Hey,
Me and my father have recently been "fighting" a really hardy virus!
We have no idea where it came from, or even what it's name is!
It started off as a DNS changer! We would constantly be redirected by many popular search engines to rather simple websites we didn't specify,
I.e I click on the Nvidia website, and I am redirected to Myspace.
(Oh and INSANELY slow internet)
We found it was a trojan that was being rather annoying to get rid of, so instead of attempting to get rid of it, we thought we'd just white wash the computers on our network, both computers needed a good spring clean!
So we disconnected from the network, formatted the computers and totally factory reset the router and unplugged it from the modem for a while.
I was the first to re-install Windows to see if we'd gotten rid of it!
I booted up for the first time, everything seemed "hunky-dory"
I installed my drivers and loaded up Google. Viola! No more redirecting is going on! We thought we had it totally sussed! My dad reinstalled Windows on his, and we felt like we were the owners of our computers again!
However, not long after our internet remained VERY slow, and my computer has even slowed down quite a bit, we are peaking at a 0.34 kb/sec on a 10mb connection.
It's insane! we even got in contact with our ISP, and went through the whole procedure of checking it was not a hardware fault.
NOTHING! so as it stands we simply cannot find out the issue at all! it's driving us nuts! our internet is so slow, its hardly usable! it's hard enough posting on these forums! Any help would be greatly appreciated!!
DDS (Ver_09-05-14.01) - NTFSx86
Run by James at 17:39:38.39 on 20/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.496 [GMT 1:00]
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\James\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
C:\Documents and Settings\James\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\james\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
============= SERVICES / DRIVERS ===============
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-9 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-9 24336]
R1 SDManager;SDManager;\??\c:\program files\spywaredetector\sdmanager.sys --> c:\program files\spywaredetector\SDManager.sys [?]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-9 700152]
=============== Created Last 30 ================
2009-05-20 17:08 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-05-19 22:31 69 a------- c:\windows\NeroDigital.ini
2009-05-19 22:23 <DIR> --d----- c:\program files\Nero
2009-05-19 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-05-13 16:58 63 a------- c:\windows\system\SysSD.dll
2009-05-13 16:57 <DIR> --d----- c:\program files\SpywareDetector
2009-05-13 00:43 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2009-05-13 00:43 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-05-13 00:43 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2009-05-13 00:43 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2009-05-13 00:43 16,384 ac------ c:\windows\system32\dllcache\ipsink.ax
2009-05-13 00:43 16,384 a------- c:\windows\system32\ipsink.ax
2009-05-13 00:43 15,360 ac------ c:\windows\system32\dllcache\streamip.sys
2009-05-13 00:43 15,360 a------- c:\windows\system32\drivers\StreamIP.sys
2009-05-13 00:42 11,136 ac------ c:\windows\system32\dllcache\slip.sys
2009-05-13 00:42 11,136 a------- c:\windows\system32\drivers\SLIP.sys
2009-05-13 00:42 19,328 ac------ c:\windows\system32\dllcache\wstcodec.sys
2009-05-13 00:42 19,328 a------- c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-13 00:42 85,376 ac------ c:\windows\system32\dllcache\nabtsfec.sys
2009-05-13 00:42 85,376 a------- c:\windows\system32\drivers\NABTSFEC.sys
2009-05-13 00:42 17,024 ac------ c:\windows\system32\dllcache\ccdecode.sys
2009-05-13 00:42 17,024 a------- c:\windows\system32\drivers\CCDECODE.sys
2009-05-12 20:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hagel Technologies
2009-05-12 20:26 <DIR> --d----- c:\program files\TweakMASTER
2009-05-09 16:26 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-05-09 16:24 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-05-09 16:24 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-09 16:23 <DIR> --d----- c:\program files\iPod
2009-05-09 16:23 <DIR> --d----- c:\program files\iTunes
2009-05-09 16:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-09 16:23 <DIR> --d----- c:\program files\Bonjour
2009-05-09 04:06 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-05-09 04:06 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-05-09 04:06 <DIR> --d----- c:\windows\system32\Lang
2009-05-09 04:03 155,384 a------- c:\windows\system32\guard32.dll
2009-05-09 04:03 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-05-09 04:03 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-05-09 04:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-05-09 04:03 <DIR> --d----- c:\program files\COMODO
2009-05-09 03:35 <DIR> --d----- c:\program files\Realtek
