Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

OTL & MBAM logs

Started by Ujavaid , Sep 24 2009 01:43 PM

  • Please log in to reply

#1
Ujavaid
Posted 24 September 2009 - 01:43 PM

Ujavaid

    New Member

  • Member
  • Pip
  • 8 posts
Hello

I recently got infected with a bad case of the Win32.Sillyfdc virus and managed to recover through a back up of my data to an external hard drive, a clean install of XP SP2 and burning malware removal tools, including Flash_Disinfector to a CDROM and securing/updating the system upon reinstall.

I believe I've managed to recover my laptop using the tools listed in the Malware Removal Guide. I'm posting my logs herewith in the hopes that anything undetected or suspicious will be picked up by a Geek On Duty. Kthnx.

OTL LOGFILE

OTL logfile created on: 9/25/2009 1:29:37 AM - Run 2
OTL by OldTimer - Version 3.0.14.0 Folder = D:\Software
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.34 Gb Available Physical Memory | 67.05% Memory free
3.85 Gb Paging File | 3.20 Gb Available in Paging File | 83.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 24.19 Gb Free Space | 70.78% Space Free | Partition Type: NTFS
Drive D: | 21.66 Gb Total Space | 17.29 Gb Free Space | 79.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINTERMUTE
Current User Name: Usman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/09/19 22:36:44 | 00,723,632 | ---- | M] (COMODO) -- D:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2007/06/13 15:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/09/19 18:05:52 | 02,007,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2005/11/10 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2009/09/17 22:54:15 | 02,171,904 | ---- | M] (Crawler.com) -- D:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
PRC - [2009/09/19 22:37:38 | 01,799,952 | ---- | M] (COMODO) -- D:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2006/06/29 12:13:32 | 01,032,192 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2009/09/19 18:05:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2006/06/29 12:12:34 | 00,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
PRC - [2009/09/17 22:54:17 | 00,487,424 | ---- | M] (Crawler.com) -- D:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/09/19 18:06:14 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/09/19 18:04:56 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgemc.exe
PRC - [2009/09/19 18:06:12 | 00,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgcsrvx.exe
PRC - [2009/02/06 14:41:05 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/09/19 18:05:41 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/07/26 16:44:34 | 03,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
PRC - [2009/02/06 17:07:48 | 00,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/09/17 22:54:17 | 03,055,616 | ---- | M] (Crawler.com) -- D:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2008/10/17 13:39:50 | 02,810,880 | ---- | M] (mIRC Co. Ltd.) -- D:\Program Files\mIRC\mirc.exe
PRC - [2009/08/25 01:15:03 | 00,908,280 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/09/17 21:48:17 | 00,514,560 | ---- | M] (OldTimer Tools) -- D:\Software\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2005/11/10 22:43:12 | 00,389,120 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Disabled | Stopped])
SRV - [2009/09/19 18:04:56 | 00,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running])
SRV - [2009/09/19 18:05:17 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2009/09/19 22:36:44 | 00,723,632 | ---- | M] (COMODO) -- D:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe -- (cmdAgent [Auto | Running])
SRV - [2004/08/04 15:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2006/06/29 12:12:34 | 00,376,832 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [Disabled | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/09/17 22:54:17 | 00,487,424 | ---- | M] (Crawler.com) -- D:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2009/09/19 18:26:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009/09/24 01:31:57 | 00,000,000 | ---D | M]

