMIX
[2009/09/17 22:14:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jack\Application Data\Mozilla
[2009/09/17 22:14:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jack\Local Settings\Application Data\Octoshape
[2009/09/17 22:14:05 | 00,000,000 | ---D | C] -- C:\Program Files\NIERSOFT
[2009/09/17 22:13:36 | 00,000,000 | ---D | C] -- C:\Program Files\PopCap Games
[2009/09/17 22:13:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\popcreg.dat
[2009/09/17 22:13:36 | 00,000,000 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/09/17 22:13:08 | 00,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2009/09/17 22:12:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\Vbox
[2009/09/17 22:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/09/17 22:12:46 | 00,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2009/09/17 22:12:45 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/09/17 22:12:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\Noslip
[2009/09/17 22:12:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/09/17 22:11:56 | 00,000,000 | ---D | C] -- C:\Program Files\mIRC
[2009/09/17 22:11:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jack\Application Data\mIRC
[2009/09/17 22:11:23 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/17 22:11:20 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/09/17 22:10:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/09/17 22:07:02 | 05,349,026 | -H-- | C] () -- C:\Documents and Settings\jack\Local Settings\Application Data\IconCache.db
[2009/09/17 22:03:11 | 00,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2009/09/17 22:02:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jack\Application Data\Identities
[2009/09/17 22:02:09 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/09/17 22:02:02 | 00,000,000 | R--D | C] -- C:\Documents and Settings\jack\My Documents\My Pictures
[2009/09/17 22:02:02 | 00,000,000 | R--D | C] -- C:\Documents and Settings\jack\My Documents\My Music
[2009/09/17 22:01:52 | 00,000,000 | --SD | C] -- C:\Documents and Settings\jack\Application Data\Microsoft
[2009/09/17 22:01:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\jack\Local Settings\Application Data\Microsoft
[2009/09/17 22:00:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/09/17 22:00:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/17 22:00:25 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/17 22:00:25 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/09/17 21:59:29 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/09/17 21:58:29 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/17 21:57:18 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/09/17 21:57:17 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/09/17 21:57:17 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/09/17 21:56:39 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/17 21:56:39 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/09/17 21:56:39 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/09/17 21:56:39 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/09/17 21:56:39 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/09/17 21:56:26 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/09/17 21:56:26 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/09/17 21:56:24 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/09/17 21:56:04 | 00,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2009/09/17 21:54:31 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/09/17 21:54:31 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/09/17 21:54:31 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/09/17 21:54:31 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/09/17 21:54:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/09/17 21:54:13 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/09/17 21:53:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/09/17 21:53:52 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2009/09/17 21:53:51 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/09/17 21:53:51 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/09/17 21:53:48 | 00,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg723.acm
[2009/09/17 21:53:48 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2009/09/17 21:53:48 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2009/09/17 21:53:48 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/09/17 21:53:45 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2009/09/17 21:53:45 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/09/17 21:53:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/09/17 21:53:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/09/17 21:53:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/09/17 21:53:41 | 01,135,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng.dll
[2009/09/17 21:53:41 | 00,430,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2009/09/17 21:53:41 | 00,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgr.dll
[2009/09/17 21:53:41 | 00,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2009/09/17 21:53:41 | 00,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2009/09/17 21:53:41 | 00,162,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaucpl.cpl
[2009/09/17 21:53:41 | 00,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuweb.dll
[2009/09/17 21:53:41 | 00,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2009/09/17 21:53:41 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt.exe
[2009/09/17 21:53:41 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2009/09/17 21:53:41 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2009/09/17 21:53:41 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2009/09/17 21:53:41 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2009/09/17 21:53:41 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2009/09/17 21:53:41 | 00,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauserv.dll
[2009/09/17 21:53:39 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/09/17 21:53:24 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2009/09/17 21:53:24 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2009/09/17 21:53:24 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2009/09/17 21:53:24 | 00,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2009/09/17 21:53:23 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2009/09/17 21:53:23 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltlib.dll