2009-05-09 02:35 <DIR> --d----- c:\documents and settings\james\Tracing
2009-05-09 02:35 <DIR> --d----- c:\program files\Microsoft
2009-05-09 02:34 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-09 02:29 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-05-09 02:29 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-05-09 02:27 130,048 ac------ c:\windows\system32\dllcache\ksproxy.ax
2009-05-09 02:27 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2009-05-09 02:27 130,048 a------- c:\windows\system32\ksproxy.ax
2009-05-09 02:27 4,096 a------- c:\windows\system32\ksuser.dll
2009-05-09 02:27 2,944 a------- c:\windows\system32\drivers\msmpu401.sys
2009-05-09 02:27 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-05-09 02:27 60,288 ac------ c:\windows\system32\dllcache\drmk.sys
2009-05-09 02:27 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-05-09 02:27 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-05-09 02:27 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-05-09 02:27 27,165 a------- c:\windows\system32\drivers\fetnd5.sys
2009-05-09 02:27 74,240 a------- c:\windows\system32\usbui.dll
2009-05-09 02:27 44,672 a------- c:\windows\system32\drivers\UAGP35.SYS
2009-05-09 02:25 <DIR> --d----- c:\program files\common files\ODBC
2009-05-09 02:25 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-05-09 02:24 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-05-09 02:22 399,645 ac------ c:\windows\system32\dllcache\MAPIMIG.CAT
2009-05-09 02:21 <DIR> --d----- C:\Documents and Settings
2009-05-09 02:20 261 a------- c:\windows\system32\$winnt$.inf
2009-05-09 02:16 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-09 02:11 <DIR> --d----- c:\program files\VIA
2009-05-09 01:37 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-05-09 01:37 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-05-09 01:36 <DIR> --d----- c:\program files\common files\MSSoap
2009-05-09 01:34 <DIR> --d----- c:\program files\Online Services
2009-05-09 01:33 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-09 01:33 <DIR> --d----- c:\program files\Messenger
2009-05-09 01:33 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-05-09 01:32 <DIR> --d----- c:\program files\Windows NT
==================== Find3M ====================
2009-05-13 14:43 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-09 03:35 315,392 a------- c:\windows\HideWin.exe
2009-05-09 01:34 21,640 a------- c:\windows\system32\emptyregdb.dat
============= FINISH: 17:40:24.26 ===============
Me and my father have recently been "fighting" a really hardy virus!
We have no idea where it came from, or even what it's name is!
It started off as a DNS changer! We would constantly be redirected by many popular search engines to rather simple websites we didn't specify,
I.e I click on the Nvidia website, and I am redirected to Myspace.
(Oh and INSANELY slow internet)
We found it was a trojan that was being rather annoying to get rid of, so instead of attempting to get rid of it, we thought we'd just white wash the computers on our network, both computers needed a good spring clean!
So we disconnected from the network, formatted the computers and totally factory reset the router and unplugged it from the modem for a while.
I was the first to re-install Windows to see if we'd gotten rid of it!
I booted up for the first time, everything seemed "hunky-dory"
I installed my drivers and loaded up Google. Viola! No more redirecting is going on! We thought we had it totally sussed! My dad reinstalled Windows on his, and we felt like we were the owners of our computers again!
However, not long after our internet remained VERY slow, and my computer has even slowed down quite a bit, we are peaking at a 0.34 kb/sec on a 10mb connection.
It's insane! we even got in contact with our ISP, and went through the whole procedure of checking it was not a hardware fault.
NOTHING! so as it stands we simply cannot find out the issue at all! it's driving us nuts! our internet is so slow, its hardly usable! it's hard enough posting on these forums! Any help would be greatly appreciated!!
DDS (Ver_09-05-14.01) - NTFSx86
Run by James at 17:39:38.39 on 20/05/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.496 [GMT 1:00]
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\DOCUME~1\James\LOCALS~1\Temp\Temporary Directory 1 for gmer.zip\gmer.exe
C:\Documents and Settings\James\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\james\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
============= SERVICES / DRIVERS ===============
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-5-9 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-5-9 24336]
R1 SDManager;SDManager;\??\c:\program files\spywaredetector\sdmanager.sys --> c:\program files\spywaredetector\SDManager.sys [?]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-5-9 700152]
=============== Created Last 30 ================
2009-05-20 17:08 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-05-19 22:31 69 a------- c:\windows\NeroDigital.ini
2009-05-19 22:23 <DIR> --d----- c:\program files\Nero