[2009/09/19 18:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Usman\Application Data\mozilla\Extensions
[2009/09/19 18:27:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Usman\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/22 19:11:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Usman\Application Data\mozilla\Firefox\Profiles\l2pgz11y.default\extensions
[2009/09/19 22:08:23 | 00,000,713 | ---- | M] () -- C:\Documents and Settings\Usman\Application Data\Mozilla\FireFox\Profiles\l2pgz11y.default\searchplugins\webster.xml
[2009/09/19 22:09:18 | 00,004,153 | ---- | M] () -- C:\Documents and Settings\Usman\Application Data\Mozilla\FireFox\Profiles\l2pgz11y.default\searchplugins\youtube.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] D:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] D:\Program Files\Comodo\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SpywareTerminator] D:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.82.48.236 203.82.48.4
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/17 20:05:42 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/23 15:37:55 | 00,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009/09/23 15:37:56 | 00,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/09/24 18:28:25 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D600.MRK
[2009/09/24 18:28:25 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_LAT_D600.MRK
[2009/09/24 18:24:37 | 00,000,666 | ---- | C] () -- C:\WINDOWS\speed.reg
[2009/09/24 18:20:06 | 00,191,872 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\drivers\SynTP.sys
[2009/09/24 18:20:06 | 00,094,299 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPAPI.dll
[2009/09/24 18:20:06 | 00,081,920 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
[2009/09/24 18:20:06 | 00,069,723 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
[2009/09/24 18:20:05 | 00,114,688 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCtrl.dll
[2009/09/24 18:20:05 | 00,082,014 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynCOM.dll
[2009/09/24 18:20:04 | 00,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2009/09/24 18:15:05 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/09/24 18:15:01 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009/09/24 18:13:17 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/09/24 18:11:58 | 00,016,128 | ---- | C] (Dell Inc) -- C:\WINDOWS\System32\drivers\APPDRV.SYS
[2009/09/24 18:08:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2009/09/24 18:08:36 | 00,000,000 | ---D | C] -- C:\Program Files\Dell
[2009/09/24 10:50:08 | 02,063,362 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\plugin-ahi02-1.pdf
[2009/09/24 01:53:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/09/24 01:31:54 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009/09/24 01:31:08 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/09/24 01:31:07 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009/09/24 01:27:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2009/09/24 01:26:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Local Settings\Application Data\Microsoft Help
[2009/09/24 01:26:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2009/09/23 19:52:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\Foxit
[2009/09/23 19:36:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\TrueCrypt
[2009/09/23 19:35:57 | 00,215,872 | ---- | C] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2009/09/23 19:32:04 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\Usman\Desktop\CCleaner.lnk
[2009/09/23 18:59:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\My Documents\Laws
[2009/09/23 18:59:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\My Documents\IFRS
[2009/09/23 18:59:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\My Documents\ICAEW
[2009/09/23 18:59:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\My Documents\ACFE
[2009/09/23 18:59:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\My Documents\ACCA
[2009/09/23 18:59:38 | 00,029,260 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\WayToWealth.pdf
[2009/09/23 18:59:38 | 00,013,532 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\WallTech Pakistan.xlsx
[2009/09/23 18:59:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\My Documents\AABS
[2009/09/23 18:59:36 | 00,004,455 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\ujavaid_1236595518973.pdf
[2009/09/23 18:59:35 | 12,581,434 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\tqr_mar08.pdf
[2009/09/23 18:59:35 | 00,040,960 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Research schedule.doc
[2009/09/23 18:59:35 | 00,039,424 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Timetable.xls
[2009/09/23 18:59:35 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Targets.doc
[2009/09/23 18:59:35 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\New Year's Resolutions 2009.doc
[2009/09/23 18:59:35 | 00,017,408 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Revision Plan.xls
[2009/09/23 18:59:35 | 00,014,297 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Saving Account.xlsx
[2009/09/23 18:59:35 | 00,005,057 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\My Favorite Theme.theme
[2009/09/23 18:59:32 | 20,702,358 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\MCAS Study Guide.pdf
[2009/09/23 18:59:32 | 03,404,663 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\M763_M863_UG_GLB_en.pdf
[2009/09/23 18:59:32 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Massacre.doc
[2009/09/23 18:59:32 | 00,012,276 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Manager.docx
[2009/09/23 18:59:31 | 04,622,737 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\M763_M863_MD863_exUG_GLB_en.pdf
[2009/09/23 18:59:31 | 01,349,956 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Guide_to_Investors.pdf
[2009/09/23 18:59:31 | 00,496,051 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\EY_Code_of_Conduct.pdf
[2009/09/23 18:59:31 | 00,187,495 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Geo List of Firms Pakistan .pdf
[2009/09/23 18:59:31 | 00,154,167 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\cyw_17_fundraising.pdf
[2009/09/23 18:59:31 | 00,148,476 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Ernst_Young.pdf
[2009/09/23 18:59:31 | 00,078,848 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Copy_of_ICAPtimesheet.xls
[2009/09/23 18:59:31 | 00,070,356 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\financial_crisis.pdf
[2009/09/23 18:59:31 | 00,037,714 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Digital Operandii.docx
