DDS (Ver_10-03-17.01) - NTFSX64
Run by Nichol at 2:15:35.78 on 08/11/2010 Wed
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.949.82.1033.18.4094.2170 [GMT -7:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\lxebmon.exe
C:\Program Files (x86)\Lexmark Pro200-S500 Series\ezprint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxebcoms.exe
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\SysWOW64\PSIService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Norton 360\Engine\3.8.0.41\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\notepad.exe
C:\Users\Nichol\Desktop\l4z6uo41.exe
C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Nichol\Downloads\dds.scr
C:\Windows\SysWOW64\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.people.com/people/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files (x86)\lexmark toolbar\toolband.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton 360\engine\3.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton 360\engine\3.8.0.41\IPSBHO.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files (x86)\java\jre6\bin\ssv.dll
BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - No File
TB: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files (x86)\lexmark toolbar\toolband.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton 360\engine\3.8.0.41\coIEPlg.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [RocketDock] "c:\program files (x86)\rocketdock\RocketDock.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [Lexmark Pro200-S500 Series] "c:\program files (x86)\lexmark pro200-s500 series\fm3032.exe" /s
mRun: [Carbonite Backup] "c:\program files (x86)\carbonite\carbonite backup\CarboniteUI.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office\OSA9.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Download all by FlashGet3 - c:\users\nichol\appdata\roaming\flashgetbho\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\nichol\appdata\roaming\flashgetbho\GetUrl.htm
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton 360\engine\3.8.0.41\CoIEPlg.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
TB-X64: {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No File
TB-X64: {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [IAAnotif] "c:\program files (x86)\intel\intel matrix storage manager\iaanotif.exe"
mRun-x64: [lxebmon.exe] "c:\program files (x86)\lexmark pro200-s500 series\lxebmon.exe"
mRun-x64: [EzPrint] "c:\program files (x86)\lexmark pro200-s500 series\ezprint.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\users\nichol\appdata\roaming\mozilla\firefox\profiles\oh6b0s1z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://spadow.wordpress.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\coffplgn\components\coFFPlgn.dll
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\program files (x86)\ahnlab\asp\components\aosmgr\conflict_228\npaosmgr.dll
FF - plugin: c:\program files (x86)\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files (x86)\ahnlab\asp\mykeydefense 2.5\npmkd25sp.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files (x86)\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\programdata\nexon\ngm\npNxGame.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\nichol\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360x64\0308000.029\SymEFA64.sys [2010-4-20 402992]
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\n360x64\0308000.029\BHDrvx64.sys [2010-4-20 334384]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360x64\0308000.029\cchpx64.sys [2010-4-20 583296]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100809.001\IDSviA64.sys [2010-8-10 463408]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-1-20 27648]
R2 lxeb_device;lxeb_device;c:\windows\system32\lxebcoms.exe -service --> c:\windows\system32\lxebcoms.exe -service [?]
R2 N360;Norton 360;c:\program files (x86)\norton 360\engine\3.8.0.41\ccSvcHst.exe [2010-4-20 117640]
R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\teamviewer\version5\TeamViewer_Service.exe [2010-4-16 173352]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\viewpoint\common\ViewpointService.exe [2008-11-23 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-6 132656]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\n360x64\0308000.029\symndisv.sys [2010-4-20 56880]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\system32\drivers\xcbdax64.sys [2008-11-6 204672]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1c9cd1a95810450;Google Update Service (gupdate1c9cd1a95810450);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-5-4 133104]
S2 lxebCATSCustConnectService;lxebCATSCustConnectService;c:\windows\system32\spool\drivers\x64\3\lxebserv.exe [2010-4-7 45736]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 Mkd2Bthf;Mkd2Bthf;c:\windows\system32\drivers\Mkd2BthF.sys [2010-7-13 99416]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-7-13 106072]
S3 Mkd3kfNt;Mkd3kfNt;c:\windows\system32\drivers\mkd3kfnt.sys [2010-7-13 182872]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC_x64.pkms [2008-9-9 25888]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-12-2 89920]
============== File Associations ===============
JSEFile=c:\windows\syswow64\WScript.exe "%1" %*
=============== Created Last 30 ================
2010-08-11 07:03:25 0 d-----w- c:\program files (x86)\Trend Micro
2010-08-11 01:28:42 0 d-----w- c:\users\nichol\appdata\roaming\ZeroK
2010-08-11 01:28:23 0 d-----w- c:\program files (x86)\ZeroK
2010-08-09 08:53:56 0 d-----w- c:\program files\iPod
2010-08-09 08:53:54 0 d-----w- c:\program files\iTunes
2010-08-09 08:49:57 629 ----a-w- c:\windows\system32\mapisvc.inf
2010-08-03 13:09:00 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-14 21:59:12 25872 ----a-w- c:\windows\syswow64\INIUAC.exe
2010-07-14 21:59:12 214584 ----a-w- c:\windows\syswow64\SCSKLoader.exe
2010-07-14 21:59:12 0 d-----w- c:\program files (x86)\INICIS61
2010-07-14 02:26:47 0 dc----w- C:\Hotspot Shield
2010-07-14 02:26:29 0 d-----w- c:\program files (x86)\Hotspot Shield
2010-07-14 00:11:23 99416 ----a-w- c:\windows\system32\drivers\Mkd2BthF.sys
2010-07-14 00:11:23 182872 ----a-w- c:\windows\system32\drivers\mkd3kfnt.sys
2010-07-14 00:11:23 106072 ----a-w- c:\windows\system32\drivers\Mkd2Nadr.sys
2010-07-14 00:07:51 0 d-----w- c:\program files (x86)\AhnLab
2010-07-13 00:36:34 0 d-----w- c:\program files\Bonjour
2010-07-13 00:36:34 0 d-----w- c:\program files (x86)\Bonjour
2010-07-12 10:06:29 248 ----a-w- c:\windows\syswow64\secustat.dat
2010-07-12 09:58:16 0 d-----w- c:\users\nichol\appdata\roaming\uTorrent
2010-07-12 09:48:53 0 d-----w- c:\programdata\Nexon
2010-07-12 09:36:30 0 dc----w- C:\Downloads
2010-07-12 09:36:23 305 ----a-w- c:\windows\syswow64\secushr.dat
2010-07-12 09:35:51 25 ----a-w- c:\windows\libem.INI
2010-07-12 09:35:17 0 d-----w- c:\users\nichol\appdata\roaming\FlashGet
2010-07-12 09:35:16 0 d-----w- c:\users\nichol\appdata\roaming\BITS
2010-07-12 09:35:13 0 d-----w- c:\users\nichol\appdata\roaming\FlashGetBHO
2010-07-12 09:35:11 0 d-----w- c:\program files (x86)\FlashGet Network
==================== Find3M ====================
2010-08-11 08:31:22 70773 ----a-w- c:\programdata\nvModes.dat
2010-08-11 06:59:33 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-11 06:59:33 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-14 02:30:14 143360 ----a-w- c:\windows\inf\infstor.dat
2010-06-16 20:33:40 37888 ----a-w- c:\windows\system32\drivers\taphss.sys
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 21:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 23:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 23:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 23:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 23:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2009-12-09 15:22:54 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-05 01:05:37 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-05 01:05:37 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-05 01:05:37 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2010-04-16 02:30:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-16 02:30:35 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-16 02:30:35 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-17 12:20:55 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2010-04-07 21:07:15 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012010040720100408\index.dat
2009-10-17 10:13:54 245760 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-11-06 18:48:33 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 2:16:06.73 ===============