TheEarl
2010-05-27, 03:18
I'm afraid someone gained access to my laptop while I was away from home. I'd like to make sure no keyloggers or spyware or other such nastiness was installed.
DDS (Ver_10-03-17.01) - NTFSX64
Run by TheEarl at 18:11:43.37 on Wed 05/26/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4091.2643 [GMT -7:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Mozy\mozybackup.exe
C:\Program Files (x86)\Mozy\mozybackup.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\TheEarl\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Mozy\mozystat.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\OEM13Mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\TheEarl\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = https://share.law.northwestern.edu/jclc/default.aspx
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\theearl\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\theearl\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ISUSPM] "c:\program files (x86)\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files (x86)\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\theearl\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files (x86)\mozy\mozystat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
AppInit_DLLs-X64: avgrssta.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\theearl\appdata\roaming\mozilla\firefox\profiles\dzn17kf0.default\
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\theearl\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\theearl\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\theearl\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 DLACDBHE;DLACDBHE;c:\windows\system32\drivers\DLACDBHE.SYS [2010-1-16 17776]
R0 DRVECDB;DRVECDB;c:\windows\system32\drivers\DRVECDB.SYS [2010-1-16 124112]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-1-16 55024]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-1-8 269320]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-1-8 35464]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-1-8 317520]
R1 DLARTL_E;DLARTL_E;c:\windows\system32\drivers\DLARTL_E.SYS [2010-1-16 41072]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 DLABMFSE;DLABMFSE;c:\windows\system32\drivers\DLABMFSE.SYS [2010-1-16 46448]
R2 DLABOIOE;DLABOIOE;c:\windows\system32\drivers\DLABOIOE.SYS [2010-1-16 42352]
R2 DLADResE;DLADResE;c:\windows\system32\drivers\DLADResE.SYS [2010-1-16 9968]
R2 DLAIFS_E;DLAIFS_E;c:\windows\system32\drivers\DLAIFS_E.SYS [2010-1-16 146672]
R2 DLAOPIOE;DLAOPIOE;c:\windows\system32\drivers\DLAOPIOE.SYS [2010-1-16 35056]
R2 DLAPoolE;DLAPoolE;c:\windows\system32\drivers\DLAPoolE.SYS [2010-1-16 19824]
R2 DLAUDF_E;DLAUDF_E;c:\windows\system32\drivers\DLAUDF_E.SYS [2010-1-16 144112]
R2 DLAUDFAE;DLAUDFAE;c:\windows\system32\drivers\DLAUDFAE.SYS [2010-1-16 135152]
R2 DRVEDDM;DRVEDDM;c:\windows\system32\drivers\DRVEDDM.SYS [2010-1-16 63984]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 12288]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 267296]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1255736]
=============== Created Last 30 ================
2010-05-27 00:28:16 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-27 00:28:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-13 21:21:47 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-13 21:21:47 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-11 15:06:24 0 d-----w- c:\program files (x86)\Audible
2010-05-01 06:40:00 0 d-----w- c:\programdata\Sun
2010-05-01 06:39:04 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-01 06:39:04 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-01 06:39:04 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-01 06:39:04 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-01 06:04:15 0 d-sh--w- c:\programdata\SecuROM
2010-05-01 06:02:30 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-05-01 06:02:17 453456 ----a-w- c:\windows\syswow64\d3dx10_42.dll
2010-05-01 06:02:17 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2010-05-01 06:01:49 0 d-----w- c:\windows\syswow64\xlive