[2009/09/23 18:59:31 | 00,025,088 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Goals 2008.doc
[2009/09/23 18:59:31 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Ethics module.doc
[2009/09/23 18:59:31 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\IDP.doc
[2009/09/23 18:59:31 | 00,023,552 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Desire.doc
[2009/09/23 18:59:31 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Goals 2009.doc
[2009/09/23 18:59:31 | 00,015,360 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Jhelum claim.xls
[2009/09/23 18:59:31 | 00,005,695 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Dell.Theme
[2009/09/23 18:59:31 | 00,002,333 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Firm.mm
[2009/09/23 18:59:30 | 00,984,618 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Computational Finance.pdf
[2009/09/23 18:59:30 | 00,707,584 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\AICPA Practice Alert_03_02.pdf
[2009/09/23 18:59:30 | 00,084,223 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Arthur Andersen.pdf
[2009/09/23 18:59:30 | 00,046,435 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Bridging-Finance-Guide.pdf
[2009/09/23 18:59:30 | 00,037,888 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Chronicles.doc
[2009/09/23 18:59:30 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Blonde book list.doc
[2009/09/23 18:59:30 | 00,024,064 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Books.doc
[2009/09/23 18:59:30 | 00,020,992 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Budget.xls
[2009/09/23 18:59:30 | 00,013,329 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Balance of Chaos.docx
[2009/09/23 18:59:30 | 00,006,587 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\Advanced Financial Managment.mm
[2009/09/23 18:59:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\My Documents\SRO
[2009/09/23 18:59:27 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Usman\My Documents\My Videos
[2009/09/23 18:59:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\My Documents\RAP
[2009/09/23 18:57:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\WinRAR
[2009/09/23 15:37:55 | 00,000,000 | RHSD | C] -- C:\autorun.inf
[2009/09/23 15:25:45 | 00,000,810 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\GnuCash.lnk
[2009/09/23 13:54:11 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Usman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 13:47:38 | 02,299,536 | ---- | C] () -- C:\Documents and Settings\Usman\My Documents\InvestingMadeSimple.pdf
[2009/09/23 13:28:55 | 00,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2009/09/22 22:41:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/09/22 22:39:15 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/09/22 22:31:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\Sun
[2009/09/22 19:56:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\EffectResources
[2009/09/22 19:55:26 | 00,049,152 | ---- | C] (ZSMCSNAP) -- C:\WINDOWS\vmsnap3.exe
[2009/09/22 19:55:26 | 00,049,152 | ---- | C] (Vimicro) -- C:\WINDOWS\Domino.exe
[2009/09/22 19:55:24 | 00,428,160 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\drivers\vmfilter303.sys
[2009/09/22 19:55:24 | 00,392,122 | ---- | C] (Vimicro Corporation) -- C:\WINDOWS\System32\drivers\usbVM303.sys
[2009/09/22 19:55:24 | 00,081,920 | ---- | C] (VM) -- C:\WINDOWS\System32\VM303STI.dll
[2009/09/22 19:55:23 | 00,102,400 | ---- | C] (www.zsmc.com.cn) -- C:\WINDOWS\VM303Cap.exe
[2009/09/22 19:55:22 | 00,258,188 | ---- | C] (Vimicro) -- C:\WINDOWS\System32\VM303Prp.Ax
[2009/09/22 19:55:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/09/22 19:55:10 | 00,000,000 | ---D | C] -- C:\Program Files\Vimicro
[2009/09/22 19:54:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\InstallShield
[2009/09/20 07:38:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\Macromedia
[2009/09/20 07:38:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\Adobe
[2009/09/19 23:39:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2009/09/19 23:30:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\My Documents\My Received Files
[2009/09/19 23:25:24 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/09/19 23:25:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/09/19 23:25:02 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/09/19 23:24:35 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/09/19 23:12:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/09/19 22:49:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\mIRC
[2009/09/19 22:40:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\My Documents\Downloads
[2009/09/19 22:21:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/09/19 22:19:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/09/19 22:18:04 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/09/19 22:18:04 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/09/19 19:18:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/09/19 18:51:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/09/19 18:26:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/19 18:25:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Local Settings\Application Data\Mozilla
[2009/09/19 18:25:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\Mozilla
[2009/09/18 01:18:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/09/18 00:55:09 | 00,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/09/18 00:55:08 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/09/18 00:55:06 | 01,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/09/18 00:55:06 | 00,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/09/18 00:55:06 | 00,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/09/18 00:55:05 | 00,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/09/18 00:55:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/09/18 00:55:05 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/09/18 00:55:04 | 00,000,000 | R--D | C] -- C:\Program Files