[2009/09/17 21:53:22 | 00,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2009/09/17 21:53:22 | 00,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msh261.drv
[2009/09/17 21:53:22 | 00,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srsvc.dll
[2009/09/17 21:53:22 | 00,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\fltMgr.sys
[2009/09/17 21:53:22 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2009/09/17 21:53:22 | 00,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sr.sys
[2009/09/17 21:53:22 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2009/09/17 21:53:22 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srclient.dll
[2009/09/17 21:53:22 | 00,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2009/09/17 21:53:22 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmsrvc.exe
[2009/09/17 21:53:22 | 00,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2009/09/17 21:53:22 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2009/09/17 21:53:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/09/17 21:53:21 | 00,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2009/09/17 21:53:21 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2009/09/17 21:53:21 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/09/17 21:53:20 | 00,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcomm.dll
[2009/09/17 21:53:20 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2009/09/17 21:53:19 | 00,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstask.dll
[2009/09/17 21:53:19 | 00,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2009/09/17 21:53:19 | 00,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\schedsvc.dll
[2009/09/17 21:53:19 | 00,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2009/09/17 21:53:19 | 00,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2009/09/17 21:53:19 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2009/09/17 21:53:19 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2009/09/17 21:53:19 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/09/17 21:53:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/09/17 21:53:15 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/09/17 21:53:13 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/09/17 21:52:32 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/17 21:52:29 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/09/17 21:52:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/09/17 21:52:19 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/09/17 21:52:19 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/09/17 21:52:18 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/09/17 21:52:12 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/09/17 21:52:11 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2009/09/17 21:52:11 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/09/17 21:52:03 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2009/09/17 21:52:03 | 00,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2009/09/17 21:52:03 | 00,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2009/09/17 21:52:03 | 00,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2009/09/17 21:52:03 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2009/09/17 21:52:02 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2009/09/17 21:51:59 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/09/17 21:51:59 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/09/17 21:51:59 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/09/17 21:51:59 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/09/17 21:51:59 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/09/17 21:51:59 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/09/17 21:51:59 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/09/17 21:51:58 | 00,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2009/09/17 21:51:58 | 00,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2009/09/17 21:51:58 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/09/17 21:51:58 | 00,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2009/09/17 21:51:58 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/09/17 21:51:58 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/09/17 21:51:58 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/09/17 21:51:58 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/09/17 21:51:58 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/09/17 21:51:58 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/09/17 21:51:58 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/09/17 21:51:58 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/09/17 21:51:58 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/09/17 21:51:58 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/09/17 21:51:58 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/09/17 21:51:57 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2009/09/17 21:51:57 | 00,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2009/09/17 21:51:57 | 00,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2009/09/17 21:51:57 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2009/09/17 21:51:57 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2009/09/17 21:51:57 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2009/09/17 21:51:57 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2009/09/17 21:51:57 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2009/09/17 21:51:57 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2009/09/17 21:51:57 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2009/09/17 21:51:57 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/09/17 21:51:57 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/09/17 21:51:56 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2009/09/17 21:51:56 | 00,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2009/09/17 21:51:56 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2009/09/17 21:51:56 | 00,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2009/09/17 21:51:56 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2009/09/17 