2010-05-01 06:01:49 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2010-04-30 02:12:55 733320 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2010-04-28 19:11:41 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-04-28 19:11:41 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-04-28 19:11:41 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 19:11:41 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-28 19:11:41 12867072 ----a-w- c:\windows\syswow64\shell32.dll
==================== Find3M ====================
2010-05-27 00:58:23 57752 ----a-w- c:\windows\syswow64\rpcnet.dll
2010-05-27 00:58:23 17920 ----a-w- c:\windows\syswow64\rpcnetp.dll
2010-05-27 00:57:20 17920 ----a-w- c:\windows\syswow64\rpcnetp.exe
2010-05-27 00:57:20 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-05-22 18:03:54 13160 ----a-w- c:\windows\syswow64\Upgrd.exe
2010-05-22 18:03:48 57752 ------w- c:\windows\syswow64\rpcnet.exe
2010-05-06 00:26:14 1475 ----a-w- c:\users\theearl\appdata\roaming\SAS7_000.DAT
2010-04-24 21:51:17 98304 ----a-w- c:\windows\W2BNEUnin.exe
2010-04-24 21:51:17 2829 ----a-w- c:\windows\W2BNEUnin.pif
2010-04-24 21:51:17 20298 ----a-w- c:\windows\W2BNEUnin.dat
2010-04-21 17:45:26 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-03-18 05:25:39 86528 ----a-w- c:\windows\bnetunin.exe
2010-03-18 05:25:39 61440 ----a-w- c:\windows\diabunin.exe
2010-03-14 06:55:37 26884 ----a-w- c:\windows\fonts\MOVIPI_.TTF
2010-03-14 06:55:37 26604 ----a-w- c:\windows\fonts\MOVIPBI.TTF
2010-03-14 06:55:37 26456 ----a-w- c:\windows\fonts\Movipci.ttf
2010-03-14 06:55:37 26168 ----a-w- c:\windows\fonts\Movipcbi.ttf
2010-03-14 06:55:37 22428 ----a-w- c:\windows\fonts\MOVIPRG.TTF
2010-03-14 06:55:37 22388 ----a-w- c:\windows\fonts\Movipcrg.ttf
2010-03-14 06:55:37 22240 ----a-w- c:\windows\fonts\MOVIPB_.TTF
2010-03-14 06:55:37 22124 ----a-w- c:\windows\fonts\Movipcb.ttf
2010-03-14 06:51:28 38396 ----a-w- c:\windows\fonts\Univers LT 39 Thin Ultra Condensed_0.ttf
2010-03-14 06:51:28 38396 ----a-w- c:\windows\fonts\Univers LT 39 Thin Ultra Condensed.ttf
2010-03-14 06:35:43 24472 ----a-w- c:\windows\fonts\SF Movie Poster Condensed.ttf
2010-03-14 06:35:43 24364 ----a-w- c:\windows\fonts\SF Movie Poster Oblique.ttf
2010-03-14 06:35:43 24128 ----a-w- c:\windows\fonts\SF Movie Poster Condensed Oblique.ttf
2010-03-14 06:35:43 23852 ----a-w- c:\windows\fonts\SF Movie Poster Condensed Bold.ttf
2010-03-14 06:35:43 23780 ----a-w- c:\windows\fonts\SF Movie Poster Bold.ttf
2010-03-14 06:35:43 23716 ----a-w- c:\windows\fonts\SF Movie Poster Condensed Bold Oblique.ttf
2010-03-14 06:35:43 23684 ----a-w- c:\windows\fonts\SF Movie Poster Bold Oblique.ttf
2010-03-12 15:43:13 12976 ----a-w- c:\windows\system32\avgrssta.dll
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-02-27 15:17:00 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-17 05:47:27 66936 --sha-w- c:\windows\dlinfo_0.drv
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-26 17:31:30 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-26 17:31:30 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-26 17:31:30 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-26 17:31:30 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 18:12:43.86 ===============
DDS (Ver_10-03-17.01) - NTFSX64
Run by TheEarl at 18:11:43.37 on Wed 05/26/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4091.2643 [GMT -7:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files (x86)\Mozy\mozybackup.exe
C:\Program Files (x86)\Mozy\mozybackup.exe
C:\Windows\SysWOW64\rpcnet.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Users\TheEarl\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Mozy\mozystat.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\OEM13Mon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\TheEarl\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\TheEarl\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\TheEarl\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = https://share.law.northwestern.edu/jclc/default.aspx