[2009/09/18 00:55:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/09/18 00:55:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/09/18 00:55:03 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/09/18 00:55:02 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009/09/18 00:55:02 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/09/18 00:55:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/09/18 00:55:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009/09/18 00:55:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/09/18 00:55:02 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/09/18 00:55:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/09/18 00:55:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009/09/18 00:55:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009/09/18 00:55:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/09/18 00:55:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/09/18 00:55:00 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/09/18 00:54:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/09/18 00:54:59 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/09/18 00:54:58 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009/09/18 00:54:58 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009/09/18 00:54:58 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/09/18 00:54:58 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/09/18 00:54:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009/09/18 00:54:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009/09/18 00:54:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/09/18 00:54:58 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/09/18 00:54:57 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009/09/18 00:54:57 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009/09/18 00:54:57 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/09/18 00:54:57 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/09/18 00:54:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/09/18 00:54:57 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/09/18 00:54:55 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009/09/18 00:54:55 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/09/18 00:54:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009/09/18 00:54:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009/09/18 00:54:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009/09/18 00:54:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/09/18 00:54:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/09/18 00:54:55 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/09/18 00:54:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/09/18 00:54:54 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/09/18 00:54:51 | 00,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/09/18 00:54:39 | 00,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/09/18 00:54:39 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/09/18 00:54:39 | 00,141,702 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/09/18 00:54:39 | 00,110,116 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/09/18 00:54:39 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/09/18 00:54:39 | 00,031,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/09/18 00:54:39 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/09/18 00:54:39 | 00,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/09/18 00:54:39 | 00,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/09/18 00:54:39 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/09/18 00:54:39 | 00,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/09/18 00:54:39 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/09/18 00:54:39 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/09/18 00:54:39 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/09/18 00:54:39 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/09/18 00:54:39 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/09/18 00:54:38 | 02,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/09/18 00:54:38 | 01,086,058 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2009/09/18 00:54:38 | 01,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2009/09/18 00:54:38 | 00,502,724 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/09/18 00:54:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/09/18 00:54:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/09/18 00:54:21 | 00,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/09/18 00:53:56 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2009/09/18 00:53:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings
[2009/09/18 00:53:55 | 00,186,608 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/18 00:53:26 | 00,000,211 | -HS- | C] () -- C:\boot.ini
[2009/09/18 00:53:20 | 00,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/09/18 00:47:15 | 00,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/09/18 00:47:15 | 00,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/09/18 00:47:15 | 00,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/09/18 00:47:15 | 00,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/09/18 00:47:15 | 00,000,000 | ---D | C] -- C:\WINDOWS
[2009/09/18 00:22:13 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/09/18 00:19:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/17 23:24:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2009/09/17 23:24:34 | 00,179,792 | ---- | C] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/17 23:24:34 | 00,132,296 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/17 23:24:34 | 00,087,104 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/17 23:24:34 | 00,025,160 | ---- | C] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/17 22:57:30 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2009/09/17 22:57:19 | 00,002,436 | ---- | C] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2009/09/17 22:54:18 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/09/17 22:54:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\Spyware Terminator
[2009/09/17 22:54:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/09/17 22:48:19 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/17 22:38:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/09/17 22:34:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/09/17 22:33:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2009/09/17 21:47:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/17 21:39:27 | 00,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/09/17 21:39:25 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/09/17 21:28:45 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/17 21:28:44 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/17 21:28:39 | 00,335,240 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/17 21:28:38 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/17 21:28:33 | 41,719,190 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/17 21:28:33 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/17 21:28:33 | 00,463,779 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/17 21:28:33 | 00,112,900 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/17 21:28:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2009/09/17 21:28:24 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/09/17 21:28:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/09/17 21:19:28 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/09/17 21:19:23 | 00,073,728 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2009/09/17 21:19:23 | 00,058,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2009/09/17 21:19:23 | 00,025,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2009/09/17 21:19:23 | 00,024,064 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ativcoxx.dll