2009-05-19 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-05-13 16:58 63 a------- c:\windows\system\SysSD.dll
2009-05-13 16:57 <DIR> --d----- c:\program files\SpywareDetector
2009-05-13 00:43 5,504 ac------ c:\windows\system32\dllcache\mstee.sys
2009-05-13 00:43 5,504 a------- c:\windows\system32\drivers\MSTEE.sys
2009-05-13 00:43 10,880 ac------ c:\windows\system32\dllcache\ndisip.sys
2009-05-13 00:43 10,880 a------- c:\windows\system32\drivers\NdisIP.sys
2009-05-13 00:43 16,384 ac------ c:\windows\system32\dllcache\ipsink.ax
2009-05-13 00:43 16,384 a------- c:\windows\system32\ipsink.ax
2009-05-13 00:43 15,360 ac------ c:\windows\system32\dllcache\streamip.sys
2009-05-13 00:43 15,360 a------- c:\windows\system32\drivers\StreamIP.sys
2009-05-13 00:42 11,136 ac------ c:\windows\system32\dllcache\slip.sys
2009-05-13 00:42 11,136 a------- c:\windows\system32\drivers\SLIP.sys
2009-05-13 00:42 19,328 ac------ c:\windows\system32\dllcache\wstcodec.sys
2009-05-13 00:42 19,328 a------- c:\windows\system32\drivers\WSTCODEC.SYS
2009-05-13 00:42 85,376 ac------ c:\windows\system32\dllcache\nabtsfec.sys
2009-05-13 00:42 85,376 a------- c:\windows\system32\drivers\NABTSFEC.sys
2009-05-13 00:42 17,024 ac------ c:\windows\system32\dllcache\ccdecode.sys
2009-05-13 00:42 17,024 a------- c:\windows\system32\drivers\CCDECODE.sys
2009-05-12 20:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Hagel Technologies
2009-05-12 20:26 <DIR> --d----- c:\program files\TweakMASTER
2009-05-09 16:26 26,496 ac------ c:\windows\system32\dllcache\usbstor.sys
2009-05-09 16:24 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-05-09 16:24 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-09 16:23 <DIR> --d----- c:\program files\iPod
2009-05-09 16:23 <DIR> --d----- c:\program files\iTunes
2009-05-09 16:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-09 16:23 <DIR> --d----- c:\program files\Bonjour
2009-05-09 04:06 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-05-09 04:06 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-05-09 04:06 <DIR> --d----- c:\windows\system32\Lang
2009-05-09 04:03 155,384 a------- c:\windows\system32\guard32.dll
2009-05-09 04:03 110,992 a------- c:\windows\system32\drivers\cmdguard.sys
2009-05-09 04:03 24,336 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-05-09 04:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Comodo
2009-05-09 04:03 <DIR> --d----- c:\program files\COMODO
2009-05-09 03:35 <DIR> --d----- c:\program files\Realtek
2009-05-09 02:35 <DIR> --d----- c:\documents and settings\james\Tracing
2009-05-09 02:35 <DIR> --d----- c:\program files\Microsoft
2009-05-09 02:34 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-05-09 02:29 82,944 a------- c:\windows\system32\drivers\wdmaud.sys
2009-05-09 02:29 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-05-09 02:27 130,048 ac------ c:\windows\system32\dllcache\ksproxy.ax
2009-05-09 02:27 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2009-05-09 02:27 130,048 a------- c:\windows\system32\ksproxy.ax
2009-05-09 02:27 4,096 a------- c:\windows\system32\ksuser.dll
2009-05-09 02:27 2,944 a------- c:\windows\system32\drivers\msmpu401.sys
2009-05-09 02:27 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-05-09 02:27 60,288 ac------ c:\windows\system32\dllcache\drmk.sys
2009-05-09 02:27 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-05-09 02:27 60,288 a------- c:\windows\system32\drivers\drmk.sys
2009-05-09 02:27 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-05-09 02:27 27,165 a------- c:\windows\system32\drivers\fetnd5.sys
2009-05-09 02:27 74,240 a------- c:\windows\system32\usbui.dll
2009-05-09 02:27 44,672 a------- c:\windows\system32\drivers\UAGP35.SYS
2009-05-09 02:25 <DIR> --d----- c:\program files\common files\ODBC
2009-05-09 02:25 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-05-09 02:24 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-05-09 02:22 399,645 ac------ c:\windows\system32\dllcache\MAPIMIG.CAT
2009-05-09 02:21 <DIR> --d----- C:\Documents and Settings
2009-05-09 02:20 261 a------- c:\windows\system32\$winnt$.inf
2009-05-09 02:16 <DIR> --d----- c:\program files\common files\Windows Live
2009-05-09 02:11 <DIR> --d----- c:\program files\VIA
2009-05-09 01:37 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-05-09 01:37 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-05-09 01:36 <DIR> --d----- c:\program files\common files\MSSoap
2009-05-09 01:34 <DIR> --d----- c:\program files\Online Services
2009-05-09 01:33 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-05-09 01:33 <DIR> --d----- c:\program files\Messenger
2009-05-09 01:33 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-05-09 01:32 <DIR> --d----- c:\program files\Windows NT
==================== Find3M ====================
2009-05-13 14:43 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-09 03:35 315,392 a------- c:\windows\HideWin.exe
2009-05-09 01:34 21,640 a------- c:\windows\system32\emptyregdb.dat
============= FINISH: 17:40:24.26 ===============
