next log
DDS (Ver_10-03-17.01) - NTFSx86
Run by moore family at 1:17:50.20 on Thu 05/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.382.143 [GMT -5:00]
AV: Webroot Internet Security Essentials *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: iolo AntiVirus® *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: Webroot Internet Security Essentials *enabled* {63671000-11A2-46DD-BADD-A084CABCDEAE}
FW: Lavasoft Personal Firewall *disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
============== Running Processes ===============
C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\moore family\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uSearch Bar = hxxp://www.google.com/ie
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: &Google Web Accelerator Helper: {69a87b7d-de56-4136-9655-716ba50c19c7} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
BHO: Ask Toolbar BHO: {d4027c7f-154a-4066-a1ad-4243d8127440} - Webroot Toolbar
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
TB: Webroot Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} -
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Logitech Hardware Abstraction Layer] "KHALMNPR.EXE"
mRun: [NI.UWFX5_0001_N56M0311] c:\documents and settings\moore family\local settings\temporary internet files\content.ie5\gbm547gv\WinFixerScannerInstall[1].exe -nag
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [@OnlineArmor GUI] "c:\program files\tall emu\online armor\oaui.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\rungoo~1.lnk - c:\program files\google\web accelerator\GoogleWebAccWarden.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/LSSupCtl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1132341909031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} - hxxps://ediagnostics.lexmark.com/serval.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\mooref~1\applic~1\mozilla\firefox\profiles\1ad26hkf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?rls=ig&hl=en&source=iglk
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com
http://www.google.com');user_pref('capability.policy.localfilelinks.checkl
oaduri.enabled', 'allAccess');c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.
enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "
http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugi
n", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-4-27 61440]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-9-10 611664]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-4-22 704432]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-4-22 704432]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [2006-12-24 2368]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\spy sweeper\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\spy sweeper\WRConsumerService.exe [2010-2-24 1201640]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\stk017w2.sys --> c:\windows\system32\drivers\STK017W2.sys [?]
S3 PRISM_USB;D-Link Air DWL-121 Wireless USB Adapter Driver;c:\windows\system32\drivers\PRISMUSB.sys [2003-4-10 636416]
S4 ADBLOCK.DLL;Lavasoft Firewall PlugIn (ADBLOCK.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\adblock.dll --> c:\program files\lavasoft\personal firewall\kernel\ADBLOCK.DLL [?]
S4 ARP.DLL;Lavasoft Firewall PlugIn (ARP.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\arp.dll --> c:\program files\lavasoft\personal firewall\kernel\ARP.DLL [?]
S4 CONTENT.DLL;Lavasoft Firewall PlugIn (CONTENT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\content.dll --> c:\program files\lavasoft\personal firewall\kernel\CONTENT.DLL [?]
S4 DNSCACHE.DLL;Lavasoft Firewall PlugIn (DNSCACHE.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\dnscache.dll --> c:\program files\lavasoft\personal firewall\kernel\DNSCACHE.DLL [?]
S4 FTPFILT.DLL;Lavasoft Firewall PlugIn (FTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\ftpfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\FTPFILT.DLL [?]
S4 HTMLFILT.DLL;Lavasoft Firewall PlugIn (HTMLFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\htmlfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\HTMLFILT.DLL [?]
S4 HTTPFILT.DLL;Lavasoft Firewall PlugIn (HTTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\httpfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\HTTPFILT.DLL [?]
S4 IMAPFILT.DLL;Lavasoft Firewall PlugIn (IMAPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\imapfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\IMAPFILT.DLL [?]
S4 LavasoftFirewall;Lavasoft Personal Firewall Service;c:\program files\lavasoft\personal firewall\lpfw.exe /service --> c:\program files\lavasoft\personal firewall\lpfw.exe [?]
S4 MAILFILT.DLL;Lavasoft Firewall PlugIn (MAILFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\mailfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\MAILFILT.DLL [?]
S4 NNTPFILT.DLL;Lavasoft Firewall PlugIn (NNTPFILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\nntpfilt.dll --> c:\program files\lavasoft\personal firewall\kernel\NNTPFILT.DLL [?]
S4 POP3FILT.DLL;Lavasoft Firewall PlugIn (POP3FILT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\pop3filt.dll --> c:\program files\lavasoft\personal firewall\kernel\POP3FILT.DLL [?]