[2009/09/17 21:19:23 | 00,000,929 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2009/09/17 21:19:22 | 01,114,674 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2009/09/17 21:19:22 | 00,110,592 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2009/09/17 21:19:17 | 00,104,376 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/09/17 21:19:17 | 00,006,020 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2009/09/17 21:19:15 | 00,040,960 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2009/09/17 21:19:15 | 00,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2009/09/17 21:11:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/09/17 21:01:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/09/17 20:49:10 | 00,102,481 | R--- | C] (SigmaTel Inc.) -- C:\WINDOWS\System32\stac97.cpl
[2009/09/17 20:47:45 | 00,000,023 | R--- | C] () -- C:\WINDOWS\System32\drivers\WLANver.tic
[2009/09/17 20:44:01 | 00,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2009/09/17 20:43:01 | 00,012,912 | ---- | C] () -- C:\Documents and Settings\Usman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/17 20:41:25 | 05,885,712 | -H-- | C] () -- C:\Documents and Settings\Usman\Local Settings\Application Data\IconCache.db
[2009/09/17 20:10:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\Identities
[2009/09/17 20:10:22 | 00,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/09/17 20:10:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Usman\My Documents\My Pictures
[2009/09/17 20:10:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Usman\My Documents\My Music
[2009/09/17 20:10:14 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Usman\Application Data\Microsoft
[2009/09/17 20:10:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Local Settings\Application Data\Microsoft
[2009/09/17 20:09:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/09/17 20:09:31 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/17 20:09:31 | 00,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/09/17 20:09:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/17 20:09:20 | 00,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/09/17 20:08:40 | 00,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/17 20:08:28 | 00,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/09/17 20:08:01 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/09/17 20:08:01 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/09/17 20:08:01 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/09/17 20:07:57 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/09/17 20:07:57 | 00,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/09/17 20:07:55 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/09/17 20:07:35 | 00,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/09/17 20:07:34 | 01,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/09/17 20:07:28 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/09/17 20:07:27 | 00,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/09/17 20:07:25 | 00,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/09/17 20:07:16 | 13,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/09/17 20:07:12 | 00,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/09/17 20:07:08 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/09/17 20:07:05 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2009/09/17 20:07:05 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2009/09/17 20:07:05 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2009/09/17 20:06:56 | 00,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/09/17 20:06:54 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/09/17 20:06:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/09/17 20:06:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/09/17 20:06:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/09/17 20:06:53 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/09/17 20:06:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/09/17 20:06:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/09/17 20:06:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/09/17 20:06:53 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/09/17 20:06:52 | 00,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/09/17 20:06:52 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/09/17 20:06:52 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/09/17 20:06:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/09/17 20:06:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/09/17 20:06:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/09/17 20:06:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/09/17 20:06:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/09/17 20:06:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/09/17 20:06:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/09/17 20:06:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/09/17 20:06:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/09/17 20:06:52 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/09/17 20:06:51 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/09/17 20:06:51 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/09/17 20:06:51 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/09/17 20:06:50 | 00,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/09/17 20:06:50 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/09/17 20:06:50 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/09/17 20:06:50 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/09/17 20:06:50 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/09/17 20:06:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/09/17 20:06:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/09/17 20:06:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/09/17 20:06:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/09/17 20:06:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/09/17 20:06:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/09/17 20:06:50 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/09/17 20:06:49 | 00,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/09/17 20:06:49 | 