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\theearl\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\theearl\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [ISUSPM Startup] c:\progra~2\common~1\instal~1\update~1\ISUSPM.exe -startup
uRun: [ISUSPM] "c:\program files (x86)\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Steam] "c:\program files (x86)\steam\Steam.exe" -silent
mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [OEM13Mon.exe] c:\windows\OEM13Mon.exe
mRun: [PDVDDXSrv] "c:\program files (x86)\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [ISUSScheduler] "c:\program files (x86)\common files\installshield\updateservice\issch.exe" -start
mRun: [DNS7reminder] "c:\program files (x86)\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\programdata\nuance\naturallyspeaking10\Ereg.ini
mRun: [GrooveMonitor] "c:\program files (x86)\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\users\theearl\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files (x86)\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mozyho~1.lnk - c:\program files (x86)\mozy\mozystat.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files (x86)\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files (x86)\microsoft office\office12\GrooveShellExtensions.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
mRun-x64: [Apoint] c:\program files\delltpad\Apoint.exe
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
AppInit_DLLs-X64: avgrssta.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\theearl\appdata\roaming\mozilla\firefox\profiles\dzn17kf0.default\
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\theearl\appdata\local\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\users\theearl\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\theearl\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 DLACDBHE;DLACDBHE;c:\windows\system32\drivers\DLACDBHE.SYS [2010-1-16 17776]
R0 DRVECDB;DRVECDB;c:\windows\system32\drivers\DRVECDB.SYS [2010-1-16 124112]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2010-1-16 55024]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-1-8 269320]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-1-8 35464]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-1-8 317520]
R1 DLARTL_E;DLARTL_E;c:\windows\system32\drivers\DLARTL_E.SYS [2010-1-16 41072]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-3-12 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-3-12 308064]
R2 DLABMFSE;DLABMFSE;c:\windows\system32\drivers\DLABMFSE.SYS [2010-1-16 46448]
R2 DLABOIOE;DLABOIOE;c:\windows\system32\drivers\DLABOIOE.SYS [2010-1-16 42352]
R2 DLADResE;DLADResE;c:\windows\system32\drivers\DLADResE.SYS [2010-1-16 9968]
R2 DLAIFS_E;DLAIFS_E;c:\windows\system32\drivers\DLAIFS_E.SYS [2010-1-16 146672]
R2 DLAOPIOE;DLAOPIOE;c:\windows\system32\drivers\DLAOPIOE.SYS [2010-1-16 35056]
R2 DLAPoolE;DLAPoolE;c:\windows\system32\drivers\DLAPoolE.SYS [2010-1-16 19824]
R2 DLAUDF_E;DLAUDF_E;c:\windows\system32\drivers\DLAUDF_E.SYS [2010-1-16 144112]
R2 DLAUDFAE;DLAUDFAE;c:\windows\system32\drivers\DLAUDFAE.SYS [2010-1-16 135152]
R2 DRVEDDM;DRVEDDM;c:\windows\system32\drivers\DRVEDDM.SYS [2010-1-16 63984]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [2007-3-5 12288]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [2008-5-28 267296]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 17920]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1255736]
=============== Created Last 30 ================
2010-05-27 00:28:16 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-05-27 00:28:16 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-13 21:21:47 976896 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-13 21:21:47 740864 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-05-11 15:06:24 0 d-----w- c:\program files (x86)\Audible
2010-05-01 06:40:00 0 d-----w- c:\programdata\Sun