S4 PROTECT.DLL;Lavasoft Firewall PlugIn (PROTECT.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\protect.dll --> c:\program files\lavasoft\personal firewall\kernel\PROTECT.DLL [?]
S4 SECRET.DLL;Lavasoft Firewall PlugIn (SECRET.DLL);\??\c:\program files\lavasoft\personal firewall\kernel\secret.dll --> c:\program files\lavasoft\personal firewall\kernel\SECRET.DLL [?]
S4 VFILT;Lavasoft Firewall Kernel Driver;\??\c:\program files\lavasoft\personal firewall\kernel\filtnt.sys --> c:\program files\lavasoft\personal firewall\kernel\FILTNT.SYS [?]
=============== Created Last 30 ================
2010-05-12 17:26:56 0 d-s---w- C:\commy.exe
2010-05-12 11:32:20 0 d-sha-r- C:\cmdcons
2010-05-12 06:35:28 0 d-s---w- C:\ComboFix
2010-05-11 03:17:06 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-11 03:16:59 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-11 03:16:59 0 d-----w- c:\docume~1\mooref~1\applic~1\SUPERAntiSpyware.com
2010-05-08 19:52:55 98816 ----a-w- c:\windows\sed.exe
2010-05-08 19:52:55 77312 ----a-w- c:\windows\MBR.exe
2010-05-08 19:52:55 256512 ----a-w- c:\windows\PEV.exe
2010-05-08 19:52:55 161792 ----a-w- c:\windows\SWREG.exe
2010-05-08 06:24:07 0 d-----w- C:\3399b69f05089dbfd00560f2
2010-05-08 06:06:18 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-05-07 19:30:27 0 d-----w- c:\docume~1\mooref~1\applic~1\Uniblue
2010-05-07 18:51:17 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-05-07 07:03:16 54016 ----a-w- c:\windows\system32\drivers\rewac.sys
2010-05-06 19:42:29 0 d-----w- c:\program files\3ivx
2010-05-06 18:21:04 54016 ----a-w- c:\windows\system32\drivers\cxxqtr.sys
2010-05-06 15:17:27 54016 ----a-w- c:\windows\system32\drivers\sdfsaevy.sys
2010-05-06 14:10:24 0 d-----w- c:\docume~1\mooref~1\applic~1\Malwarebytes
2010-05-06 14:10:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-06 14:10:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-06 14:10:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-04 13:17:41 0 d-----w- c:\docume~1\mooref~1\applic~1\Registry Mechanic
2010-05-03 02:05:36 126 ----a-w- c:\windows\system32\mmc.exe.config
2010-04-27 05:40:16 0 d-sh--w- C:\found.000
2010-04-24 13:39:56 126976 ----a-w- c:\windows\system32\iavlsp.dll
2010-04-24 13:38:58 681984 ----a-w- c:\windows\is-QMTOA.exe
2010-04-24 13:38:58 234 ----a-w- c:\windows\is-QMTOA.lst
2010-04-24 13:38:58 10607 ----a-w- c:\windows\is-QMTOA.msg
2010-04-24 06:02:20 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-04-22 18:48:51 108880 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2010-04-22 16:28:11 696832 ----a-w- c:\windows\is-NJKBP.exe
2010-04-22 16:28:11 456 ----a-w- c:\windows\is-NJKBP.lst
2010-04-22 16:28:11 10482 ----a-w- c:\windows\is-NJKBP.msg
2010-04-22 15:45:23 406 ----a-w- c:\windows\system32\ioloBootDefrag.cfg
2010-04-22 15:44:17 0 d-----w- c:\program files\iolo
2010-04-22 15:40:24 74703 ----a-w- c:\windows\system32\mfc45.dll
2010-04-22 15:37:42 0 d-----w- c:\docume~1\mooref~1\applic~1\iolo
2010-04-22 15:37:42 0 d-----w- c:\docume~1\alluse~1\applic~1\iolo
2010-04-21 16:08:42 40224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
==================== Find3M ====================
2010-05-12 07:10:29 507 ----a-w- c:\program files\Shortcut to Absolutist.com.lnk
2010-05-09 21:39:18 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-17 14:10:28 2189952 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2066816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2008-12-03 17:54:02 170 ----a-w- c:\program files\1bomb.ini
2008-09-01 21:44:14 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090120080902\index.dat