00,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/09/17 20:06:49 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/09/17 20:06:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/09/17 20:06:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/09/17 20:06:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/09/17 20:06:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/09/17 20:06:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/09/17 20:06:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/09/17 20:06:49 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/09/17 20:06:48 | 00,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/09/17 20:06:48 | 00,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/09/17 20:06:47 | 00,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/09/17 20:06:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/09/17 20:06:26 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/09/17 20:06:26 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/09/17 20:06:12 | 00,000,000 | ---D | C] -- C:\DELL
[2009/09/17 20:06:02 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2009/09/17 20:05:42 | 00,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/17 20:05:42 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009/09/17 20:05:42 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2009/09/17 20:05:42 | 00,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2009/09/17 20:05:42 | 00,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2009/09/17 20:05:35 | 00,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/09/17 20:05:35 | 00,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/09/17 20:05:34 | 00,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/09/17 20:04:20 | 00,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/09/17 20:04:20 | 00,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/09/17 20:04:19 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/09/17 20:04:19 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/09/17 20:04:08 | 00,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/09/17 20:03:54 | 04,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/09/17 20:03:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/09/17 20:03:25 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/09/17 20:03:25 | 00,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/09/17 20:03:18 | 00,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/09/17 20:03:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/09/17 20:03:13 | 00,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/09/17 20:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/09/17 20:03:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/09/17 20:03:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/09/17 20:03:04 | 00,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2009/09/17 20:02:58 | 00,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/09/17 20:02:52 | 00,376,320 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2009/09/17 20:02:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/09/17 20:02:45 | 00,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/09/17 20:02:42 | 00,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/09/17 20:02:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/09/17 20:02:29 | 00,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/09/17 20:02:27 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/09/17 20:02:03 | 00,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/17 20:01:49 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/09/17 20:01:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/09/17 20:01:29 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/09/17 20:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/09/17 20:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/09/17 20:01:22 | 00,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/09/17 20:01:18 | 00,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/09/17 20:01:03 | 00,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/09/17 20:01:03 | 00,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/09/17 20:01:03 | 00,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/09/17 20:01:03 | 00,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/09/17 20:01:03 | 00,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/09/17 20:01:03 | 00,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/09/17 20:01:02 | 00,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/09/17 20:01:02 | 00,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/09/17 20:01:02 | 00,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/09/17 20:01:02 | 00,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/09/17 20:01:02 | 00,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/09/17 20:01:02 | 00,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/09/17 20:01:02 | 00,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/09/17 20:01:01 | 00,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/09/17 20:01:01 | 00,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/09/17 20:01:01 | 00,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/09/17 20:01:01 | 00,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/09/17 20:01:01 | 00,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/09/17 20:01:01 | 00,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/09/17 20:00:59 | 00,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/09/17 20:00:59 | 00,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/09/17 20:00:58 | 00,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/09/17 20:00:51 | 00,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/09/17 20:00:40 | 00,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/09/17 20:00:39 | 00,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2009/09/17 20:00:38 | 00,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/09/17 20:00:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/09/17 20:00:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/09/17 20:00:18 | 00,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/09/17 19:53:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Usman\Application Data\Malwarebytes
[2009/09/17 19:52:59 | 00,000,562 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/17 19:52:57 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/17 19:52:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/17 19:52:51 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/17 19:51:44 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/09/17 19:51:22 | 00,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2009/09/17 19:51:21 | 00,129,291 | R--- | C] () -- C:\WINDOWS\System32\drivers\del5422.cty