21:51:56 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2009/09/17 21:51:56 | 00,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2009/09/17 21:51:56 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2009/09/17 21:51:56 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/09/17 21:51:52 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/09/17 21:51:47 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/09/17 21:51:46 | 00,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2009/09/17 21:51:46 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2009/09/17 21:51:46 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2009/09/17 21:51:46 | 00,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2009/09/17 21:51:46 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2009/09/17 21:51:46 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/09/17 21:51:45 | 00,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2009/09/17 21:51:45 | 00,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2009/09/17 21:51:45 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2009/09/17 21:51:45 | 00,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpwd.sys
[2009/09/17 21:51:45 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2009/09/17 21:51:45 | 00,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2009/09/17 21:51:45 | 00,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2009/09/17 21:51:45 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2009/09/17 21:51:45 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdtcp.sys
[2009/09/17 21:51:45 | 00,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\tdpipe.sys
[2009/09/17 21:51:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/09/17 21:51:44 | 02,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstscax.dll
[2009/09/17 21:51:44 | 00,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstsc.exe
[2009/09/17 21:51:44 | 00,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\termsrv.dll
[2009/09/17 21:51:44 | 00,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2009/09/17 21:51:44 | 00,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2009/09/17 21:51:44 | 00,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sessmgr.exe
[2009/09/17 21:51:44 | 00,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxoci.dll
[2009/09/17 21:51:44 | 00,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2009/09/17 21:51:44 | 00,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2009/09/17 21:51:44 | 00,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2009/09/17 21:51:44 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\remotepg.dll
[2009/09/17 21:51:44 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2009/09/17 21:51:44 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2009/09/17 21:51:44 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2009/09/17 21:51:44 | 00,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2009/09/17 21:51:44 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icaapi.dll
[2009/09/17 21:51:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/09/17 21:51:43 | 00,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2009/09/17 21:51:43 | 00,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2009/09/17 21:51:43 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\colbact.dll
[2009/09/17 21:51:43 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2009/09/17 21:51:43 | 00,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2009/09/17 21:51:43 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2009/09/17 21:51:43 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2009/09/17 21:51:43 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2009/09/17 21:51:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtc.exe
[2009/09/17 21:51:43 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2009/09/17 21:51:43 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2009/09/17 21:51:43 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/09/17 21:51:42 | 01,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsvcs.dll
[2009/09/17 21:51:42 | 00,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvut.dll
[2009/09/17 21:51:42 | 00,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2009/09/17 21:51:42 | 00,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrv.dll
[2009/09/17 21:51:42 | 00,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2009/09/17 21:51:42 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2009/09/17 21:51:42 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2009/09/17 21:51:42 | 00,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2009/09/17 21:51:42 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2009/09/17 21:51:41 | 00,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatq.dll
[2009/09/17 21:51:37 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2009/09/17 21:51:37 | 00,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2009/09/17 21:51:37 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2009/09/17 21:51:37 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2009/09/17 21:51:36 | 00,196,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rdpdr.sys
[2009/09/17 21:51:36 | 00,040,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\termdd.sys
[2009/09/17 21:51:34 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2001/08/23 22:00:00 | 00,000,477 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/08/23 22:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
========== Files - Modified Within 30 Days ========== [1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/09/26 15:49:00 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jack\Desktop\OTL.exe
[2009/09/26 15:47:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/26 15:46:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/26 15:39:17 | 03,321,356 | R--- | M] () -- C:\Documents and Settings\jack\Desktop\Combo-Fix.exe
[2009/09/26 15:33:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/25 20:47:03 | 05,349,026 | -H-- | M] () -- C:\Documents and Settings\jack\Local Settings\Application Data\IconCache.db
[2009/09/25 20:27:07 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/09/25 20:20:04 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/09/25 20:03:30 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/23 21:04:02 | 00,000,210 | -H-- | M] () -- C:\Documents and Settings\jack\Desktop\7a445c7453c44c30f3505e094ebefceef4c374ab.frd