2010-05-01 06:39:04 411368 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-05-01 06:39:04 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-05-01 06:39:04 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-05-01 06:39:04 145184 ----a-w- c:\windows\syswow64\java.exe
2010-05-01 06:04:15 0 d-sh--w- c:\programdata\SecuROM
2010-05-01 06:02:30 178800 ----a-w- c:\windows\syswow64\CmdLineExt_x64.dll
2010-05-01 06:02:17 453456 ----a-w- c:\windows\syswow64\d3dx10_42.dll
2010-05-01 06:02:17 1892184 ----a-w- c:\windows\syswow64\D3DX9_42.dll
2010-05-01 06:01:49 0 d-----w- c:\windows\syswow64\xlive
2010-05-01 06:01:49 0 d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2010-04-30 02:12:55 733320 ----a-w- c:\windows\syswow64\PerfStringBackup.INI
2010-04-28 19:11:41 96768 ----a-w- c:\windows\syswow64\sspicli.dll
2010-04-28 19:11:41 22016 ----a-w- c:\windows\syswow64\secur32.dll
2010-04-28 19:11:41 153160 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-28 19:11:41 1446912 ----a-w- c:\windows\system32\lsasrv.dll
2010-04-28 19:11:41 12867072 ----a-w- c:\windows\syswow64\shell32.dll
==================== Find3M ====================
2010-05-27 00:58:23 57752 ----a-w- c:\windows\syswow64\rpcnet.dll
2010-05-27 00:58:23 17920 ----a-w- c:\windows\syswow64\rpcnetp.dll
2010-05-27 00:57:20 17920 ----a-w- c:\windows\syswow64\rpcnetp.exe
2010-05-27 00:57:20 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2010-05-22 18:03:54 13160 ----a-w- c:\windows\syswow64\Upgrd.exe
2010-05-22 18:03:48 57752 ------w- c:\windows\syswow64\rpcnet.exe
2010-05-06 00:26:14 1475 ----a-w- c:\users\theearl\appdata\roaming\SAS7_000.DAT
2010-04-24 21:51:17 98304 ----a-w- c:\windows\W2BNEUnin.exe
2010-04-24 21:51:17 2829 ----a-w- c:\windows\W2BNEUnin.pif
2010-04-24 21:51:17 20298 ----a-w- c:\windows\W2BNEUnin.dat
2010-04-21 17:45:26 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-03-18 05:25:39 86528 ----a-w- c:\windows\bnetunin.exe
2010-03-18 05:25:39 61440 ----a-w- c:\windows\diabunin.exe
2010-03-14 06:55:37 26884 ----a-w- c:\windows\fonts\MOVIPI_.TTF
2010-03-14 06:55:37 26604 ----a-w- c:\windows\fonts\MOVIPBI.TTF
2010-03-14 06:55:37 26456 ----a-w- c:\windows\fonts\Movipci.ttf
2010-03-14 06:55:37 26168 ----a-w- c:\windows\fonts\Movipcbi.ttf
2010-03-14 06:55:37 22428 ----a-w- c:\windows\fonts\MOVIPRG.TTF
2010-03-14 06:55:37 22388 ----a-w- c:\windows\fonts\Movipcrg.ttf
2010-03-14 06:55:37 22240 ----a-w- c:\windows\fonts\MOVIPB_.TTF
2010-03-14 06:55:37 22124 ----a-w- c:\windows\fonts\Movipcb.ttf
2010-03-14 06:51:28 38396 ----a-w- c:\windows\fonts\Univers LT 39 Thin Ultra Condensed_0.ttf
2010-03-14 06:51:28 38396 ----a-w- c:\windows\fonts\Univers LT 39 Thin Ultra Condensed.ttf
2010-03-14 06:35:43 24472 ----a-w- c:\windows\fonts\SF Movie Poster Condensed.ttf
2010-03-14 06:35:43 24364 ----a-w- c:\windows\fonts\SF Movie Poster Oblique.ttf
2010-03-14 06:35:43 24128 ----a-w- c:\windows\fonts\SF Movie Poster Condensed Oblique.ttf
2010-03-14 06:35:43 23852 ----a-w- c:\windows\fonts\SF Movie Poster Condensed Bold.ttf
2010-03-14 06:35:43 23780 ----a-w- c:\windows\fonts\SF Movie Poster Bold.ttf
2010-03-14 06:35:43 23716 ----a-w- c:\windows\fonts\SF Movie Poster Condensed Bold Oblique.ttf
2010-03-14 06:35:43 23684 ----a-w- c:\windows\fonts\SF Movie Poster Bold Oblique.ttf
2010-03-12 15:43:13 12976 ----a-w- c:\windows\system32\avgrssta.dll
2010-03-08 21:59:59 612352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 21:33:56 427520 ----a-w- c:\windows\syswow64\vbscript.dll
2010-02-27 15:17:00 5509008 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07:48 3954568 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-02-27 12:07:48 3899280 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-01-17 05:47:27 66936 --sha-w- c:\windows\dlinfo_0.drv
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-01-26 17:31:30 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-01-26 17:31:30 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-01-26 17:31:30 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2010-01-26 17:31:30 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 18:12:43.86 ===============