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/09/24 21:52:37 | 41,719,190 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/09/24 21:51:31 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/24 21:50:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/24 21:50:49 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/24 21:49:45 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/24 21:49:45 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/24 21:49:45 | 00,000,211 | -HS- | M] () -- C:\boot.ini
[2009/09/24 18:28:25 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_LAT_D600.MRK
[2009/09/24 18:28:25 | 00,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_LAT_D600.MRK
[2009/09/24 18:14:56 | 00,002,436 | ---- | M] () -- C:\WINDOWS\System32\BIN_STRSBW.SPT
[2009/09/24 18:13:17 | 00,000,004 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2009/09/24 10:46:53 | 02,063,362 | ---- | M] () -- C:\Documents and Settings\Usman\My Documents\plugin-ahi02-1.pdf
[2009/09/24 03:12:25 | 05,885,712 | -H-- | M] () -- C:\Documents and Settings\Usman\Local Settings\Application Data\IconCache.db
[2009/09/24 01:56:22 | 00,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/24 01:51:43 | 00,347,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/09/24 01:51:43 | 00,305,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/24 01:51:43 | 00,038,162 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/23 19:35:57 | 00,215,872 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys
[2009/09/23 15:25:45 | 00,000,810 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GnuCash.lnk
[2009/09/23 13:54:12 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\Usman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/23 13:48:39 | 02,299,536 | ---- | M] () -- C:\Documents and Settings\Usman\My Documents\InvestingMadeSimple.pdf
[2009/09/22 18:16:13 | 00,112,900 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/09/19 23:26:54 | 00,012,912 | ---- | M] () -- C:\Documents and Settings\Usman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/19 22:40:43 | 00,179,792 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2009/09/19 22:40:36 | 00,087,104 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2009/09/19 22:40:31 | 00,025,160 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2009/09/19 22:40:27 | 00,132,296 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdguard.sys
[2009/09/19 18:26:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2009/09/19 18:06:14 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2009/09/19 18:06:13 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2009/09/19 18:06:13 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2009/09/17 22:57:30 | 00,000,044 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2009/09/17 22:54:17 | 00,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009/09/17 22:20:34 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\Usman\Desktop\CCleaner.lnk
[2009/09/17 21:38:24 | 00,463,779 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/17 21:28:44 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2009/09/17 21:28:33 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2009/09/17 20:09:20 | 00,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/09/17 20:08:45 | 00,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/09/17 20:05:42 | 00,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/17 20:05:42 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/09/17 20:05:42 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/09/17 20:05:42 | 00,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2009/09/17 20:05:42 | 00,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/09/17 20:05:42 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/17 20:05:36 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/09/17 20:05:35 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/09/17 20:05:35 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/09/17 20:05:22 | 00,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/17 20:04:19 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/09/17 20:04:19 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/09/17 20:04:13 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/09/17 20:02:03 | 00,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/17 20:01:46 | 00,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/09/17 20:01:46 | 00,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/09/17 19:52:59 | 00,000,562 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/16 20:26:22 | 00,000,023 | R--- | M] () -- C:\WINDOWS\System32\drivers\WLANver.tic
[2009/09/16 20:26:15 | 00,129,291 | R--- | M] () -- C:\WINDOWS\System32\drivers\del5422.cty
[2009/09/16 20:26:13 | 00,102,481 | R--- | M] (SigmaTel Inc.) -- C:\WINDOWS\System32\stac97.cpl