[2009/09/21 13:57:18 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\jack\Desktop\HijackThis.lnk
[2009/09/20 17:53:09 | 05,183,696 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\jack\Desktop\RUBotted.exe
[2009/09/20 17:24:51 | 00,000,701 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/20 17:02:55 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jack\Desktop\mbam-setup.exe
[2009/09/17 23:49:45 | 00,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009/09/17 22:51:49 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\jack\Desktop\HJTInstall.exe
[2009/09/17 22:38:49 | 00,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerArchiver.lnk
[2009/09/17 22:38:19 | 04,638,112 | ---- | M] () -- C:\Documents and Settings\jack\Desktop\powarc1020.exe
[2009/09/17 22:17:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/09/17 22:16:02 | 00,091,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/17 22:13:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\popcreg.dat
[2009/09/17 22:13:36 | 00,000,000 | ---- | M] () -- C:\WINDOWS\popcinfot.dat
[2009/09/17 22:11:23 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2009/09/17 22:06:02 | 00,355,636 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/17 22:06:02 | 00,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/17 22:06:02 | 00,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/17 21:59:29 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/09/17 21:58:40 | 00,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/17 21:58:29 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/09/17 21:56:39 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/17 21:56:39 | 00,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/17 21:56:39 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/09/17 21:56:39 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/17 21:56:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/09/17 21:56:39 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/09/17 21:56:39 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/17 21:56:28 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/09/17 21:56:26 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/09/17 21:56:26 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/09/17 21:56:05 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/17 21:54:31 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/09/17 21:54:31 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/09/17 21:54:20 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/09/17 21:52:32 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/17 21:52:28 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/09/17 21:52:28 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/09/17 21:50:24 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
========== LOP Check ========== [2009/09/20 17:03:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/17 22:38:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ConeXware
[2009/09/17 22:12:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2009/09/26 15:45:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\jack\Application Data
[2009/09/17 22:11:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\jack\Application Data\mIRC
[2001/08/23 22:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/26 15:47:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
========== Purity Check ========== < End of report >
OTL EXTRASOTL Extras logfile created on: 9/26/2009 3:49:55 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\jack\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.48 Mb Total Physical Memory | 798.72 Mb Available Physical Memory | 78.04% Memory free
926.10 Mb Paging File | 815.69 Mb Available in Paging File | 88.08% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 38.24 Gb Total Space | 30.74 Gb Free Space | 80.38% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: j-7D5BCBCF9
Current User Name: jack
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{85E5C804-7DD5-4CEA-9724-E1DAA21FC615}" = 3D Virtual Cube
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Trial
"{D0F210C9-64C5-41C6-8882-A111C6C49911}" = PowerArchiver 2007
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"foobar2000" = foobar2000 v0.9.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"VentriloMIX" = VentriloMIX
"Zuma Deluxe 1.0" = Zuma Deluxe 1.0
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
========== Last 10 Event Log Errors ========== [ System Events ]
Error - 9/25/2009 2:12:43 PM | Computer name=j-7D5BCBCF9 | Source = Service Control Manager | ID = 7000
Description = The Trend Micro RUBotted Service service failed to start due to the
following error: %%2
Error - 9/25/2009 2:20:33 PM | Computer name=j-7D5BCBCF9 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
Error - 9/25/2009 2:26:02 PM | Computer name=j-7D5BCBCF9 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
Error - 9/25/2009 2:27:36 PM | Computer name=j-7D5BCBCF9 | Source = Service Control Manager | ID = 7000
Description = The Trend Micro RUBotted Service service failed to start due to the
following error: %%2
Error - 9/25/2009 5:38:58 PM | Computer name=j-7D5BCBCF9 | Source = Service Control Manager | ID = 7000
Description = The Trend Micro RUBotted Service service failed to start due to the
following error: %%2
Error - 9/26/2009 9:33:30 AM | Computer name=j-7D5BCBCF9 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.4 for the Network Card with network
address 000C297DB875 has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).
Error - 9/26/2009 9:33:51 AM | Computer name=j-7D5BCBCF9 | Source = Service Control Manager | ID = 7000
Description = The Trend Micro RUBotted Service service failed to start due to the
following error: %%2
Error - 9/26/2009 9:40:44 AM | Computer name=j-7D5BCBCF9 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
Error - 9/26/2009 9:45:23 AM | Computer name=j-7D5BCBCF9 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
Error - 9/26/2009 9:45:53 AM | Computer name=j-7D5BCBCF9 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PEVSystemStart service
to connect.
< End of report >