========== LOP Check ==========

[2009/09/24 18:13:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/19 23:39:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2009/09/24 23:36:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/09/18 00:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/09/24 18:24:28 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Usman\Application Data
[2009/09/23 19:52:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Usman\Application Data\Foxit
[2009/09/25 00:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Usman\Application Data\mIRC
[2009/09/23 19:51:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Usman\Application Data\Spyware Terminator
[2009/09/23 19:36:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Usman\Application Data\TrueCrypt
[2004/08/04 15:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/24 21:50:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2004/08/04 15:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2004/08/04 15:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >


EXTRAS

OTL Extras logfile created on: 9/25/2009 12:27:06 AM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = D:\Software
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.41% Memory free
3.85 Gb Paging File | 3.22 Gb Available in Paging File | 83.60% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.18 Gb Total Space | 24.21 Gb Free Space | 70.83% Space Free | Partition Type: NTFS
Drive D: | 21.66 Gb Total Space | 17.30 Gb Free Space | 79.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WINTERMUTE
Current User Name: Usman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\AVG\AVG8\avgemc.exe" = D:\Program Files\AVG\AVG8\avgemc.exe:*:Disabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG8\avgnsx.exe" = D:\Program Files\AVG\AVG8\avgnsx.exe:*:Disabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\AVG\AVG8\avgupd.exe" = D:\Program Files\AVG\AVG8\avgupd.exe:*:Disabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"D:\Program Files\gnucash\bin\gconfd-2.exe" = D:\Program Files\gnucash\bin\gconfd-2.exe:*:Disabled:GConf Settings Manager -- ()
"D:\Program Files\gnucash\bin\gnucash-bin.exe" = D:\Program Files\gnucash\bin\gnucash-bin.exe:*:Disabled:GnuCash Free Finance Manager -- ()
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Disabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = A4 TECH PC Camera H
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Autorun Eater_is1" = Autorun Eater v2.4
"AVG8Uninstall" = AVG Free 8.5
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"COMODO Internet Security" = COMODO Internet Security
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"GnuCash_is1" = GnuCash 2.3.3
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"mIRC" = mIRC
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"PROPLUS" = Microsoft Office Professional Plus 2007
"Spyware Terminator_is1" = Spyware Terminator
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueCrypt" = TrueCrypt
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/17/2009 12:52:08 PM | Computer Name = WINTERMUTE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/17/2009 12:52:08 PM | Computer Name = WINTERMUTE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/17/2009 1:03:02 PM | Computer Name = WINTERMUTE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 9/17/2009 1:03:03 PM | Computer Name = WINTERMUTE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 9/22/2009 10:24:13 AM | Computer Name = WINTERMUTE | Source = Application Error | ID = 1000
Description = Faulting application avgcmgr.exe, version 8.5.0.401, faulting module
msvcr80.dll, version 8.0.50727.762, fault address 0x000046b4.

Error - 9/22/2009 1:50:26 PM | Computer Name = WINTERMUTE | Source = Application Error | ID = 1000
Description = Faulting application domino.exe, version 4.2.1124.6, faulting module
ntdll.dll, version 5.1.2600.3520, fault address 0x0001a344.

Error - 9/23/2009 4:13:09 AM | Computer Name = WINTERMUTE | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 9/23/2009 4:13:09 AM | Computer Name = WINTERMUTE | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 9/23/2009 4:16:24 AM | Computer Name = WINTERMUTE | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 9/23/2009 4:16:24 AM | Computer Name = WINTERMUTE | Source = WindowsLiveMessenger | ID = 15728647
Description =

[ System Events ]
Error - 9/17/2009 12:18:09 PM | Computer Name = WINTERMUTE | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 9/17/2009 12:18:09 PM | Computer Name = WINTERMUTE | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for D:\Program Files\AVG\AVG8\avgpp.dll.
Reference
error message: The operation completed successfully. .

Error - 9/17/2009 12:22:10 PM | Computer Name = WINTERMUTE | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/17/2009 4:20:00 PM | Computer Name = WINTERMUTE | Source = System Error | ID = 1003
Description = Error code 100000d1, parameter1 00000000, parameter2 00000010, parameter3
00000000, parameter4 00000000.

Error - 9/17/2009 4:29:33 PM | Computer Name = WINTERMUTE | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000CF14FBF17. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 9/17/2009 5:04:41 PM | Computer Name = WINTERMUTE | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 000CF14FBF17. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 9/19/2009 9:11:12 AM | Computer Name = WINTERMUTE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the avg8wd service.

Error - 9/24/2009 9:09:30 AM | Computer Name = WINTERMUTE | Source = Service Control Manager | ID = 7000
Description = The OMCI service failed to start due to the following error: %%2

Error - 9/24/2009 9:19:04 AM | Computer Name = WINTERMUTE | Source = Service Control Manager | ID = 7000
Description = The OMCI service failed to start due to the following error: %%2

Error - 9/24/2009 9:23:05 AM | Computer Name = WINTERMUTE | Source = Service Control Manager | ID = 7000
Description = The OMCI service failed to start due to the following error: %%2


< End of report >


MBAM LOG

Malwarebytes' Anti-Malware 1.41
Database version: 2856
Windows 5.1.2600 Service Pack 2

9/25/2009 1:20:57 AM
mbam-log-2009-09-25 (01-20-57).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 119580
Time elapsed: 40 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


RootRepeal LOG

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/25 00:23
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB7B55000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79BB000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB4A3F000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d4288e

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d420ec

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d41dce

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d43938

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d41ed8

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d41fc2

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d42bbc

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d423f4

#: 224 Function Name: NtSetInformationFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d42526

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d41bfc

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d42b04

#: 274 Function Name: NtWriteFile
Status: Hooked by "C:\WINDOWS\system32\drivers\sp_rsdrv2.sys" at address 0xb7d4270c

==EOF==
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP