Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Backdoor.MaosBoot virus. Pls help... [Solved]

Started by krazedchick , Jul 05 2010 09:27 PM

This topic is locked

#1
krazedchick

Posted 05 July 2010 - 09:27 PM

Member

Member
12 posts

I believe I have gotten a virus called Backdoor.maosboot and it's taking over my computer. I run windows XP but can no longer load windows normally. If I do it only loads past the windows logo and then stops on a black screen with a moving mouse cursor. I can load in safe mode, however I do encounter a lot of freezing while running programs. I can no longer run my anti-virus program and when I uninstall and reinstall it there comes up an error with a windows file I seem to be missing. I constantly have pop-ups coming up in new tabs and new windows which is sometimes the cause for it freezing. Now just today a blue screen came up with a bunch of writing. Some things written were
- sisnic.sys _address F7AF7EAD base at F7Af6000 datestamp 3f9f725d
- driver_irql_not_less_or_equal
- 0X000000D1
If anyone knows how to remove it any help would be greatly appreciated. Thank you!!

#2
Rorschach112

Posted 08 July 2010 - 01:19 PM

Ralphie

Retired Staff
47,710 posts

where do you want help, here or at Techguy ?

http://forums.techgu...boot-virus.html

#3
krazedchick

Posted 08 July 2010 - 02:42 PM

Member

Topic Starter
Member
12 posts

Help here will be fine thank you!!! I've been trying to install Dr.Web but it comes up "The system administrator has set policies to prevent installation." I can only run my computer in safemode so I'm not sure if that is causing the roadblock or if it's the virus. My AVG has been taken over and I can't run the program or re-install it. So where do I start??

#4
Rorschach112

Posted 08 July 2010 - 05:17 PM

Ralphie

Retired Staff
47,710 posts

First off you need to tell them to close the topic

Then do the steps here

http://www.geekstogo...uide-t2852.html

#5
krazedchick

Posted 09 July 2010 - 12:32 PM

Member

Topic Starter
Member
12 posts

Okay, I am not sure how to delete the other thread so I clicked solved??
I ran the TFC program and was prompted to reboot my computer.
Ran the ERUNT and created a backup to my desktop.
I already had Malwarebytes Anti-Malware so I did a scan with it and it removed 2 entries both Trojan. Here is the result from that scan.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4294

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

01/01/2003 6:39:38 AM
mbam-log-2003-01-01 (06-39-38).txt

Scan type: Quick scan
Objects scanned: 155213
Time elapsed: 6 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ndaciluvun (Trojan.Hiloti) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\nmsmsex.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

Next I tried to install an anti-virus program since I was using AVG and it was taken over and would no longer load. I don't believe I have a legit copy of windows so the Microsoft Security wasn't an option. I first tried Anti-Vir and received the following error.

Installation of the Microsoft Runtime Redistribution Kit has failed.

The probable cause is a windows update running in parallel. Please check whether a Windows update is in progress and run Avira Anti-Vir Personal Free Antivirus setup again a little later.

If installation fails again, please contact Avira Support.

Setup will close.

So i try to download Avast and it seems to work the installation goes fine and it says completed. So i try to load the program and I get an error message.

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

This application has failed to start because the application configuration is incorrect. Reinstalling the application may fix this problem.

I uninstall the program, reboot my computer as instructed by the uninstaller and then I reinstall the program. Get the same message. So I continue on with the steps in the link you sent me.

I Did a GMER rootkit scan. Wasn't asked to run a full scan and had to uncheck the IAT/EAT box only. Here is a copy of this results. First Extras.txt and then OTL.txt

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2003-01-01 16:32:58
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\B\LOCALS~1\Temp\pxtdqpow.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior;
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[1528] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00CEB8F9
.text C:\WINDOWS\Explorer.EXE[1528] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00CEB564
.text C:\WINDOWS\Explorer.EXE[1528] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00CEB485
.text C:\WINDOWS\Explorer.EXE[1528] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00CEB7AA
.text C:\WINDOWS\Explorer.EXE[1528] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00CEB637

---- EOF - GMER 1.0.15 ----

I also ran OTL and here are the results from that

OTL Extras logfile created on: 01/01/2003 4:34:03 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\B\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 768.00 Mb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.07 Gb Total Space | 2.29 Gb Free Space | 12.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.53 Gb Total Space | 18.06 Gb Free Space | 24.24% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BS
Current User Name: B
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2963:TCP" = 2963:TCP:*:Enabled:Services
"4426:TCP" = 4426:TCP:*:Enabled:Services
"4286:TCP" = 4286:TCP:*:Enabled:Services
"7072:TCP" = 7072:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"80:TCP" = 80:TCP:*:Enabled:Services
"443:TCP" = 443:TCP:*:Enabled:Services
"6911:TCP" = 6911:TCP:*:Enabled:Services
"6912:TCP" = 6912:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"9000:TCP" = 9000:TCP:*:Enabled:MSNSound
"1863:TCP" = 1863:TCP:*:Enabled:MSNSound2
"6891:TCP" = 6891:TCP:*:Enabled:MSNSound3
"6892:TCP" = 6892:TCP:*:Enabled:MSNSound4
"6893:TCP" = 6893:TCP:*:Enabled:MSNSound5
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"2963:TCP" = 2963:TCP:*:Enabled:Services
"4426:TCP" = 4426:TCP:*:Enabled:Services
"4286:TCP" = 4286:TCP:*:Enabled:Services
"7072:TCP" = 7072:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"6911:TCP" = 6911:TCP:*:Enabled:Services
"6912:TCP" = 6912:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\aMSN\bin\wish.exe" = C:\Program Files\aMSN\bin\wish.exe:*:Enabled:Wish Application -- File not found
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- File not found
"C:\Documents and Settings\B\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\B\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- File not found
"C:\Program Files\uTorrent\uTorrent .exe" = C:\Program Files\uTorrent\uTorrent .exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Documents and Settings\B\My Documents\Downloads\utorrent.exe" = C:\Documents and Settings\B\My Documents\Downloads\utorrent.exe:*:Enabled:µTorrent -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{086D5B9E-1883-4FC6-B58B-F76CEC11CC6D}" = WN-G54/BB
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2C2667A0-C2C0-11DB-6784-E26B6A5618BE}" = 310-LOAN BSC
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{3AA75ADB-113C-4FA1-954E-DD3E76BC1524}" = D-Link Wireless 150 USB Adapter DWA-125
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5EE83279-5FEA-4885-823A-B90C23A72DF0}" = D-Link Wireless 150 USB Adapter DWA-125
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.14
"DivX Setup.divx.com" = DivX Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"Foxit Reader" = Foxit Reader
"HaaliMkx" = Haali Media Splitter
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LimeWire" = LimeWire 5.4.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SpywareGuard_is1" = SpywareGuard v2.2
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 05/05/2010 1:26:30 AM | Computer Name = BS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 05/05/2010 5:00:07 PM | Computer Name = BS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 05/05/2010 5:00:08 PM | Computer Name = BS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This network connection does not exist.

Error - 05/05/2010 7:00:14 PM | Computer Name = BS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 05/05/2010 9:52:49 PM | Computer Name = BS | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 06/05/2010 5:37:29 AM | Computer Name = BS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x0009192b.

Error - 08/05/2010 12:08:28 AM | Computer Name = BS | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....D8050B566A.crt>
with error: The connection with the server was terminated abnormally

Error - 08/05/2010 12:08:28 AM | Computer Name = BS | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:
<http://www.download....D8050B566A.crt>
with error: This network connection does not exist.

Error - 10/05/2010 6:00:58 PM | Computer Name = BS | Source = WindowsLiveMessenger | ID = 15728647
Description =

Error - 10/05/2010 6:41:36 PM | Computer Name = BS | Source = Application Error | ID = 1000
Description = Faulting application ANIWZCSdS.exe, version 1.0.3.7034, faulting module
user32.dll, version 5.1.2600.5512, fault address 0x00014acd.

[ System Events ]
Error - 02/07/2010 1:02:37 PM | Computer Name = BS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AvgLdx86 AvgMfx86 Fips intelppm

Error - 02/07/2010 1:03:33 PM | Computer Name = BS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 02/07/2010 1:03:33 PM | Computer Name = BS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFC. Reference error
message: The referenced assembly is not installed on your system. .

Error - 02/07/2010 1:03:33 PM | Computer Name = BS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\AVG\AVG8\avglvex.dll.
Reference
error message: The operation completed successfully. .

Error - 02/07/2010 1:14:23 PM | Computer Name = BS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/07/2010 10:20:29 AM | Computer Name = BS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/07/2010 11:32:43 AM | Computer Name = BS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/07/2010 11:33:51 AM | Computer Name = BS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

Error - 07/07/2010 11:43:43 AM | Computer Name = BS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 07/07/2010 11:44:20 AM | Computer Name = BS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm

< End of report >

OTL logfile created on: 01/01/2003 4:34:03 PM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\B\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1,023.00 Mb Total Physical Memory | 768.00 Mb Available Physical Memory | 75.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.07 Gb Total Space | 2.29 Gb Free Space | 12.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74.53 Gb Total Space | 18.06 Gb Free Space | 24.24% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BS
Current User Name: B
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/01/01 06:24:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B\My Documents\Downloads\OTL.exe

========== Modules (SafeList) ==========

MOD - [2008/04/14 07:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2003/01/01 06:24:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\B\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/02/26 12:46:40 | 000,147,456 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ANIWConnService.exe -- (ANIWConnService)
SRV - [2007/06/29 19:16:56 | 000,800,040 | ---- | M] (Nero AG) [On_Demand | Stopped] -- E:\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2007/01/19 10:49:26 | 000,049,152 | ---- | M] (Wireless Service) [Auto | Stopped] -- C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2005/09/02 17:39:00 | 000,044,544 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\SantSvc.exe -- (SantSvc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vdfx.sys -- (vkrnqdvo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\2C9.tmp -- ({7BBB90C3-0FF2-4D49-B2E93966CAE2C025})
DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/02/05 20:11:44 | 000,015,781 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2009/07/21 11:30:48 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/04/15 13:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/02/09 17:10:04 | 000,029,411 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2008/04/14 07:00:00 | 000,036,352 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\intelppm.sys -- (intelppm)
DRV - [2008/04/14 07:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/04/13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 17:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2006/11/06 13:19:31 | 000,015,360 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2005/09/02 17:39:00 | 000,018,944 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\SantFilt.sys -- (SantFilt)
DRV - [2005/04/08 12:34:46 | 000,349,984 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PRISMA02.sys -- (PRISM_A02)
DRV - [2004/03/19 19:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 10:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/06/09 03:44:32 | 000,113,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2003/06/09 03:44:22 | 000,494,384 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2003/06/09 03:42:28 | 000,819,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2001/08/17 14:05:20 | 000,031,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OVCE.sys -- (QCEmerald)
DRV - [2001/08/17 14:05:06 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OVSound2.sys -- (lusbaudio)
DRV - [2001/08/17 11:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...ISze8HTmrczXtEw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?l...ca&OCID=FW69157
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 87 17 05 80 64 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...?s=DEF&v=19&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://searchwithlil...swagbucks.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..keyword.URL: "http://www.fastbrows...6F80195927}&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2003/01/01 09:28:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2003/01/01 09:28:49 | 000,000,000 | ---D | M]

[2009/10/05 21:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Mozilla\Extensions
[2009/10/05 21:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Mozilla\Extensions\[email protected]
[2010/07/02 09:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\csy4jfyb.default\extensions
[2010/05/03 22:18:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\csy4jfyb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/02/23 07:28:20 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\csy4jfyb.default\searchplugins\bing.xml
[2003/01/01 18:01:37 | 000,009,977 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\csy4jfyb.default\searchplugins\mywebsearch.xml
[2010/07/02 09:18:26 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/19 20:24:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/10/13 16:17:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2003/01/01 08:34:48 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2003/01/01 08:34:49 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2010/05/21 02:15:17 | 000,395,292 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 13652 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\FML\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\B\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKCU\..Trusted Domains: bmo.com ([www1] https in Trusted sites)
O15 - HKCU\..Trusted Domains: facebook.com ([login] https in Trusted sites)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 64.59.144.92 64.59.144.93
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\B\Local Settings\Application Data\Microsoft\Wallpaper2.bmp
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/01/01 00:24:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\Shell - "" = AutoRun
O33 - MountPoints2\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\Shell\AutoRun\command - "" = F:\DYBB.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/28 10:08:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\New Folder (6)
[2010/06/27 07:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\New Folder (5)
[2010/06/25 08:42:42 | 001,327,189 | ---- | C] (Funk Software, Inc.) -- C:\WINDOWS\System32\odSupp_M.dll
[2010/06/25 08:42:42 | 000,700,416 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\ANIWZCS2.dll
[2010/06/25 08:42:42 | 000,270,336 | ---- | C] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll
[2010/06/25 08:42:11 | 000,011,904 | ---- | C] (ANI ) -- C:\WINDOWS\System32\anio4.sys
[2010/06/25 08:41:54 | 000,204,800 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2010/06/25 08:41:53 | 001,110,016 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2010/06/25 08:41:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\InstallShield
[2010/06/24 18:56:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\New Folder (4)
[2010/06/19 14:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\ujtwmdjux
[2010/06/19 12:11:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\New Folder (3)
[2010/06/19 11:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\New Folder (2)
[2010/06/19 11:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Facebook
[2010/06/17 18:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\My Documents\Nero Recode
[2010/06/17 15:55:53 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010/06/17 15:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2010/06/17 15:55:38 | 000,000,000 | ---D | C] -- C:\Program Files\Haali
[2010/05/28 20:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/05/28 20:15:06 | 000,290,816 | ---- | C] (SourceTec Software Co., LTD) -- C:\WINDOWS\System32\stFLVSource.ax
[2010/05/28 20:15:05 | 000,438,272 | ---- | C] (Gabest) -- C:\WINDOWS\System32\Mpeg2DecFilter.ax
[2010/05/28 20:15:05 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/05/28 20:15:05 | 000,217,088 | ---- | C] (-) -- C:\WINDOWS\System32\CoreFLACDecoder.ax
[2010/05/28 20:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2010/05/28 20:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2010/05/26 21:00:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Windows Server
[2010/05/26 19:03:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Windows Server
[2010/05/25 16:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/05/25 15:49:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/25 15:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/05/24 15:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010/05/24 15:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/05/24 15:02:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/05/24 12:07:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\DivX
[2010/05/24 12:04:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2010/05/22 02:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/05/21 02:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/05/21 02:04:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/05/21 01:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareGuard
[2010/05/21 01:54:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/21 01:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/05/21 01:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/19 17:03:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/05/08 16:05:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\My Documents\Nero Home
[2010/05/08 15:39:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\WMTools Downloaded Files
[2010/05/07 21:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Temp
[2010/05/06 22:58:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/06 22:36:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\GARMIN
[2010/05/06 22:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2010/05/06 22:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\I-O DATA
[2010/04/29 14:13:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/04/29 08:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/29 08:21:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/27 09:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/26 22:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/26 22:01:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/26 21:35:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\D36F17A64137DE4386AB5DCDFD0BF596
[2010/04/26 17:04:42 | 000,353,592 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/22 22:54:34 | 000,000,000 | ---D | C] -- C:\Garmin
[2010/04/22 22:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\My Documents\Pigtones
[2010/04/22 22:40:55 | 000,000,000 | ---D | C] -- C:\Program Files\Pigtones
[2010/04/22 22:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2010/04/18 17:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DivX
[2010/04/15 17:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\Videos
[2010/04/15 17:38:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\Images
[2010/04/15 17:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\Documents
[2010/04/15 17:32:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\New Folder
[2010/04/13 16:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/13 16:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/04/09 11:51:25 | 000,000,000 | ---D | C] -- C:\2010_03_28
[2010/04/01 17:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\ANI
[2010/04/01 17:27:14 | 000,000,000 | ---D | C] -- C:\Program Files\D-Link
[2010/04/01 17:02:43 | 000,221,184 | ---- | C] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2010/04/01 17:02:42 | 000,715,520 | ---- | C] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2010/03/19 20:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\skypePM
[2010/03/19 20:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Skype
[2010/03/19 20:24:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/03/19 20:24:16 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/03/19 20:24:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/03/08 12:59:18 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/23 02:57:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/02/23 02:08:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\.gstreamer-0.10
[2010/02/19 14:27:36 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 14:27:16 | 000,847,872 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 14:27:16 | 000,843,776 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 14:27:16 | 000,839,680 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2010/01/24 23:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\dvdcss
[2010/01/12 17:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/12/27 01:25:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/12/26 11:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Apple Computer
[2009/12/26 11:43:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/26 11:43:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Apple
[2009/12/26 11:42:56 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/26 11:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/26 11:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Apple Computer
[2009/12/26 00:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\My Documents\My Received Files
[2009/12/14 01:57:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009/12/14 01:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2009/11/21 13:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\ApplicationHistory
[2009/11/21 13:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\310-LOAN BSC
[2009/11/21 13:38:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2009/11/12 09:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Help
[2009/11/12 09:41:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Help
[2009/11/12 09:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Template
[2009/11/09 16:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Identities
[2009/11/09 16:28:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ASTULogTemp
[2009/11/09 15:29:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\B\My Documents\My Videos
[2009/11/09 02:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2009/11/09 02:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2009/11/09 02:31:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2009/11/01 22:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\MSNInstaller
[2009/11/01 22:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Streets and Trips Essentials
[2009/11/01 22:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Location Finder
[2009/11/01 22:21:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2009/11/01 22:21:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2009/11/01 22:21:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2009/11/01 22:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/11/01 22:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works Suite 2006
[2009/10/30 21:55:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\B\My Documents\My Pictures
[2009/10/30 15:23:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\B\My Documents\My Music
[2009/10/29 21:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Prism
[2009/10/25 06:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Foxit Software
[2009/10/22 10:12:52 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2009/10/16 08:45:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\KB905474
[2009/10/14 21:49:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\OpenOffice.org
[2009/10/13 16:18:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Foxit
[2009/10/13 16:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2009/10/12 18:06:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009/10/12 18:05:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\My Documents\NeroVision
[2009/10/12 17:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Ahead
[2009/10/12 16:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Ahead
[2009/10/12 14:39:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2009/10/12 14:39:43 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINDOWS\System32\TwnLib20.dll
[2009/10/12 14:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2009/10/12 14:38:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2009/10/12 14:38:47 | 000,000,000 | ---D | C] -- C:\Program Files\Ahead
[2009/10/11 11:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/10/10 12:43:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2009/10/09 22:19:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B\IECompatCache
[2009/10/07 21:23:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/10/07 20:53:41 | 021,822,168 | ---- | C] ( ) -- C:\Program Files\AdbeRdr80_en_US.exe
[2009/10/07 20:53:20 | 000,000,000 | ---D | C] -- C:\Temp
[2009/10/07 02:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2009/10/06 15:58:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/06 11:02:19 | 000,000,000 | ---D | C] -- C:\$AVG8.VAULT$
[2009/10/06 09:39:49 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2009/10/06 09:39:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2009/10/06 09:23:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B\PrivacIE
[2009/10/06 09:21:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B\IETldCache
[2009/10/06 09:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\My Documents\Downloads
[2009/10/06 09:14:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/06 09:14:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\$hf_mig$
[2009/10/06 09:13:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2009/10/06 09:11:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/10/05 23:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Tracing
[2009/10/05 23:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/10/05 23:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/10/05 23:44:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/10/05 23:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/10/05 23:25:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2009/10/05 23:21:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2009/10/05 21:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\My Documents\LimeWire
[2009/10/05 21:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\LimeWire
[2009/10/05 21:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\LimeWire
[2009/10/05 14:01:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/10/05 13:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/10/05 13:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2009/10/04 13:41:19 | 000,012,672 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys
[2009/10/04 13:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2009/10/04 13:27:44 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2009/10/04 13:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\uTorrent
[2009/10/04 13:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/10/04 13:23:19 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/10/04 13:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2009/10/04 13:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Sun
[2009/10/04 13:19:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/10/04 13:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/10/04 13:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Mozilla
[2009/10/04 13:16:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Mozilla
[2009/10/04 13:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/10/04 13:14:54 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/10/04 13:10:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/03 18:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek Sound Manager
[2009/10/03 18:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\AvRack
[2009/10/03 18:53:31 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2009/10/03 18:53:31 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2009/10/03 18:53:30 | 000,400,384 | ---- | C] (Sensaura) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS
[2009/10/03 18:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\VIA
[2009/10/03 18:16:28 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009/10/03 18:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2009/09/26 19:02:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009/09/26 19:01:36 | 000,000,000 | ---D | C] -- C:\ATI
[2009/09/26 18:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Identities
[2009/09/26 18:30:13 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2009/09/26 18:30:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\B\Application Data\Microsoft
[2009/09/26 18:30:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\B\Application Data
[2009/09/26 18:30:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\B\Favorites
[2009/09/26 18:30:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B\Cookies
[2009/09/26 18:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Microsoft
[2009/09/26 18:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop
[2009/09/26 18:30:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\B\SendTo
[2009/09/26 18:30:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\B\Start Menu
[2009/09/26 18:30:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\B\My Documents
[2009/09/26 18:30:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\B\Templates
[2009/09/26 18:30:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\B\PrintHood
[2009/09/26 18:30:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\B\NetHood
[2009/09/26 18:30:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\B\Local Settings
[2009/09/26 18:28:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2009/09/26 18:28:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/09/26 18:28:31 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2009/09/26 18:28:30 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/09/26 18:28:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/09/26 18:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/09/26 18:26:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/09/26 18:24:07 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2009/09/26 18:24:07 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2009/09/26 18:24:07 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2009/09/26 18:22:22 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2009/09/26 18:21:39 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/09/26 18:21:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/09/26 18:21:38 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/09/26 18:19:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2009/09/26 18:19:01 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2009/09/26 18:19:01 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2009/09/26 18:18:42 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2009/09/26 18:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2009/09/26 18:17:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2009/09/26 18:17:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2009/09/26 18:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2009/09/26 18:17:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/09/26 18:17:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2009/09/26 18:17:45 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2009/09/26 18:17:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2009/09/26 18:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2009/09/26 18:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2009/09/26 18:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2009/09/26 18:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2009/09/26 18:17:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2009/09/26 18:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2009/09/26 18:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2009/09/26 18:15:45 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2009/09/26 18:15:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2009/09/26 18:15:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2009/09/26 18:15:31 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2009/09/26 18:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2009/09/26 18:14:57 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2009/09/26 18:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2009/09/26 18:14:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2009/09/26 18:14:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2009/09/26 18:14:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2009/09/26 18:14:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2009/09/26 18:14:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2009/09/26 13:51:11 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\drivers\sisnic.sys
[2009/09/26 13:49:19 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2009/09/26 13:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/09/26 13:49:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2009/09/26 13:49:13 | 000,000,000 | R--D | C] -- C:\Program Files
[2009/09/26 13:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2009/09/26 13:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2009/09/26 13:48:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2009/09/26 13:48:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2009/09/26 13:48:44 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2009/09/26 13:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2009/09/26 13:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2009/09/26 13:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2009/09/26 13:48:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2009/09/26 13:48:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009/09/26 13:48:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2009/09/26 13:47:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2009/09/26 13:47:54 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2009/09/26 13:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2009/09/26 13:40:18 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2009/09/26 13:40:18 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2009/09/26 13:40:18 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2009/09/26 13:40:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2009/09/26 13:40:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2009/07/21 10:44:22 | 000,204,800 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2009/07/21 10:44:04 | 000,155,648 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2009/07/21 10:43:52 | 000,026,112 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2009/07/21 10:43:42 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2008/04/14 07:00:00 | 003,374,640 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourW.exe
[2008/04/14 07:00:00 | 000,736,768 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\sprb0419.dll
[2008/04/14 07:00:00 | 000,627,200 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\sprc0419.dll
[2008/04/14 07:00:00 | 000,427,008 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\obrb0419.dll
[2008/04/14 07:00:00 | 000,192,512 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\spra0419.dll
[2004/07/26 17:16:10 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagX7.dll
[2004/07/26 17:16:10 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXpr7.dll
[2004/07/26 17:16:10 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXRA7.dll
[2004/07/26 17:16:10 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXR7.dll
[2004/07/09 09:43:56 | 000,364,544 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll
[2003/01/01 14:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Macromedia
[2003/01/01 14:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Adobe
[2003/01/01 14:44:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2003/01/01 14:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\vlc
[2003/01/01 13:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2003/01/01 13:13:46 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\B\UserData
[2003/01/01 13:00:34 | 000,015,360 | R--- | C] (Motorola Inc.) -- C:\WINDOWS\System32\drivers\NetMotCM.sys
[2003/01/01 12:47:21 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2003/01/01 11:45:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Adobe
[2003/01/01 11:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2003/01/01 06:48:37 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2003/01/01 06:48:36 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2003/01/01 06:48:34 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2003/01/01 06:48:32 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2003/01/01 06:48:28 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2003/01/01 06:48:28 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2003/01/01 06:48:25 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2003/01/01 06:48:18 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2003/01/01 06:48:18 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2003/01/01 06:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2003/01/01 06:48:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2003/01/01 06:30:23 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2003/01/01 05:03:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2003/01/01 05:01:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2003/01/01 00:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Desktop\tripacrosscanada
[2003/01/01 00:12:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2003/01/01 00:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\Google
[2003/01/01 00:12:28 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2003/01/01 00:10:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\B\Recent
[2003/01/01 00:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\DoctorWeb
[2002/12/31 23:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Application Data\Malwarebytes
[2002/12/31 23:10:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2002/12/31 23:10:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2002/12/31 23:10:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2002/12/31 23:10:24 | 000,000,000 | ---D | C] -- C:\Program Files\FML

========== Files - Modified Within 90 Days ==========

[2010/06/30 21:53:37 | 128,255,169 | ---- | M] () -- C:\Documents and Settings\B\Desktop\New Compressed (zipped) Folder.zip
[2010/06/29 21:32:00 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9290B7CE-3883-4F80-A67E-668F8186D5E1}.job
[2010/06/29 21:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At71.job
[2010/06/29 21:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At143.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At192.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At191.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At190.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At189.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At188.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At187.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At186.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At185.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At184.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At183.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At182.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At181.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At180.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At179.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At178.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At177.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At176.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At175.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At174.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At173.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At172.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At171.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At170.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At169.job
[2010/06/29 21:20:29 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\20031Y.dat
[2010/06/29 21:20:26 | 000,071,682 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NA222umr.exe
[2010/06/29 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At95.job
[2010/06/29 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At167.job
[2010/06/29 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At119.job
[2010/06/29 21:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010/06/29 21:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2010/06/29 20:58:13 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{70A47AB3-85DF-47CA-9AB3-B3470F78DCDD}.job
[2010/06/29 20:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At70.job
[2010/06/29 20:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At142.job
[2010/06/29 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At94.job
[2010/06/29 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At166.job
[2010/06/29 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At118.job
[2010/06/29 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010/06/29 20:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2010/06/29 19:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At69.job
[2010/06/29 19:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At141.job
[2010/06/29 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At93.job
[2010/06/29 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At165.job
[2010/06/29 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At117.job
[2010/06/29 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010/06/29 19:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2010/06/29 18:23:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At68.job
[2010/06/29 18:23:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At140.job
[2010/06/29 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At92.job
[2010/06/29 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At164.job
[2010/06/29 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At116.job
[2010/06/29 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010/06/29 18:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2010/06/29 17:23:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At67.job
[2010/06/29 17:23:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At139.job
[2010/06/29 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At91.job
[2010/06/29 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At163.job
[2010/06/29 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At115.job
[2010/06/29 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010/06/29 17:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2010/06/29 16:31:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/29 16:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At66.job
[2010/06/29 16:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At138.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At168.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At162.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At161.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At160.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At159.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At158.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At157.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At156.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At155.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At154.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At153.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At152.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At151.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At150.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At149.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At148.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At147.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At146.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At145.job
[2010/06/29 16:20:13 | 000,071,682 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\NA222umr.exe_
[2010/06/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At90.job
[2010/06/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At114.job
[2010/06/29 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010/06/29 16:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2010/06/29 15:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At65.job
[2010/06/29 15:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At137.job
[2010/06/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At89.job
[2010/06/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At113.job
[2010/06/29 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010/06/29 15:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2010/06/29 14:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At64.job
[2010/06/29 14:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At136.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At144.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At135.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At134.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At133.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At132.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At131.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At130.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At129.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At128.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At127.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At126.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At125.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At124.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At123.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At122.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At121.job
[2010/06/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At88.job
[2010/06/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At112.job
[2010/06/29 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010/06/29 14:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2010/06/29 13:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At63.job
[2010/06/29 13:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At87.job
[2010/06/29 13:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010/06/29 13:00:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2010/06/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At111.job
[2010/06/29 12:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At62.job
[2010/06/29 12:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At86.job
[2010/06/29 12:00:03 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2010/06/29 12:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010/06/29 12:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At110.job
[2010/06/29 11:18:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At61.job
[2010/06/29 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At85.job
[2010/06/29 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At109.job
[2010/06/29 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010/06/29 11:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2010/06/29 10:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At60.job
[2010/06/29 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At84.job
[2010/06/29 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At108.job
[2010/06/29 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010/06/29 10:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2010/06/29 09:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At59.job
[2010/06/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At83.job
[2010/06/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At107.job
[2010/06/29 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010/06/29 09:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2010/06/29 08:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At58.job
[2010/06/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At82.job
[2010/06/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At106.job
[2010/06/29 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010/06/29 08:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2010/06/29 07:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At57.job
[2010/06/29 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At81.job
[2010/06/29 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At105.job
[2010/06/29 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010/06/29 07:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2010/06/29 06:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At56.job
[2010/06/29 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At80.job
[2010/06/29 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At104.job
[2010/06/29 06:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010/06/29 06:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2010/06/29 05:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At55.job
[2010/06/29 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At79.job
[2010/06/29 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At103.job
[2010/06/29 05:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010/06/29 05:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2010/06/29 04:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At54.job
[2010/06/29 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At78.job
[2010/06/29 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At102.job
[2010/06/29 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010/06/29 04:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2010/06/29 03:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At53.job
[2010/06/29 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At77.job
[2010/06/29 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At101.job
[2010/06/29 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010/06/29 03:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2010/06/29 02:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At52.job
[2010/06/29 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At76.job
[2010/06/29 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At100.job
[2010/06/29 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010/06/29 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2010/06/29 01:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At51.job
[2010/06/29 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At99.job
[2010/06/29 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At75.job
[2010/06/29 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/06/29 01:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2010/06/29 00:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At50.job
[2010/06/29 00:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At98.job
[2010/06/29 00:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At74.job
[2010/06/29 00:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/06/29 00:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2010/06/28 23:42:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At73.job
[2010/06/28 23:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At49.job
[2010/06/28 23:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At97.job
[2010/06/28 23:04:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2010/06/28 23:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/06/28 22:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\At72.job
[2010/06/28 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At96.job
[2010/06/28 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\At120.job
[2010/06/28 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010/06/28 22:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/25 22:19:35 | 000,003,888 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000002-80661102}.rfx
[2010/06/25 22:19:35 | 000,003,888 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000002-80661102}.rfx
[2010/06/25 18:28:04 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010/06/25 18:26:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/25 18:08:43 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{8CBC5544-B0D6-44F4-85F5-3E2D2DE56989}
[2010/06/25 12:17:36 | 000,000,002 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{8CBC5544-B0D6-44F4-85F5-3E2D2DE56989}
[2010/06/25 08:45:17 | 000,000,258 | ---- | M] () -- C:\Documents and Settings\B\Application Data\ANICONFIG_{8CBC5544-B0D6-44F4-85F5-3E2D2DE56989}.ini
[2010/06/25 08:41:49 | 000,001,425 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2010/06/21 07:56:08 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/18 17:14:11 | 000,002,439 | ---- | M] () -- C:\Documents and Settings\B\Desktop\HiJackThis.lnk
[2010/06/17 18:34:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/17 15:55:18 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Movie DVD Maker.lnk
[2010/06/16 14:04:16 | 000,003,284 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCS{B2BE880B-E430-4247-A2CD-48C7E0FC7355}
[2010/06/16 13:50:51 | 000,000,428 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010/06/16 08:25:17 | 000,004,360 | ---- | M] () -- C:\Documents and Settings\B\My Documents\cc_20100616_092509.reg
[2010/06/01 16:16:27 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\B\default.pls
[2010/05/25 15:49:15 | 000,004,518 | ---- | M] () -- C:\Documents and Settings\B\My Documents\cc_20100525_164909.reg
[2010/05/21 22:38:43 | 000,004,672 | ---- | M] () -- C:\Documents and Settings\B\My Documents\cc_20100521_233835.reg
[2010/05/21 02:15:17 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2010/05/21 02:15:17 | 000,395,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/21 02:05:09 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/05/21 02:05:09 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\B\Desktop\Spybot - Search & Destroy.lnk
[2010/05/21 01:57:40 | 000,000,670 | ---- | M] () -- C:\Documents and Settings\B\Desktop\SpywareGuard LiveUpdate.lnk
[2010/05/21 01:57:40 | 000,000,650 | ---- | M] () -- C:\Documents and Settings\B\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/05/21 01:57:40 | 000,000,638 | ---- | M] () -- C:\Documents and Settings\B\Desktop\SpywareGuard.lnk
[2010/05/21 01:54:03 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\B\Desktop\SpywareBlaster.lnk
[2010/05/08 19:51:01 | 000,000,380 | ---- | M] () -- C:\Documents and Settings\B\My Documents\cc_20100508_205054.reg
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 21:50:36 | 000,010,208 | -HS- | M] () -- C:\Documents and Settings\B\Local Settings\Application Data\KLry0l
[2010/04/26 21:50:36 | 000,010,208 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KLry0l
[2010/04/26 17:04:42 | 000,353,592 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXControlPanelApplet.cpl
[2010/04/13 16:35:47 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/25 23:09:43 | 000,001,543 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\310-LOAN Bank Statement Capture.lnk
[2010/03/19 20:27:00 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/03/08 12:59:18 | 000,094,208 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/02/28 07:16:05 | 000,000,061 | ---- | M] () -- C:\WINDOWS\WNGYBB.PFL
[2010/02/26 19:41:44 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2010/02/23 01:24:46 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/02/19 14:27:36 | 000,720,384 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2010/02/19 14:27:16 | 000,856,064 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2010/02/19 14:27:16 | 000,847,872 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0a.dll
[2010/02/19 14:27:16 | 000,843,776 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx16.dll
[2010/02/19 14:27:16 | 000,839,680 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2010/02/17 17:17:48 | 001,594,318 | ---- | M] () -- C:\Documents and Settings\B\My Documents\paintbyMattyF.bmp
[2010/02/15 03:31:21 | 000,002,118 | ---- | M] () -- C:\Documents and Settings\B\My Documents\Document.rtf
[2010/01/26 12:09:00 | 000,290,816 | ---- | M] (SourceTec Software Co., LTD) -- C:\WINDOWS\System32\stFLVSource.ax
[2010/01/01 15:45:34 | 000,016,315 | ---- | M] () -- C:\Documents and Settings\B\My Documents\091224_183003_SMS - Notepad.pdf
[2010/01/01 15:45:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\FOXIT_PDF
[2009/12/14 01:57:40 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2009/12/13 12:09:47 | 000,173,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/27 12:11:44 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\quartz.dll
[2009/11/27 12:11:44 | 001,291,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2009/11/21 13:40:56 | 000,000,124 | ---- | M] () -- C:\Documents and Settings\B\Local Settings\Application Data\fusioncache.dat
[2009/11/21 13:36:36 | 000,016,672 | ---- | M] () -- C:\Documents and Settings\B\My Documents\loanagreement.rtf
[2009/11/21 10:51:42 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/11/12 09:35:47 | 000,036,640 | ---- | M] () -- C:\Documents and Settings\B\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/12 09:35:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\B\Application Data\wklnhst.dat
[2009/11/09 16:29:10 | 000,102,445 | ---- | M] () -- C:\WINDOWS\System32\ASTULog.cju
[2009/11/09 16:29:10 | 000,017,728 | ---- | M] () -- C:\WINDOWS\System32\ASTULog.cab
[2009/11/09 16:29:10 | 000,017,728 | ---- | M] () -- C:\Documents and Settings\B\My Documents\ASTULog.cab
[2009/11/09 16:29:10 | 000,001,048 | ---- | M] () -- C:\WINDOWS\System32\setup.inf
[2009/11/09 16:29:10 | 000,000,283 | ---- | M] () -- C:\WINDOWS\System32\setup.rpt
[2009/11/09 15:28:50 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2009/11/09 15:28:07 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/11/09 15:28:07 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/11/09 15:27:19 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/11/09 03:05:09 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\B\Application Data\$_hpcst$.hpc
[2009/11/01 22:22:14 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2009/10/13 16:18:16 | 000,000,901 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2009/10/09 22:05:10 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\CPUID HWMonitor.lnk
[2009/10/09 22:05:03 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2009/10/09 22:04:56 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2009/10/09 22:04:53 | 000,001,578 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.3.6.lnk
[2009/10/07 20:56:03 | 021,822,168 | ---- | M] ( ) -- C:\Program Files\AdbeRdr80_en_US.exe
[2009/10/06 16:18:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/06 00:56:36 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/05 23:45:19 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk
[2009/10/04 13:27:46 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2009/10/04 13:15:59 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2009/09/26 18:30:28 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2009/09/26 18:26:11 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2009/09/26 18:25:10 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/09/26 18:21:06 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/09/26 18:20:36 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/26 18:19:01 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/09/26 18:19:01 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/09/26 18:16:25 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/26 18:16:06 | 000,000,037 | ---- | M] () -- C:\WINDOWS\vbaddin.ini
[2009/09/26 18:16:06 | 000,000,036 | ---- | M] () -- C:\WINDOWS\vb.ini
[2009/09/26 18:12:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/09/26 13:54:58 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2009/09/26 13:49:12 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/17 08:54:02 | 000,438,272 | ---- | M] (Gabest) -- C:\WINDOWS\System32\Mpeg2DecFilter.ax
[2009/08/17 08:54:02 | 000,217,088 | ---- | M] (-) -- C:\WINDOWS\System32\CoreFLACDecoder.ax
[2009/08/17 08:54:00 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2009/07/21 10:44:22 | 000,204,800 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\atipdlxx.dll
[2009/07/21 10:44:04 | 000,155,648 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Oemdspif.dll
[2009/07/21 10:43:52 | 000,026,112 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\Ati2mdxx.exe
[2009/07/21 10:43:42 | 000,043,520 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\System32\ati2edxx.dll
[2009/06/29 03:40:16 | 000,057,667 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2009/06/10 03:58:57 | 000,221,184 | ---- | M] (Ralink Technology, Inc.) -- C:\WINDOWS\System32\RaCoInst.dll
[2009/04/22 09:23:54 | 000,270,336 | ---- | M] (Wireless Service) -- C:\WINDOWS\System32\wnicapi.dll
[2009/04/17 18:24:06 | 000,700,416 | ---- | M] (Wireless Service) -- C:\WINDOWS\System32\ANIWZCS2.dll
[2009/04/15 13:32:36 | 000,715,520 | ---- | M] (Ralink Technology, Corp.) -- C:\WINDOWS\System32\drivers\rt2870.sys
[2009/04/15 13:31:30 | 000,013,931 | ---- | M] () -- C:\WINDOWS\System32\RaCoInst.dat
[2009/03/27 00:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\System32\drivers\cpuz132_x32.sys
[2009/03/05 10:12:08 | 000,258,048 | ---- | M] () -- C:\WINDOWS\System32\wlanapp.dll
[2009/02/26 12:46:40 | 000,147,456 | ---- | M] () -- C:\WINDOWS\System32\ANIWConnService.exe
[2009/02/26 12:38:06 | 000,692,224 | ---- | M] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2009/02/26 10:22:08 | 000,237,568 | ---- | M] () -- C:\WINDOWS\System32\ANIWPS.exe
[2009/02/12 21:20:42 | 000,005,630 | ---- | M] () -- C:\WINDOWS\System32\IE8Eula.rtf
[2009/02/09 17:36:00 | 000,048,640 | ---- | M] () -- C:\WINDOWS\System32\ANIO64.sys
[2009/02/09 17:26:10 | 000,315,392 | ---- | M] () -- C:\WINDOWS\System32\ANIOApi.dll
[2009/02/09 17:10:04 | 000,029,411 | ---- | M] () -- C:\WINDOWS\System32\ANIO.sys
[2009/01/07 17:20:36 | 000,066,384 | ---- | M] () -- C:\WINDOWS\System32\normnfkc.nls
[2009/01/07 17:20:36 | 000,060,294 | ---- | M] () -- C:\WINDOWS\System32\normnfkd.nls
[2009/01/07 17:20:36 | 000,059,342 | ---- | M] () -- C:\WINDOWS\System32\normidna.nls
[2009/01/07 17:20:36 | 000,045,794 | ---- | M] () -- C:\WINDOWS\System32\normnfc.nls
[2009/01/07 17:20:36 | 000,039,284 | ---- | M] () -- C:\WINDOWS\System32\normnfd.nls
[2009/01/07 17:20:20 | 000,008,798 | ---- | M] () -- C:\WINDOWS\System32\icrav03.rat
[2009/01/07 17:20:20 | 000,001,988 | ---- | M] () -- C:\WINDOWS\System32\ticrf.rat
[2008/12/08 11:53:32 | 000,057,344 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/27 17:25:54 | 000,204,800 | ---- | M] () -- C:\WINDOWS\System32\aIPH.dll
[2008/11/27 17:22:04 | 000,045,115 | ---- | M] () -- C:\WINDOWS\System32\ANICtl.dll
[2008/11/27 17:20:56 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\AQCKGen.dll
[2008/09/25 12:16:10 | 000,204,800 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2008/09/25 12:15:58 | 001,110,016 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2008/06/08 21:58:50 | 000,060,273 | ---- | M] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2008/04/14 07:00:00 | 013,463,552 | ---- | M] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2008/04/14 07:00:00 | 013,107,200 | ---- | M] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 013,107,200 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.bin
[2008/04/14 07:00:00 | 004,399,505 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2008/04/14 07:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\gm.dls
[2008/04/14 07:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\System32\dllcache\gm.dls
[2008/04/14 07:00:00 | 003,374,640 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourW.exe
[2008/04/14 07:00:00 | 002,144,487 | ---- | M] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2008/04/14 07:00:00 | 001,685,606 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2008/04/14 07:00:00 | 001,326,080 | ---- | M] () -- C:\WINDOWS\System32\webfldrs.msi
[2008/04/14 07:00:00 | 001,309,184 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.deu
[2008/04/14 07:00:00 | 001,296,669 | ---- | M] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2008/04/14 07:00:00 | 001,158,818 | ---- | M] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2008/04/14 07:00:00 | 001,095,680 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.nld
[2008/04/14 07:00:00 | 001,088,840 | ---- | M] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT
[2008/04/14 07:00:00 | 001,015,477 | ---- | M] () -- C:\WINDOWS\System32\esentprf.ini
[2008/04/14 07:00:00 | 000,957,440 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.enu
[2008/04/14 07:00:00 | 000,956,990 | ---- | M] () -- C:\WINDOWS\System32\instcat.sql
[2008/04/14 07:00:00 | 000,937,984 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.sve
[2008/04/14 07:00:00 | 000,867,840 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.ita
[2008/04/14 07:00:00 | 000,844,314 | ---- | M] () -- C:\WINDOWS\System32\msdxm.ocx
[2008/04/14 07:00:00 | 000,844,314 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2008/04/14 07:00:00 | 000,797,189 | ---- | M] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2008/04/14 07:00:00 | 000,786,944 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.fra
[2008/04/14 07:00:00 | 000,785,972 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2008/04/14 07:00:00 | 000,750,080 | ---- | M] () -- C:\WINDOWS\System32\wbdbase.esn
[2008/04/14 07:00:00 | 000,736,768 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\sprb0419.dll
[2008/04/14 07:00:00 | 000,733,696 | ---- | M] () -- C:\WINDOWS\System32\qedwipes.dll
[2008/04/14 07:00:00 | 000,733,696 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2008/04/14 07:00:00 | 000,673,088 | ---- | M] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,673,088 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mlang.dat
[2008/04/14 07:00:00 | 000,643,717 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2008/04/14 07:00:00 | 000,627,200 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\sprc0419.dll
[2008/04/14 07:00:00 | 000,605,050 | ---- | M] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2008/04/14 07:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\System32\qedit.dll
[2008/04/14 07:00:00 | 000,562,176 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2008/04/14 07:00:00 | 000,522,220 | ---- | M] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2008/04/14 07:00:00 | 000,498,742 | ---- | M] () -- C:\WINDOWS\System32\dxmasf.dll
[2008/04/14 07:00:00 | 000,498,742 | ---- | M] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2008/04/14 07:00:00 | 000,461,672 | ---- | M] () -- C:\WINDOWS\System32\dllcache\micross.ttf
[2008/04/14 07:00:00 | 000,427,008 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\obrb0419.dll
[2008/04/14 07:00:00 | 000,399,645 | ---- | M] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2008/04/14 07:00:00 | 000,386,048 | ---- | M] () -- C:\WINDOWS\System32\qdvd.dll
[2008/04/14 07:00:00 | 000,386,048 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2008/04/14 07:00:00 | 000,383,804 | ---- | M] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf
[2008/04/14 07:00:00 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2008/04/14 07:00:00 | 000,355,680 | ---- | M] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf
[2008/04/14 07:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2008/04/14 07:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll
[2008/04/14 07:00:00 | 000,281,088 | ---- | M] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2008/04/14 07:00:00 | 000,279,040 | ---- | M] () -- C:\WINDOWS\System32\dllcache\tshoot.dll
[2008/04/14 07:00:00 | 000,279,040 | ---- | M] () -- C:\WINDOWS\System32\qdv.dll
[2008/04/14 07:00:00 | 000,279,040 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2008/04/14 07:00:00 | 000,272,128 | ---- | M] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\sbe.dll
[2008/04/14 07:00:00 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2008/04/14 07:00:00 | 000,265,948 | ---- | M] () -- C:\WINDOWS\System32\locale.nls
[2008/04/14 07:00:00 | 000,265,948 | ---- | M] () -- C:\WINDOWS\System32\dllcache\locale.nls
[2008/04/14 07:00:00 | 000,262,148 | ---- | M] () -- C:\WINDOWS\System32\sortkey.nls
[2008/04/14 07:00:00 | 000,262,148 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sortkey.nls
[2008/04/14 07:00:00 | 000,252,928 | ---- | M] () -- C:\WINDOWS\System32\dllcache\compatui.dll
[2008/04/14 07:00:00 | 000,252,928 | ---- | M] () -- C:\WINDOWS\System32\compatUI.dll
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2008/04/14 07:00:00 | 000,240,120 | ---- | M] () -- C:\WINDOWS\System32\setup.bmp
[2008/04/14 07:00:00 | 000,239,616 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wstrendr.ax
[2008/04/14 07:00:00 | 000,239,616 | ---- | M] () -- C:\WINDOWS\System32\wstrenderer.ax
[2008/04/14 07:00:00 | 000,221,229 | ---- | M] () -- C:\WINDOWS\System32\storage.jux
[2008/04/14 07:00:00 | 000,218,134 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2008/04/14 07:00:00 | 000,218,003 | ---- | M] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,217,133 | ---- | M] () -- C:\WINDOWS\System32\msvcp50.mxw
[2008/04/14 07:00:00 | 000,204,396 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2008/04/14 07:00:00 | 000,199,168 | ---- | M] () -- C:\WINDOWS\System32\ir32_32.dll
[2008/04/14 07:00:00 | 000,196,665 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2008/04/14 07:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_950.nls
[2008/04/14 07:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_950.nls
[2008/04/14 07:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_949.nls
[2008/04/14 07:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_949.nls
[2008/04/14 07:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_936.nls
[2008/04/14 07:00:00 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_936.nls
[2008/04/14 07:00:00 | 000,195,618 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2008/04/14 07:00:00 | 000,192,512 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\System32\dllcache\spra0419.dll
[2008/04/14 07:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\System32\qcap.dll
[2008/04/14 07:00:00 | 000,192,512 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2008/04/14 07:00:00 | 000,189,986 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2008/04/14 07:00:00 | 000,187,938 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2008/04/14 07:00:00 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\encdec.dll
[2008/04/14 07:00:00 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2008/04/14 07:00:00 | 000,186,402 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2008/04/14 07:00:00 | 000,185,378 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2008/04/14 07:00:00 | 000,180,770 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2008/04/14 07:00:00 | 000,180,258 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2008/04/14 07:00:00 | 000,180,258 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2008/04/14 07:00:00 | 000,177,698 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2008/04/14 07:00:00 | 000,177,698 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2008/04/14 07:00:00 | 000,175,104 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2008/04/14 07:00:00 | 000,173,602 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2008/04/14 07:00:00 | 000,173,602 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2008/04/14 07:00:00 | 000,173,602 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2008/04/14 07:00:00 | 000,173,568 | ---- | M] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2008/04/14 07:00:00 | 000,167,219 | ---- | M] () -- C:\WINDOWS\System32\pagefileconfig.vbs
[2008/04/14 07:00:00 | 000,167,219 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pagefile.vbs
[2008/04/14 07:00:00 | 000,164,352 | ---- | M] () -- C:\WINDOWS\System32\wstpager.ax
[2008/04/14 07:00:00 | 000,164,352 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wstpager.ax
[2008/04/14 07:00:00 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_932.nls
[2008/04/14 07:00:00 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\c_932.nls
[2008/04/14 07:00:00 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2008/04/14 07:00:00 | 000,157,696 | ---- | M] () -- C:\WINDOWS\System32\paqsp.dll
[2008/04/14 07:00:00 | 000,152,844 | ---- | M] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2008/04/14 07:00:00 | 000,149,848 | ---- | M] () -- C:\WINDOWS\System32\noise.deu
[2008/04/14 07:00:00 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax
[2008/04/14 07:00:00 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2008/04/14 07:00:00 | 000,144,484 | ---- | M] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2008/04/14 07:00:00 | 000,139,810 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20261.nls
[2008/04/14 07:00:00 | 000,139,810 | ---- | M] () -- C:\WINDOWS\System32\c_20261.nls
[2008/04/14 07:00:00 | 000,135,984 | ---- | M] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2008/04/14 07:00:00 | 000,134,339 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2008/04/14 07:00:00 | 000,127,213 | ---- | M] () -- C:\WINDOWS\System32\ega.cpi
[2008/04/14 07:00:00 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mpg2data.ax
[2008/04/14 07:00:00 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\mpeg2data.ax
[2008/04/14 07:00:00 | 000,112,918 | ---- | M] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2008/04/14 07:00:00 | 000,108,827 | ---- | M] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2008/04/14 07:00:00 | 000,102,446 | ---- | M] () -- C:\WINDOWS\System32\net.hlp
[2008/04/14 07:00:00 | 000,102,444 | ---- | M] () -- C:\WINDOWS\System32\msscript.xgd
[2008/04/14 07:00:00 | 000,097,965 | ---- | M] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs
[2008/04/14 07:00:00 | 000,097,965 | ---- | M] () -- C:\WINDOWS\System32\eventquery.vbs
[2008/04/14 07:00:00 | 000,094,282 | ---- | M] () -- C:\WINDOWS\System32\msencode.dll
[2008/04/14 07:00:00 | 000,093,702 | ---- | M] () -- C:\WINDOWS\System32\subrange.uce
[2008/04/14 07:00:00 | 000,089,588 | ---- | M] () -- C:\WINDOWS\System32\unicode.nls
[2008/04/14 07:00:00 | 000,089,588 | ---- | M] () -- C:\WINDOWS\System32\dllcache\unicode.nls
[2008/04/14 07:00:00 | 000,086,061 | ---- | M] () -- C:\WINDOWS\System32\c_869.yhg
[2008/04/14 07:00:00 | 000,083,748 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2008/04/14 07:00:00 | 000,083,748 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2008/04/14 07:00:00 | 000,082,944 | ---- | M] () -- C:\WINDOWS\clock.avi
[2008/04/14 07:00:00 | 000,082,172 | ---- | M] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2008/04/14 07:00:00 | 000,080,546 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apps.chm
[2008/04/14 07:00:00 | 000,079,872 | ---- | M] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2008/04/14 07:00:00 | 000,079,872 | ---- | M] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2008/04/14 07:00:00 | 000,072,387 | ---- | M] () -- C:\WINDOWS\System32\dllcache\archvapp.inf
[2008/04/14 07:00:00 | 000,071,859 | ---- | M] () -- C:\WINDOWS\System32\cliconf.chm
[2008/04/14 07:00:00 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2008/04/14 07:00:00 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\amstream.dll
[2008/04/14 07:00:00 | 000,069,886 | ---- | M] () -- C:\WINDOWS\System32\edit.com
[2008/04/14 07:00:00 | 000,066,728 | ---- | M] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_874.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_874.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_869.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_866.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_865.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_865.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_863.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_863.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_861.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_861.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_860.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_860.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_857.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_855.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_852.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_850.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_850.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_775.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_775.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_737.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_437.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_437.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_875.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_500.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_500.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28605.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28605.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28603.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28599.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28598.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28598.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28597.NLS
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28595.NLS
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28594.NLS
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28593.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28593.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28592.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28592.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28591.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28591.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_21866.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_21866.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20905.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20905.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20866.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20866.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20127.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1258.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1258.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1257.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1257.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1256.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1256.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1255.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1255.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1254.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1254.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1253.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1253.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1252.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1252.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1251.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1251.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1250.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1250.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1026.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1026.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10082.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10081.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10079.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10079.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10029.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10017.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10010.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10007.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10006.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10000.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10000.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_037.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_037.nls
[2008/04/14 07:00:00 | 000,065,978 | ---- | M] () -- C:\WINDOWS\Soap Bubbles.bmp
[2008/04/14 07:00:00 | 000,065,954 | ---- | M] () -- C:\WINDOWS\Prairie Wind.bmp
[2008/04/14 07:00:00 | 000,065,832 | ---- | M] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2008/04/14 07:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.sve
[2008/04/14 07:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.nld
[2008/04/14 07:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.ita
[2008/04/14 07:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.fra
[2008/04/14 07:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.esn
[2008/04/14 07:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.enu
[2008/04/14 07:00:00 | 000,065,489 | ---- | M] () -- C:\WINDOWS\System32\wbcache.deu
[2008/04/14 07:00:00 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\wmimgmt.msc
[2008/04/14 07:00:00 | 000,061,172 | ---- | M] () -- C:\WINDOWS\System32\cmmgr32.hlp
[2008/04/14 07:00:00 | 000,060,458 | ---- | M] () -- C:\WINDOWS\System32\ideograf.uce
[2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2008/04/14 07:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\System32\devenum.dll
[2008/04/14 07:00:00 | 000,059,392 | ---- | M] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2008/04/14 07:00:00 | 000,059,167 | ---- | M] () -- C:\WINDOWS\System\setup.inf
[2008/04/14 07:00:00 | 000,058,273 | R--- | M] () -- C:\WINDOWS\System32\perfmon.msc
[2008/04/14 07:00:00 | 000,056,678 | ---- | M] () -- C:\WINDOWS\System32\eventvwr.msc
[2008/04/14 07:00:00 | 000,055,296 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe
[2008/04/14 07:00:00 | 000,054,528 | ---- | M] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2008/04/14 07:00:00 | 000,053,840 | ---- | M] () -- C:\WINDOWS\System32\dosx.exe
[2008/04/14 07:00:00 | 000,053,840 | ---- | M] () -- C:\WINDOWS\System32\dllcache\dosx.exe
[2008/04/14 07:00:00 | 000,053,478 | ---- | M] () -- C:\WINDOWS\System32\tcpmon.ini
[2008/04/14 07:00:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\vbicodec.ax
[2008/04/14 07:00:00 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax
[2008/04/14 07:00:00 | 000,050,620 | ---- | M] () -- C:\WINDOWS\System32\command.com
[2008/04/14 07:00:00 | 000,049,196 | ---- | M] () -- C:\WINDOWS\System32\noise.fra
[2008/04/14 07:00:00 | 000,048,794 | ---- | M] () -- C:\WINDOWS\System32\ntimage.gif
[2008/04/14 07:00:00 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt256.bmp
[2008/04/14 07:00:00 | 000,048,680 | -HS- | M] () -- C:\WINDOWS\winnt.bmp
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,047,066 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2008/04/14 07:00:00 | 000,046,258 | ---- | M] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,046,133 | ---- | M] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2008/04/14 07:00:00 | 000,044,451 | R--- | M] () -- C:\WINDOWS\System32\rsop.msc
[2008/04/14 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\key01.sys
[2008/04/14 07:00:00 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2008/04/14 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\keyboard.sys
[2008/04/14 07:00:00 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2008/04/14 07:00:00 | 000,042,339 | ---- | M] () -- C:\WINDOWS\System32\certmgr.msc
[2008/04/14 07:00:00 | 000,042,166 | ---- | M] () -- C:\WINDOWS\System32\lusrmgr.msc
[2008/04/14 07:00:00 | 000,041,762 | ---- | M] () -- C:\WINDOWS\System32\ciadv.msc
[2008/04/14 07:00:00 | 000,041,397 | ---- | M] () -- C:\WINDOWS\System32\dfrg.msc
[2008/04/14 07:00:00 | 000,040,505 | ---- | M] () -- C:\WINDOWS\System32\cmdlib.wsc
[2008/04/14 07:00:00 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\wiasf.ax
[2008/04/14 07:00:00 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wiasf.ax
[2008/04/14 07:00:00 | 000,039,274 | ---- | M] () -- C:\WINDOWS\System32\mem.exe
[2008/04/14 07:00:00 | 000,039,274 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2008/04/14 07:00:00 | 000,038,302 | ---- | M] () -- C:\WINDOWS\System32\compmgmt.msc
[2008/04/14 07:00:00 | 000,037,484 | ---- | M] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2008/04/14 07:00:00 | 000,036,364 | ---- | M] () -- C:\WINDOWS\System32\secpol.msc
[2008/04/14 07:00:00 | 000,036,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/04/14 07:00:00 | 000,035,755 | ---- | M] () -- C:\WINDOWS\System32\prncnfg.vbs
[2008/04/14 07:00:00 | 000,035,755 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs
[2008/04/14 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\System32\ntio411.sys
[2008/04/14 07:00:00 | 000,035,648 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio411.sys
[2008/04/14 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\System32\ntio412.sys
[2008/04/14 07:00:00 | 000,035,424 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio412.sys
[2008/04/14 07:00:00 | 000,035,328 | ---- | M] () -- C:\WINDOWS\System32\mciqtz32.dll
[2008/04/14 07:00:00 | 000,035,328 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2008/04/14 07:00:00 | 000,034,871 | ---- | M] () -- C:\WINDOWS\System32\gpedit.msc
[2008/04/14 07:00:00 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sniffpol.dll
[2008/04/14 07:00:00 | 000,034,747 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2008/04/14 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio804.sys
[2008/04/14 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio804.sys
[2008/04/14 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio404.sys
[2008/04/14 07:00:00 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio404.sys
[2008/04/14 07:00:00 | 000,034,063 | ---- | M] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2008/04/14 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\System32\ntio.sys
[2008/04/14 07:00:00 | 000,033,840 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio.sys
[2008/04/14 07:00:00 | 000,033,673 | ---- | M] () -- C:\WINDOWS\System32\diskmgmt.msc
[2008/04/14 07:00:00 | 000,033,464 | ---- | M] () -- C:\WINDOWS\System32\services.msc
[2008/04/14 07:00:00 | 000,033,280 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sstub.dll
[2008/04/14 07:00:00 | 000,033,079 | ---- | M] () -- C:\WINDOWS\System32\devmgmt.msc
[2008/04/14 07:00:00 | 000,032,968 | ---- | M] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2008/04/14 07:00:00 | 000,032,760 | ---- | M] () -- C:\WINDOWS\System32\fsmgmt.msc
[2008/04/14 07:00:00 | 000,032,674 | ---- | M] () -- C:\WINDOWS\System32\winhelp.hlp
[2008/04/14 07:00:00 | 000,032,546 | ---- | M] () -- C:\WINDOWS\System32\prnmngr.vbs
[2008/04/14 07:00:00 | 000,032,546 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs
[2008/04/14 07:00:00 | 000,029,454 | ---- | M] () -- C:\WINDOWS\System32\prnport.vbs
[2008/04/14 07:00:00 | 000,029,454 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnport.vbs
[2008/04/14 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\ntdos411.sys
[2008/04/14 07:00:00 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2008/04/14 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\ntdos412.sys
[2008/04/14 07:00:00 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2008/04/14 07:00:00 | 000,029,184 | ---- | M] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2008/04/14 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos804.sys
[2008/04/14 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2008/04/14 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos404.sys
[2008/04/14 07:00:00 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2008/04/14 07:00:00 | 000,028,626 | ---- | M] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,028,420 | ---- | M] () -- C:\WINDOWS\System32\bios1.rom
[2008/04/14 07:00:00 | 000,028,288 | ---- | M] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2008/04/14 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\System32\ntdos.sys
[2008/04/14 07:00:00 | 000,027,866 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2008/04/14 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\dllcache\country.sys
[2008/04/14 07:00:00 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\country.sys
[2008/04/14 07:00:00 | 000,026,991 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2008/04/14 07:00:00 | 000,026,680 | ---- | M] () -- C:\WINDOWS\River Sumida.bmp
[2008/04/14 07:00:00 | 000,026,582 | ---- | M] () -- C:\WINDOWS\Greenstone.bmp
[2008/04/14 07:00:00 | 000,026,209 | ---- | M] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2008/04/14 07:00:00 | 000,025,415 | ---- | M] () -- C:\WINDOWS\System32\prndrvr.vbs
[2008/04/14 07:00:00 | 000,025,415 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs
[2008/04/14 07:00:00 | 000,024,772 | ---- | M] () -- C:\WINDOWS\System32\geo.nls
[2008/04/14 07:00:00 | 000,024,772 | ---- | M] () -- C:\WINDOWS\System32\dllcache\geo.nls
[2008/04/14 07:00:00 | 000,024,124 | ---- | M] () -- C:\WINDOWS\System32\dllcache\marlett.ttf
[2008/04/14 07:00:00 | 000,024,006 | ---- | M] () -- C:\WINDOWS\System32\gb2312.uce
[2008/04/14 07:00:00 | 000,023,044 | ---- | M] () -- C:\WINDOWS\System32\sorttbls.nls
[2008/04/14 07:00:00 | 000,023,044 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sorttbls.nls
[2008/04/14 07:00:00 | 000,022,984 | ---- | M] () -- C:\WINDOWS\System32\bopomofo.uce
[2008/04/14 07:00:00 | 000,021,527 | ---- | M] () -- C:\WINDOWS\System32\prnjobs.vbs
[2008/04/14 07:00:00 | 000,021,527 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs
[2008/04/14 07:00:00 | 000,021,232 | ---- | M] () -- C:\WINDOWS\System32\graphics.pro
[2008/04/14 07:00:00 | 000,020,634 | ---- | M] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2008/04/14 07:00:00 | 000,020,634 | ---- | M] () -- C:\WINDOWS\System32\debug.exe
[2008/04/14 07:00:00 | 000,019,694 | ---- | M] () -- C:\WINDOWS\System32\graphics.com
[2008/04/14 07:00:00 | 000,019,684 | ---- | M] () -- C:\WINDOWS\System32\noise.esn
[2008/04/14 07:00:00 | 000,019,618 | ---- | M] () -- C:\WINDOWS\System32\noise.ita
[2008/04/14 07:00:00 | 000,018,832 | ---- | M] () -- C:\WINDOWS\System32\v7vga.rom
[2008/04/14 07:00:00 | 000,017,362 | ---- | M] () -- C:\WINDOWS\Rhododendron.bmp
[2008/04/14 07:00:00 | 000,017,336 | ---- | M] () -- C:\WINDOWS\Gone Fishing.bmp
[2008/04/14 07:00:00 | 000,017,062 | ---- | M] () -- C:\WINDOWS\Coffee Bean.bmp
[2008/04/14 07:00:00 | 000,016,740 | ---- | M] () -- C:\WINDOWS\System32\shiftjis.uce
[2008/04/14 07:00:00 | 000,016,730 | ---- | M] () -- C:\WINDOWS\FeatherTexture.bmp
[2008/04/14 07:00:00 | 000,016,535 | ---- | M] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2008/04/14 07:00:00 | 000,015,860 | ---- | M] () -- C:\WINDOWS\System32\prnqctl.vbs
[2008/04/14 07:00:00 | 000,015,860 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs
[2008/04/14 07:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\tsd32.dll
[2008/04/14 07:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2008/04/14 07:00:00 | 000,014,710 | ---- | M] () -- C:\WINDOWS\System32\kb16.com
[2008/04/14 07:00:00 | 000,014,433 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\msdmo.dll
[2008/04/14 07:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2008/04/14 07:00:00 | 000,013,730 | ---- | M] () -- C:\WINDOWS\System32\noise.sve
[2008/04/14 07:00:00 | 000,013,472 | ---- | M] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2008/04/14 07:00:00 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\win87em.dll
[2008/04/14 07:00:00 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2008/04/14 07:00:00 | 000,013,256 | ---- | M] () -- C:\WINDOWS\System32\noise.nld
[2008/04/14 07:00:00 | 000,013,223 | ---- | M] () -- C:\WINDOWS\System32\tslabels.ini
[2008/04/14 07:00:00 | 000,012,876 | ---- | M] () -- C:\WINDOWS\System32\korean.uce
[2008/04/14 07:00:00 | 000,012,642 | ---- | M] () -- C:\WINDOWS\System32\edlin.exe
[2008/04/14 07:00:00 | 000,012,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2008/04/14 07:00:00 | 000,012,498 | ---- | M] () -- C:\WINDOWS\System32\dllcache\append.exe
[2008/04/14 07:00:00 | 000,012,498 | ---- | M] () -- C:\WINDOWS\System32\append.exe
[2008/04/14 07:00:00 | 000,012,363 | ---- | M] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2008/04/14 07:00:00 | 000,012,082 | ---- | M] () -- C:\WINDOWS\System32\rsvp.ini
[2008/04/14 07:00:00 | 000,011,753 | ---- | M] () -- C:\WINDOWS\System32\setver.exe
[2008/04/14 07:00:00 | 000,010,790 | ---- | M] () -- C:\WINDOWS\System32\edit.hlp
[2008/04/14 07:00:00 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\scriptpw.dll
[2008/04/14 07:00:00 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll
[2008/04/14 07:00:00 | 000,010,110 | ---- | M] () -- C:\WINDOWS\System32\mqperf.ini
[2008/04/14 07:00:00 | 000,010,027 | ---- | M] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2008/04/14 07:00:00 | 000,009,522 | ---- | M] () -- C:\WINDOWS\Zapotec.bmp
[2008/04/14 07:00:00 | 000,009,424 | ---- | M] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[2008/04/14 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2008/04/14 07:00:00 | 000,009,029 | ---- | M] () -- C:\WINDOWS\System32\ansi.sys
[2008/04/14 07:00:00 | 000,008,574 | ---- | M] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2008/04/14 07:00:00 | 000,008,484 | ---- | M] () -- C:\WINDOWS\System32\kanji_2.uce
[2008/04/14 07:00:00 | 000,008,424 | ---- | M] () -- C:\WINDOWS\System32\exe2bin.exe
[2008/04/14 07:00:00 | 000,008,424 | ---- | M] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2008/04/14 07:00:00 | 000,008,386 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ctype.nls
[2008/04/14 07:00:00 | 000,008,386 | ---- | M] () -- C:\WINDOWS\System32\ctype.nls
[2008/04/14 07:00:00 | 000,008,191 | ---- | M] () -- C:\WINDOWS\System32\bios4.rom
[2008/04/14 07:00:00 | 000,007,382 | ---- | M] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2008/04/14 07:00:00 | 000,007,334 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2008/04/14 07:00:00 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\secupd.sig
[2008/04/14 07:00:00 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\dllcache\secupd.sig
[2008/04/14 07:00:00 | 000,007,116 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\services
[2008/04/14 07:00:00 | 000,007,052 | ---- | M] () -- C:\WINDOWS\System32\nlsfunc.exe
[2008/04/14 07:00:00 | 000,007,052 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2008/04/14 07:00:00 | 000,007,046 | ---- | M] () -- C:\WINDOWS\System32\l_intl.nls
[2008/04/14 07:00:00 | 000,007,046 | ---- | M] () -- C:\WINDOWS\System32\dllcache\l_intl.nls
[2008/04/14 07:00:00 | 000,006,948 | ---- | M] () -- C:\WINDOWS\System32\kanji_1.uce
[2008/04/14 07:00:00 | 000,006,877 | ---- | M] () -- C:\WINDOWS\System32\pschdprf.ini
[2008/04/14 07:00:00 | 000,006,761 | ---- | M] () -- C:\WINDOWS\System32\oembios.sig
[2008/04/14 07:00:00 | 000,006,761 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.sig
[2008/04/14 07:00:00 | 000,006,708 | ---- | M] () -- C:\WINDOWS\System32\esentprf.hxx
[2008/04/14 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\System32\himem.sys
[2008/04/14 07:00:00 | 000,004,768 | ---- | M] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2008/04/14 07:00:00 | 000,004,653 | ---- | M] () -- C:\WINDOWS\System32\tsgqec.zcf
[2008/04/14 07:00:00 | 000,004,569 | ---- | M] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | M] () -- C:\WINDOWS\System32\dllcache\secupd.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | M] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.dat
[2008/04/14 07:00:00 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\odbcconf.rsp
[2008/04/14 07:00:00 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp
[2008/04/14 07:00:00 | 000,004,126 | ---- | M] () -- C:\WINDOWS\System32\msdxmlc.dll
[2008/04/14 07:00:00 | 000,004,126 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2008/04/14 07:00:00 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\wdl.trm
[2008/04/14 07:00:00 | 000,003,708 | ---- | M] () -- C:\WINDOWS\System32\pubprn.vbs
[2008/04/14 07:00:00 | 000,003,708 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2008/04/14 07:00:00 | 000,003,683 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam
[2008/04/14 07:00:00 | 000,003,577 | ---- | M] () -- C:\WINDOWS\System32\sysprtj.sep
[2008/04/14 07:00:00 | 000,003,458 | ---- | M] () -- C:\WINDOWS\System32\rasctrs.ini
[2008/04/14 07:00:00 | 000,003,338 | ---- | M] () -- C:\WINDOWS\System32\redir.exe
[2008/04/14 07:00:00 | 000,003,338 | ---- | M] () -- C:\WINDOWS\System32\dllcache\redir.exe
[2008/04/14 07:00:00 | 000,003,286 | ---- | M] () -- C:\WINDOWS\System32\tslabels.h
[2008/04/14 07:00:00 | 000,003,252 | ---- | M] () -- C:\WINDOWS\System32\nw16.exe
[2008/04/14 07:00:00 | 000,003,252 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nw16.exe
[2008/04/14 07:00:00 | 000,003,214 | ---- | M] () -- C:\WINDOWS\System32\sysprint.sep
[2008/04/14 07:00:00 | 000,003,178 | ---- | M] () -- C:\WINDOWS\System32\rsvpcnts.h
[2008/04/14 07:00:00 | 000,003,167 | ---- | M] () -- C:\WINDOWS\System32\rsaci.rat
[2008/04/14 07:00:00 | 000,003,010 | ---- | M] () -- C:\WINDOWS\System32\pschdcnt.h
[2008/04/14 07:00:00 | 000,002,891 | ---- | M] () -- C:\WINDOWS\System32\perfci.ini
[2008/04/14 07:00:00 | 000,002,755 | ---- | M] () -- C:\WINDOWS\System32\mqprfsym.h
[2008/04/14 07:00:00 | 000,002,732 | ---- | M] () -- C:\WINDOWS\System32\perfwci.ini
[2008/04/14 07:00:00 | 000,002,656 | ---- | M] () -- C:\WINDOWS\System32\netware.drv
[2008/04/14 07:00:00 | 000,002,233 | ---- | M] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2008/04/14 07:00:00 | 000,002,233 | ---- | M] () -- C:\WINDOWS\System32\12520850.cpx
[2008/04/14 07:00:00 | 000,002,151 | ---- | M] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2008/04/14 07:00:00 | 000,002,151 | ---- | M] () -- C:\WINDOWS\System32\12520437.cpx
[2008/04/14 07:00:00 | 000,001,931 | ---- | M] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/04/14 07:00:00 | 000,001,818 | ---- | M] () -- C:\WINDOWS\System32\rasctrnm.h
[2008/04/14 07:00:00 | 000,001,804 | ---- | M] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,001,696 | ---- | M] () -- C:\WINDOWS\System32\noise.cht
[2008/04/14 07:00:00 | 000,001,696 | ---- | M] () -- C:\WINDOWS\System32\noise.chs
[2008/04/14 07:00:00 | 000,001,688 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2008/04/14 07:00:00 | 000,001,492 | ---- | M] () -- C:\WINDOWS\System32\mmdriver.inf
[2008/04/14 07:00:00 | 000,001,405 | ---- | M] () -- C:\WINDOWS\msdfmap.ini
[2008/04/14 07:00:00 | 000,001,272 | ---- | M] () -- C:\WINDOWS\Blue Lace 16.bmp
[2008/04/14 07:00:00 | 000,001,161 | ---- | M] () -- C:\WINDOWS\System32\usrlogon.cmd
[2008/04/14 07:00:00 | 000,001,152 | ---- | M] () -- C:\WINDOWS\System32\perffilt.ini
[2008/04/14 07:00:00 | 000,001,131 | ---- | M] () -- C:\WINDOWS\System32\loadfix.com
[2008/04/14 07:00:00 | 000,001,129 | ---- | M] () -- C:\WINDOWS\System32\vwipxspx.exe
[2008/04/14 07:00:00 | 000,001,129 | ---- | M] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe
[2008/04/14 07:00:00 | 000,000,984 | ---- | M] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2008/04/14 07:00:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\System32\pid.inf
[2008/04/14 07:00:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pid.inf
[2008/04/14 07:00:00 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\homepage.inf
[2008/04/14 07:00:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2008/04/14 07:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\share.exe
[2008/04/14 07:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\dllcache\share.exe
[2008/04/14 07:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\fastopen.exe
[2008/04/14 07:00:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2008/04/14 07:00:00 | 000,000,862 | ---- | M] () -- C:\WINDOWS\System32\termcap
[2008/04/14 07:00:00 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\mscdexnt.exe
[2008/04/14 07:00:00 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2008/04/14 07:00:00 | 000,000,799 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\protocol
[2008/04/14 07:00:00 | 000,000,768 | ---- | M] () -- C:\WINDOWS\System32\msdtcprf.h
[2008/04/14 07:00:00 | 000,000,751 | ---- | M] () -- C:\WINDOWS\System32\noise.enu
[2008/04/14 07:00:00 | 000,000,751 | ---- | M] () -- C:\WINDOWS\System32\noise.eng
[2008/04/14 07:00:00 | 000,000,741 | ---- | M] () -- C:\WINDOWS\System32\noise.dat
[2008/04/14 07:00:00 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100521-031516.backup
[2008/04/14 07:00:00 | 000,000,707 | ---- | M] () -- C:\WINDOWS\_default.pif
[2008/04/14 07:00:00 | 000,000,697 | ---- | M] () -- C:\WINDOWS\System32\noise.tha
[2008/04/14 07:00:00 | 000,000,487 | ---- | M] () -- C:\WINDOWS\System32\login.cmd
[2008/04/14 07:00:00 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\perfwci.h
[2008/04/14 07:00:00 | 000,000,427 | ---- | M] () -- C:\WINDOWS\System32\perfci.h
[2008/04/14 07:00:00 | 000,000,407 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\networks
[2008/04/14 07:00:00 | 000,000,343 | ---- | M] () -- C:\WINDOWS\System32\prodspec.ini
[2008/04/14 07:00:00 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\l_except.nls
[2008/04/14 07:00:00 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\dllcache\l_except.nls
[2008/04/14 07:00:00 | 000,000,140 | ---- | M] () -- C:\WINDOWS\System32\perffilt.h
[2008/04/14 07:00:00 | 000,000,114 | ---- | M] () -- C:\WINDOWS\System32\pcl.sep
[2008/04/14 07:00:00 | 000,000,081 | ---- | M] () -- C:\WINDOWS\System32\dsound.vxd
[2008/04/14 07:00:00 | 000,000,080 | ---- | M] () -- C:\WINDOWS\explorer.scf
[2008/04/14 07:00:00 | 000,000,075 | ---- | M] () -- C:\WINDOWS\System32\View Channels.scf
[2008/04/14 07:00:00 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\cmos.ram
[2008/04/14 07:00:00 | 000,000,051 | ---- | M] () -- C:\WINDOWS\System32\pscript.sep
[2008/04/13 17:05:40 | 000,032,768 | ---- | M] (SiS Corporation) -- C:\WINDOWS\System32\drivers\sisnic.sys
[2007/07/10 16:10:12 | 000,000,547 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/05/12 15:39:32 | 000,016,997 | ---- | M] () -- C:\WINDOWS\System32\ANIO.VXD
[2007/05/12 15:39:32 | 000,011,904 | ---- | M] (ANI ) -- C:\WINDOWS\System32\anio4.sys
[2006/11/06 13:19:31 | 000,015,360 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\System32\drivers\NetMotCM.sys
[2005/10/27 07:55:30 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\JJAKEn.dll
[2005/10/19 17:19:08 | 001,327,189 | ---- | M] (Funk Software, Inc.) -- C:\WINDOWS\System32\odSupp_M.dll
[2005/09/15 14:35:46 | 000,000,050 | ---- | M] () -- C:\WINDOWS\UNNeroMediaHome.cfg
[2005/09/02 17:39:00 | 000,044,544 | ---- | M] () -- C:\WINDOWS\System32\SantSvc.exe
[2005/09/02 17:39:00 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\SantFilt.sys
[2005/08/30 21:37:52 | 000,000,050 | ---- | M] () -- C:\WINDOWS\UNNeroVision.cfg
[2005/08/30 21:37:04 | 000,000,050 | ---- | M] () -- C:\WINDOWS\UNNeroShowTime.cfg
[2005/08/30 21:36:38 | 000,000,050 | ---- | M] () -- C:\WINDOWS\UNRecode.cfg
[2005/08/30 21:33:38 | 000,000,050 | ---- | M] () -- C:\WINDOWS\UNNeroBackItUp.cfg
[2005/05/01 21:15:02 | 000,000,638 | ---- | M] () -- C:\WINDOWS\setup.iss
[2004/07/26 17:16:10 | 001,568,768 | ---- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagX7.dll
[2004/07/26 17:16:10 | 000,476,320 | ---- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXpr7.dll
[2004/07/26 17:16:10 | 000,471,040 | ---- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXRA7.dll
[2004/07/26 17:16:10 | 000,262,144 | ---- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\imagXR7.dll
[2004/07/09 09:43:56 | 000,364,544 | ---- | M] (Pegasus Imaging Corp.) -- C:\WINDOWS\System32\TwnLib4.dll
[2004/04/06 15:15:38 | 000,110,592 | ---- | M] () -- C:\WINDOWS\System32\AegisI5.exe
[2004/02/24 10:08:52 | 000,400,384 | ---- | M] (Sensaura) -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS
[2004/02/09 14:18:18 | 000,155,648 | ---- | M] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2003/06/16 03:52:30 | 000,189,490 | ---- | M] () -- C:\WINDOWS\System32\ctdlang.dat
[2003/06/16 03:43:38 | 000,114,972 | ---- | M] () -- C:\WINDOWS\System32\ctbasicw.dat
[2003/06/16 03:40:04 | 000,251,970 | ---- | M] () -- C:\WINDOWS\System32\ctstatic.dat
[2003/06/16 03:35:28 | 000,053,674 | ---- | M] () -- C:\WINDOWS\System32\ctdaught.dat
[2003/06/09 03:40:14 | 000,065,536 | ---- | M] ( ) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2003/06/09 03:40:14 | 000,065,536 | ---- | M] ( ) -- C:\WINDOWS\System32\a3d.dll
[2003/03/24 15:52:04 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2003/01/02 19:09:30 | 000,001,543 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\310-LOAN Bank Statement Capture.lnk
[2003/01/01 15:53:25 | 000,216,416 | ---- | M] () -- C:\WINDOWS\System32\shellextlib.tlb
[2003/01/01 15:41:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2003/01/01 14:47:42 | 000,006,096 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2003/01/01 14:14:53 | 000,570,928 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2003/01/01 14:14:53 | 000,482,372 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2003/01/01 14:14:53 | 000,081,180 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2003/01/01 12:33:17 | 000,000,253 | ---- | M] () -- C:\Documents and Settings\B\Application Data\ANICONFIG_{B2BE880B-E430-4247-A2CD-48C7E0FC7355}.ini
[2003/01/01 12:32:13 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{B2BE880B-E430-4247-A2CD-48C7E0FC7355}
[2003/01/01 08:04:30 | 003,712,656 | -H-- | M] () -- C:\Documents and Settings\B\Local Settings\Application Data\IconCache.db
[2003/01/01 06:48:38 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2003/01/01 06:48:29 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2003/01/01 06:40:39 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\B\ntuser.dat
[2003/01/01 06:40:29 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\B\ntuser.ini
[2003/01/01 06:30:24 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\B\Desktop\NTREGOPT.lnk
[2003/01/01 06:30:24 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\B\Desktop\ERUNT.lnk
[2003/01/01 05:11:56 | 000,001,196 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2003/01/01 05:11:56 | 000,001,120 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2003/01/01 01:46:17 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\B\My Documents\DrWebscan1.csv
[2003/01/01 00:38:48 | 000,010,376 | ---- | M] () -- C:\Documents and Settings\B\My Documents\cc_20030101_003846.reg
[2003/01/01 00:24:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2003/01/01 00:24:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/01/01 00:24:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2003/01/01 00:24:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2003/01/01 00:24:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2003/01/01 00:24:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\control.ini
[2003/01/01 00:24:28 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2003/01/01 00:08:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2003/01/01 00:04:51 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2002/12/31 23:10:28 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2002/12/31 21:32:27 | 000,005,660 | ---- | M] () -- C:\Documents and Settings\B\My Documents\cc_20021231_213222.reg
[2002/12/29 00:14:38 | 000,081,920 | ---- | M] () -- C:\WINDOWS\System32\Startup.cpl

========== Files Created - No Company Name ==========

[2010/06/30 21:52:16 | 128,255,169 | ---- | C] () -- C:\Documents and Settings\B\Desktop\New Compressed (zipped) Folder.zip
[2010/06/29 21:20:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At192.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At191.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At190.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At189.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At188.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At187.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At186.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At185.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At184.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At183.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At182.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At181.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At180.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At179.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At178.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At177.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At176.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At175.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At174.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At173.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At172.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At171.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At170.job
[2010/06/29 21:20:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At169.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At168.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At167.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At166.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At165.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At164.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At163.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At162.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At161.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At160.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At159.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At158.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At157.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At156.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At155.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At154.job
[2010/06/29 16:20:22 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At153.job
[2010/06/29 16:20:21 | 000,071,682 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NA222umr.exe_
[2010/06/29 16:20:21 | 000,071,682 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\NA222umr.exe
[2010/06/29 16:20:21 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At152.job
[2010/06/29 16:20:21 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At151.job
[2010/06/29 16:20:21 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At150.job
[2010/06/29 16:20:21 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At149.job
[2010/06/29 16:20:21 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At148.job
[2010/06/29 16:20:21 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At147.job
[2010/06/29 16:20:21 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At146.job
[2010/06/29 16:20:21 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At145.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At144.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At143.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At142.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At141.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At140.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At139.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At138.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At137.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At136.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At135.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At134.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At133.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At132.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At131.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At130.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At129.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At128.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At127.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At126.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At125.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At124.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At123.job
[2010/06/29 14:01:41 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At122.job
[2010/06/29 14:01:40 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At121.job
[2010/06/25 08:43:19 | 000,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{8CBC5544-B0D6-44F4-85F5-3E2D2DE56989}
[2010/06/25 08:43:19 | 000,000,258 | ---- | C] () -- C:\Documents and Settings\B\Application Data\ANICONFIG_{8CBC5544-B0D6-44F4-85F5-3E2D2DE56989}.ini
[2010/06/25 08:43:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ANIWConnService.exe
[2010/06/25 08:43:00 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{8CBC5544-B0D6-44F4-85F5-3E2D2DE56989}
[2010/06/25 08:42:42 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\wlanapp.dll
[2010/06/25 08:42:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\aIPH.dll
[2010/06/25 08:42:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2010/06/25 08:42:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AQCKGen.dll
[2010/06/25 08:42:42 | 000,045,115 | ---- | C] () -- C:\WINDOWS\System32\ANICtl.dll
[2010/06/25 08:42:12 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\ANIOApi.dll
[2010/06/25 08:42:12 | 000,016,997 | ---- | C] () -- C:\WINDOWS\System32\ANIO.VXD
[2010/06/25 08:42:11 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\ANIO64.sys
[2010/06/25 08:42:11 | 000,029,411 | ---- | C] () -- C:\WINDOWS\System32\ANIO.sys
[2010/06/25 08:41:53 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\ANIOWPS.dll
[2010/06/25 08:41:53 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\ANIWPS.exe
[2010/06/25 08:41:49 | 000,001,425 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wireless Connection Manager.lnk
[2010/06/17 15:55:54 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/17 15:55:54 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At99.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At98.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At97.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At120.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At119.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At118.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At117.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At116.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At115.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At114.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At113.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At112.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At111.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At110.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At109.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At108.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At107.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At106.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At105.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At104.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At103.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At102.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At101.job
[2010/06/17 11:12:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At100.job
[2010/06/16 13:46:34 | 009,437,184 | ---- | C] () -- C:\Documents and Settings\B\ntuser.dat
[2010/06/16 08:25:16 | 000,004,360 | ---- | C] () -- C:\Documents and Settings\B\My Documents\cc_20100616_092509.reg
[2010/05/28 20:15:17 | 000,000,921 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Sothink Movie DVD Maker.lnk
[2010/05/25 15:49:13 | 000,004,518 | ---- | C] () -- C:\Documents and Settings\B\My Documents\cc_20100525_164909.reg
[2010/05/21 22:38:39 | 000,004,672 | ---- | C] () -- C:\Documents and Settings\B\My Documents\cc_20100521_233835.reg
[2010/05/21 02:15:16 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100521-031516.backup
[2010/05/21 02:05:09 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/05/21 02:05:09 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\B\Desktop\Spybot - Search & Destroy.lnk
[2010/05/21 01:57:40 | 000,000,670 | ---- | C] () -- C:\Documents and Settings\B\Desktop\SpywareGuard LiveUpdate.lnk
[2010/05/21 01:57:40 | 000,000,650 | ---- | C] () -- C:\Documents and Settings\B\Start Menu\Programs\Startup\SpywareGuard.lnk
[2010/05/21 01:57:40 | 000,000,638 | ---- | C] () -- C:\Documents and Settings\B\Desktop\SpywareGuard.lnk
[2010/05/21 01:54:03 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\B\Desktop\SpywareBlaster.lnk
[2010/05/21 01:52:09 | 000,002,439 | ---- | C] () -- C:\Documents and Settings\B\Desktop\HiJackThis.lnk
[2010/05/08 19:50:55 | 000,000,380 | ---- | C] () -- C:\Documents and Settings\B\My Documents\cc_20100508_205054.reg
[2010/04/27 09:01:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/26 21:38:57 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2010/04/26 21:38:57 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2010/04/26 21:38:57 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2010/04/26 21:38:57 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2010/04/26 21:38:57 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2010/04/26 21:38:57 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2010/04/26 21:38:56 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2010/04/26 21:38:56 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2010/04/26 21:38:56 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2010/04/26 21:38:56 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2010/04/26 21:38:56 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2010/04/26 21:38:56 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2010/04/26 21:38:56 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2010/04/26 21:38:56 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2010/04/26 21:38:56 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2010/04/26 21:38:56 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2010/04/26 21:38:55 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2010/04/26 21:38:55 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2010/04/26 21:38:55 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2010/04/26 21:38:55 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2010/04/26 21:38:55 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2010/04/26 21:38:55 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2010/04/26 21:38:55 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2010/04/26 21:38:55 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2010/04/26 21:36:34 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010/04/26 21:36:34 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010/04/26 21:36:34 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010/04/26 21:36:34 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010/04/26 21:36:33 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010/04/26 21:36:32 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010/04/26 21:36:32 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010/04/26 21:36:31 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010/04/26 21:36:30 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010/04/26 21:36:25 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010/04/26 21:36:21 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010/04/26 21:36:17 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010/04/26 21:36:15 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010/04/26 21:36:12 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010/04/26 21:36:12 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010/04/26 21:36:12 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010/04/26 21:36:11 | 000,010,208 | -HS- | C] () -- C:\Documents and Settings\B\Local Settings\Application Data\KLry0l
[2010/04/26 21:36:11 | 000,010,208 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KLry0l
[2010/04/26 21:36:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010/04/26 21:36:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010/04/26 21:36:11 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010/04/26 21:36:10 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010/04/26 21:36:10 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010/04/26 21:36:09 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010/04/26 21:36:09 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010/04/26 21:36:08 | 000,000,380 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010/04/13 16:35:47 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/04/02 03:44:37 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2010/04/01 17:32:05 | 000,003,284 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCS{B2BE880B-E430-4247-A2CD-48C7E0FC7355}
[2010/04/01 17:31:17 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{B2BE880B-E430-4247-A2CD-48C7E0FC7355}
[2010/04/01 17:02:43 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010/03/25 23:09:43 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\310-LOAN Bank Statement Capture.lnk
[2010/03/19 20:27:00 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/02/17 17:17:48 | 001,594,318 | ---- | C] () -- C:\Documents and Settings\B\My Documents\paintbyMattyF.bmp
[2010/02/15 03:31:21 | 000,002,118 | ---- | C] () -- C:\Documents and Settings\B\My Documents\Document.rtf
[2010/02/05 20:11:51 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\SantSvc.exe
[2010/02/05 20:11:36 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\SantFilt.sys
[2010/02/05 20:11:36 | 000,000,638 | ---- | C] () -- C:\WINDOWS\setup.iss
[2010/01/01 15:45:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\FOXIT_PDF
[2010/01/01 15:45:32 | 000,016,315 | ---- | C] () -- C:\Documents and Settings\B\My Documents\091224_183003_SMS - Notepad.pdf
[2009/12/26 11:43:02 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/14 01:57:40 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\DVD Shrink 3.2.lnk
[2009/11/21 13:40:56 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\B\Local Settings\Application Data\fusioncache.dat
[2009/11/21 13:40:54 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\310-LOAN Bank Statement Capture.lnk
[2009/11/21 13:36:36 | 000,016,672 | ---- | C] () -- C:\Documents and Settings\B\My Documents\loanagreement.rtf
[2009/11/12 09:35:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\B\Application Data\wklnhst.dat
[2009/11/09 16:29:10 | 000,017,728 | ---- | C] () -- C:\Documents and Settings\B\My Documents\ASTULog.cab
[2009/11/09 16:28:54 | 000,017,728 | ---- | C] () -- C:\WINDOWS\System32\ASTULog.cab
[2009/11/09 16:28:54 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\setup.inf
[2009/11/09 16:28:54 | 000,000,283 | ---- | C] () -- C:\WINDOWS\System32\setup.rpt
[2009/11/09 16:17:02 | 000,000,428 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2009/11/09 16:07:54 | 000,102,445 | ---- | C] () -- C:\WINDOWS\System32\ASTULog.cju
[2009/11/09 03:05:09 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\B\Application Data\$_hpcst$.hpc
[2009/11/01 22:22:14 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/29 21:15:31 | 000,000,061 | ---- | C] () -- C:\WINDOWS\WNGYBB.PFL
[2009/10/29 21:13:45 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\AegisI5.exe
[2009/10/13 16:18:16 | 000,000,901 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2009/10/13 09:01:47 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/10/12 16:34:09 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\B\default.pls
[2009/10/12 14:46:23 | 000,001,196 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2009/10/12 13:05:04 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2009/10/10 12:49:33 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2009/10/10 00:42:34 | 000,000,414 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{70A47AB3-85DF-47CA-9AB3-B3470F78DCDD}.job
[2009/10/09 22:05:10 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\CPUID HWMonitor.lnk
[2009/10/09 22:05:03 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
[2009/10/09 22:04:56 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2009/10/09 22:04:53 | 000,001,578 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\LimeWire 5.3.6.lnk
[2009/10/06 16:18:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/10/06 16:12:27 | 000,054,521 | ---- | C] () -- C:\Documents and Settings\B\CCCInstall_200910061712272656.log
[2009/10/06 09:24:26 | 000,000,414 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9290B7CE-3883-4F80-A67E-668F8186D5E1}.job
[2009/10/06 00:56:36 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/05 23:45:19 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk
[2009/10/05 14:00:49 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2009/10/04 13:27:46 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2009/10/04 13:15:59 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2009/10/04 13:09:35 | 000,003,888 | ---- | C] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-0000000A-00001102-00000002-80661102}.rfx
[2009/10/04 13:09:35 | 000,003,888 | ---- | C] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-0000000A-00001102-00000002-80661102}.rfx
[2009/10/04 13:03:40 | 002,259,067 | ---- | C] () -- C:\WINDOWS\System32\default.ecw
[2009/10/04 13:03:40 | 000,251,970 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2009/10/04 13:03:40 | 000,189,490 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2009/10/04 13:03:40 | 000,114,972 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2009/10/04 13:03:40 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2009/10/04 13:03:40 | 000,004,398 | ---- | C] () -- C:\WINDOWS\System32\SBLive.ico
[2009/10/04 13:03:40 | 000,003,126 | ---- | C] () -- C:\WINDOWS\System32\Live.bmp
[2009/10/03 18:53:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2009/10/03 18:53:29 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009/10/03 18:53:29 | 000,141,016 | ---- | C] () -- C:\WINDOWS\System32\ALSNDMGR.WAV
[2009/10/03 18:44:37 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/03 18:16:50 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/09/26 18:30:28 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2009/09/26 18:30:05 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\B\ntuser.ini
[2009/09/26 18:30:04 | 000,241,664 | -H-- | C] () -- C:\Documents and Settings\B\ntuser.dat.LOG
[2009/09/26 18:26:11 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2009/09/26 18:25:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/26 18:24:48 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2009/09/26 18:23:58 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2009/09/26 18:23:58 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2009/09/26 18:23:57 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2009/09/26 18:23:26 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2009/09/26 18:23:25 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2009/09/26 18:23:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2009/09/26 18:23:12 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2009/09/26 18:23:10 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2009/09/26 18:22:58 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2009/09/26 18:22:51 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2009/09/26 18:22:46 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2009/09/26 18:22:25 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2009/09/26 18:22:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2009/09/26 18:22:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2009/09/26 18:22:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2009/09/26 18:22:20 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2009/09/26 18:22:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2009/09/26 18:22:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2009/09/26 18:22:19 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2009/09/26 18:22:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2009/09/26 18:22:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2009/09/26 18:22:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2009/09/26 18:22:18 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2009/09/26 18:22:18 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2009/09/26 18:22:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2009/09/26 18:22:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2009/09/26 18:22:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2009/09/26 18:22:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2009/09/26 18:22:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2009/09/26 18:22:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2009/09/26 18:22:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2009/09/26 18:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2009/09/26 18:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2009/09/26 18:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2009/09/26 18:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2009/09/26 18:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2009/09/26 18:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2009/09/26 18:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2009/09/26 18:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2009/09/26 18:22:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2009/09/26 18:22:16 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2009/09/26 18:22:16 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2009/09/26 18:22:16 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2009/09/26 18:22:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2009/09/26 18:22:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2009/09/26 18:22:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2009/09/26 18:22:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2009/09/26 18:22:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2009/09/26 18:22:15 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2009/09/26 18:22:15 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2009/09/26 18:22:15 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2009/09/26 18:22:15 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2009/09/26 18:22:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2009/09/26 18:22:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2009/09/26 18:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2009/09/26 18:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2009/09/26 18:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2009/09/26 18:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2009/09/26 18:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2009/09/26 18:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2009/09/26 18:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2009/09/26 18:22:14 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2009/09/26 18:22:13 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2009/09/26 18:22:13 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2009/09/26 18:22:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2009/09/26 18:22:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2009/09/26 18:22:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2009/09/26 18:22:13 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2009/09/26 18:22:12 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2009/09/26 18:22:12 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2009/09/26 18:22:11 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2009/09/26 18:22:11 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2009/09/26 18:21:06 | 000,002,626 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/09/26 18:20:54 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2009/09/26 18:20:54 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2009/09/26 18:20:51 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2009/09/26 18:19:01 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2009/09/26 18:19:01 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2009/09/26 18:18:51 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2009/09/26 18:18:19 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2009/09/26 18:18:06 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2009/09/26 18:18:06 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2009/09/26 18:18:01 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2009/09/26 18:17:27 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2009/09/26 18:16:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/26 18:15:15 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2009/09/26 18:15:15 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2009/09/26 18:15:15 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2009/09/26 18:15:15 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2009/09/26 18:15:15 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2009/09/26 18:15:15 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2009/09/26 18:15:15 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2009/09/26 18:15:15 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2009/09/26 18:15:15 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2009/09/26 18:15:15 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2009/09/26 18:15:15 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2009/09/26 18:15:14 | 000,093,702 | ---- | C] () -- C:\WINDOWS\System32\subrange.uce
[2009/09/26 18:15:14 | 000,060,458 | ---- | C] () -- C:\WINDOWS\System32\ideograf.uce
[2009/09/26 18:15:14 | 000,024,006 | ---- | C] () -- C:\WINDOWS\System32\gb2312.uce
[2009/09/26 18:15:14 | 000,022,984 | ---- | C] () -- C:\WINDOWS\System32\bopomofo.uce
[2009/09/26 18:15:14 | 000,016,740 | ---- | C] () -- C:\WINDOWS\System32\shiftjis.uce
[2009/09/26 18:15:14 | 000,012,876 | ---- | C] () -- C:\WINDOWS\System32\korean.uce
[2009/09/26 18:15:14 | 000,008,484 | ---- | C] () -- C:\WINDOWS\System32\kanji_2.uce
[2009/09/26 18:15:14 | 000,006,948 | ---- | C] () -- C:\WINDOWS\System32\kanji_1.uce
[2009/09/26 18:15:12 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2009/09/26 18:15:12 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2009/09/26 18:15:11 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2009/09/26 18:15:06 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2009/09/26 18:07:54 | 000,004,653 | ---- | C] () -- C:\WINDOWS\System32\tsgqec.zcf
[2009/09/26 13:54:58 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2009/09/26 13:49:15 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2009/09/26 13:49:14 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2009/09/26 13:49:14 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2009/09/26 13:49:14 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2009/09/26 13:49:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28603.nls
[2009/09/26 13:49:11 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28603.nls
[2009/09/26 13:49:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_857.nls
[2009/09/26 13:49:10 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_857.nls
[2009/09/26 13:49:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28599.nls
[2009/09/26 13:49:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28599.nls
[2009/09/26 13:49:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10081.nls
[2009/09/26 13:49:10 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10081.nls
[2009/09/26 13:49:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28595.nls
[2009/09/26 13:49:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28595.NLS
[2009/09/26 13:49:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10017.nls
[2009/09/26 13:49:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10017.nls
[2009/09/26 13:49:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10007.nls
[2009/09/26 13:49:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10007.nls
[2009/09/26 13:49:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_869.nls
[2009/09/26 13:49:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_869.nls
[2009/09/26 13:49:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_875.nls
[2009/09/26 13:49:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_875.nls
[2009/09/26 13:49:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28597.nls
[2009/09/26 13:49:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28597.NLS
[2009/09/26 13:49:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10006.nls
[2009/09/26 13:49:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10006.nls
[2009/09/26 13:49:06 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_737.nls
[2009/09/26 13:49:06 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_737.nls
[2009/09/26 13:49:05 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_866.nls
[2009/09/26 13:49:05 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_866.nls
[2009/09/26 13:49:05 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_855.nls
[2009/09/26 13:49:05 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_855.nls
[2009/09/26 13:49:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28594.nls
[2009/09/26 13:49:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\C_28594.NLS
[2009/09/26 13:49:04 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_852.nls
[2009/09/26 13:49:04 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_852.nls
[2009/09/26 13:49:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10082.nls
[2009/09/26 13:49:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10082.nls
[2009/09/26 13:49:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10029.nls
[2009/09/26 13:49:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10029.nls
[2009/09/26 13:49:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10010.nls
[2009/09/26 13:49:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10010.nls
[2009/09/26 13:49:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20127.nls
[2009/09/26 13:49:02 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20127.nls
[2009/09/26 13:48:59 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2009/09/26 13:48:43 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2009/09/26 13:48:43 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2009/09/26 13:48:43 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2009/09/26 13:48:43 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2009/09/26 13:48:43 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2009/09/26 13:48:43 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2009/09/26 13:48:43 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2009/09/26 13:48:43 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2009/09/26 13:48:43 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2009/09/26 13:48:43 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2009/09/26 13:48:43 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2009/09/26 13:48:43 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2009/09/26 13:48:43 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2009/09/26 13:48:42 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2009/09/26 13:48:42 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2009/09/26 13:48:42 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2009/09/26 13:48:42 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2009/09/26 13:48:41 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2009/09/26 13:48:41 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2009/09/26 13:47:54 | 000,173,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/26 13:46:59 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2009/09/26 13:46:53 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2009/09/26 13:07:07 | 000,086,061 | ---- | C] () -- C:\WINDOWS\System32\c_869.yhg
[2009/02/12 21:20:42 | 000,005,630 | ---- | C] () -- C:\WINDOWS\System32\IE8Eula.rtf
[2009/01/07 17:20:36 | 000,066,384 | ---- | C] () -- C:\WINDOWS\System32\normnfkc.nls
[2009/01/07 17:20:36 | 000,060,294 | ---- | C] () -- C:\WINDOWS\System32\normnfkd.nls
[2009/01/07 17:20:36 | 000,059,342 | ---- | C] () -- C:\WINDOWS\System32\normidna.nls
[2009/01/07 17:20:36 | 000,045,794 | ---- | C] () -- C:\WINDOWS\System32\normnfc.nls
[2009/01/07 17:20:36 | 000,039,284 | ---- | C] () -- C:\WINDOWS\System32\normnfd.nls
[2009/01/07 17:20:20 | 000,008,798 | ---- | C] () -- C:\WINDOWS\System32\icrav03.rat
[2009/01/07 17:20:20 | 000,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat
[2008/04/14 07:07:00 | 000,221,229 | ---- | C] () -- C:\WINDOWS\System32\storage.jux
[2008/04/14 07:07:00 | 000,217,133 | ---- | C] () -- C:\WINDOWS\System32\msvcp50.mxw
[2008/04/14 07:07:00 | 000,102,444 | ---- | C] () -- C:\WINDOWS\System32\msscript.xgd
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.bin
[2008/04/14 07:00:00 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls
[2008/04/14 07:00:00 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\dllcache\gm.dls
[2008/04/14 07:00:00 | 001,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2008/04/14 07:00:00 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu
[2008/04/14 07:00:00 | 001,291,776 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008/04/14 07:00:00 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld
[2008/04/14 07:00:00 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu
[2008/04/14 07:00:00 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2008/04/14 07:00:00 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve
[2008/04/14 07:00:00 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita
[2008/04/14 07:00:00 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2008/04/14 07:00:00 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2008/04/14 07:00:00 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra
[2008/04/14 07:00:00 | 000,785,972 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2008/04/14 07:00:00 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn
[2008/04/14 07:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mlang.dat
[2008/04/14 07:00:00 | 000,562,176 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2008/04/14 07:00:00 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2008/04/14 07:00:00 | 000,482,372 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,461,672 | ---- | C] () -- C:\WINDOWS\System32\dllcache\micross.ttf
[2008/04/14 07:00:00 | 000,395,292 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008/04/14 07:00:00 | 000,386,048 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2008/04/14 07:00:00 | 000,383,804 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tahoma.ttf
[2008/04/14 07:00:00 | 000,355,680 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tahomabd.ttf
[2008/04/14 07:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll
[2008/04/14 07:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tshoot.dll
[2008/04/14 07:00:00 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,270,848 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2008/04/14 07:00:00 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls
[2008/04/14 07:00:00 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\dllcache\locale.nls
[2008/04/14 07:00:00 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\sortkey.nls
[2008/04/14 07:00:00 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sortkey.nls
[2008/04/14 07:00:00 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compatui.dll
[2008/04/14 07:00:00 | 000,250,048 | RHS- | C] () -- C:\ntldr
[2008/04/14 07:00:00 | 000,240,120 | ---- | C] () -- C:\WINDOWS\System32\setup.bmp
[2008/04/14 07:00:00 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wstrendr.ax
[2008/04/14 07:00:00 | 000,239,616 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2008/04/14 07:00:00 | 000,218,134 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,204,396 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2008/04/14 07:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_950.nls
[2008/04/14 07:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_950.nls
[2008/04/14 07:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_949.nls
[2008/04/14 07:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_949.nls
[2008/04/14 07:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_936.nls
[2008/04/14 07:00:00 | 000,196,642 | ---- | C] () -- C:\WINDOWS\System32\c_936.nls
[2008/04/14 07:00:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2008/04/14 07:00:00 | 000,186,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2008/04/14 07:00:00 | 000,167,219 | ---- | C] () -- C:\WINDOWS\System32\pagefileconfig.vbs
[2008/04/14 07:00:00 | 000,167,219 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pagefile.vbs
[2008/04/14 07:00:00 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2008/04/14 07:00:00 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wstpager.ax
[2008/04/14 07:00:00 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_932.nls
[2008/04/14 07:00:00 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\c_932.nls
[2008/04/14 07:00:00 | 000,152,844 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framdit.ttf
[2008/04/14 07:00:00 | 000,149,848 | ---- | C] () -- C:\WINDOWS\System32\noise.deu
[2008/04/14 07:00:00 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2008/04/14 07:00:00 | 000,148,992 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2008/04/14 07:00:00 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20261.nls
[2008/04/14 07:00:00 | 000,139,810 | ---- | C] () -- C:\WINDOWS\System32\c_20261.nls
[2008/04/14 07:00:00 | 000,135,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\framd.ttf
[2008/04/14 07:00:00 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi
[2008/04/14 07:00:00 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2data.ax
[2008/04/14 07:00:00 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2008/04/14 07:00:00 | 000,102,446 | ---- | C] () -- C:\WINDOWS\System32\net.hlp
[2008/04/14 07:00:00 | 000,097,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs
[2008/04/14 07:00:00 | 000,097,965 | ---- | C] () -- C:\WINDOWS\System32\eventquery.vbs
[2008/04/14 07:00:00 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\unicode.nls
[2008/04/14 07:00:00 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\dllcache\unicode.nls
[2008/04/14 07:00:00 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi
[2008/04/14 07:00:00 | 000,081,180 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,080,546 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
[2008/04/14 07:00:00 | 000,072,387 | ---- | C] () -- C:\WINDOWS\System32\dllcache\archvapp.inf
[2008/04/14 07:00:00 | 000,071,859 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm
[2008/04/14 07:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2008/04/14 07:00:00 | 000,069,886 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_874.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_874.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_865.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_865.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_863.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_863.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_861.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_861.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_860.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_860.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_850.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_850.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_775.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_775.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_437.nls
[2008/04/14 07:00:00 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\c_437.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_500.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_500.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28605.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28605.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28598.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28598.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28593.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28593.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28592.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28592.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28591.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_28591.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21866.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_21866.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20905.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20905.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20866.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_20866.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1258.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1258.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1257.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1257.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1256.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1256.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1255.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1255.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1254.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1254.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1253.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1253.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1252.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1252.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1251.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1251.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1250.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1250.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1026.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1026.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10079.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10079.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10000.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_10000.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_037.nls
[2008/04/14 07:00:00 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_037.nls
[2008/04/14 07:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve
[2008/04/14 07:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld
[2008/04/14 07:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita
[2008/04/14 07:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra
[2008/04/14 07:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn
[2008/04/14 07:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu
[2008/04/14 07:00:00 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu
[2008/04/14 07:00:00 | 000,061,172 | ---- | C] () -- C:\WINDOWS\System32\cmmgr32.hlp
[2008/04/14 07:00:00 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2008/04/14 07:00:00 | 000,059,167 | ---- | C] () -- C:\WINDOWS\System\setup.inf
[2008/04/14 07:00:00 | 000,058,273 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc
[2008/04/14 07:00:00 | 000,057,667 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2008/04/14 07:00:00 | 000,056,678 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc
[2008/04/14 07:00:00 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2008/04/14 07:00:00 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dosx.exe
[2008/04/14 07:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbicodec.ax
[2008/04/14 07:00:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax
[2008/04/14 07:00:00 | 000,050,620 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2008/04/14 07:00:00 | 000,049,196 | ---- | C] () -- C:\WINDOWS\System32\noise.fra
[2008/04/14 07:00:00 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif
[2008/04/14 07:00:00 | 000,047,564 | RHS- | C] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,046,133 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2008/04/14 07:00:00 | 000,044,451 | R--- | C] () -- C:\WINDOWS\System32\rsop.msc
[2008/04/14 07:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2008/04/14 07:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2008/04/14 07:00:00 | 000,042,339 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc
[2008/04/14 07:00:00 | 000,042,166 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc
[2008/04/14 07:00:00 | 000,041,762 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc
[2008/04/14 07:00:00 | 000,041,397 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc
[2008/04/14 07:00:00 | 000,040,505 | ---- | C] () -- C:\WINDOWS\System32\cmdlib.wsc
[2008/04/14 07:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\wiasf.ax
[2008/04/14 07:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wiasf.ax
[2008/04/14 07:00:00 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2008/04/14 07:00:00 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2008/04/14 07:00:00 | 000,038,302 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc
[2008/04/14 07:00:00 | 000,036,364 | ---- | C] () -- C:\WINDOWS\System32\secpol.msc
[2008/04/14 07:00:00 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\intelppm.sys
[2008/04/14 07:00:00 | 000,035,755 | ---- | C] () -- C:\WINDOWS\System32\prncnfg.vbs
[2008/04/14 07:00:00 | 000,035,755 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs
[2008/04/14 07:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio411.sys
[2008/04/14 07:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio412.sys
[2008/04/14 07:00:00 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2008/04/14 07:00:00 | 000,034,871 | ---- | C] () -- C:\WINDOWS\System32\gpedit.msc
[2008/04/14 07:00:00 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sniffpol.dll
[2008/04/14 07:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio804.sys
[2008/04/14 07:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio404.sys
[2008/04/14 07:00:00 | 000,033,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntio.sys
[2008/04/14 07:00:00 | 000,033,673 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc
[2008/04/14 07:00:00 | 000,033,464 | ---- | C] () -- C:\WINDOWS\System32\services.msc
[2008/04/14 07:00:00 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sstub.dll
[2008/04/14 07:00:00 | 000,033,079 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc
[2008/04/14 07:00:00 | 000,032,968 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2008/04/14 07:00:00 | 000,032,760 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc
[2008/04/14 07:00:00 | 000,032,674 | ---- | C] () -- C:\WINDOWS\System32\winhelp.hlp
[2008/04/14 07:00:00 | 000,032,546 | ---- | C] () -- C:\WINDOWS\System32\prnmngr.vbs
[2008/04/14 07:00:00 | 000,032,546 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs
[2008/04/14 07:00:00 | 000,029,454 | ---- | C] () -- C:\WINDOWS\System32\prnport.vbs
[2008/04/14 07:00:00 | 000,029,454 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnport.vbs
[2008/04/14 07:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys
[2008/04/14 07:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys
[2008/04/14 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys
[2008/04/14 07:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom
[2008/04/14 07:00:00 | 000,027,866 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntdos.sys
[2008/04/14 07:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\dllcache\country.sys
[2008/04/14 07:00:00 | 000,026,209 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2008/04/14 07:00:00 | 000,025,415 | ---- | C] () -- C:\WINDOWS\System32\prndrvr.vbs
[2008/04/14 07:00:00 | 000,025,415 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs
[2008/04/14 07:00:00 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\geo.nls
[2008/04/14 07:00:00 | 000,024,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\geo.nls
[2008/04/14 07:00:00 | 000,024,124 | ---- | C] () -- C:\WINDOWS\System32\dllcache\marlett.ttf
[2008/04/14 07:00:00 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2008/04/14 07:00:00 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sorttbls.nls
[2008/04/14 07:00:00 | 000,021,527 | ---- | C] () -- C:\WINDOWS\System32\prnjobs.vbs
[2008/04/14 07:00:00 | 000,021,527 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs
[2008/04/14 07:00:00 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro
[2008/04/14 07:00:00 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2008/04/14 07:00:00 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2008/04/14 07:00:00 | 000,019,694 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2008/04/14 07:00:00 | 000,019,684 | ---- | C] () -- C:\WINDOWS\System32\noise.esn
[2008/04/14 07:00:00 | 000,019,618 | ---- | C] () -- C:\WINDOWS\System32\noise.ita
[2008/04/14 07:00:00 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom
[2008/04/14 07:00:00 | 000,015,860 | ---- | C] () -- C:\WINDOWS\System32\prnqctl.vbs
[2008/04/14 07:00:00 | 000,015,860 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs
[2008/04/14 07:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tsd32.dll
[2008/04/14 07:00:00 | 000,014,710 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2008/04/14 07:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2008/04/14 07:00:00 | 000,013,730 | ---- | C] () -- C:\WINDOWS\System32\noise.sve
[2008/04/14 07:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\win87em.dll
[2008/04/14 07:00:00 | 000,013,256 | ---- | C] () -- C:\WINDOWS\System32\noise.nld
[2008/04/14 07:00:00 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2008/04/14 07:00:00 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2008/04/14 07:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2008/04/14 07:00:00 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2008/04/14 07:00:00 | 000,011,753 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2008/04/14 07:00:00 | 000,010,790 | ---- | C] () -- C:\WINDOWS\System32\edit.hlp
[2008/04/14 07:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll
[2008/04/14 07:00:00 | 000,009,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[2008/04/14 07:00:00 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2008/04/14 07:00:00 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2008/04/14 07:00:00 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2008/04/14 07:00:00 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ctype.nls
[2008/04/14 07:00:00 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\ctype.nls
[2008/04/14 07:00:00 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom
[2008/04/14 07:00:00 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2008/04/14 07:00:00 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\secupd.sig
[2008/04/14 07:00:00 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\services
[2008/04/14 07:00:00 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2008/04/14 07:00:00 | 000,007,052 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe
[2008/04/14 07:00:00 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\l_intl.nls
[2008/04/14 07:00:00 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\l_intl.nls
[2008/04/14 07:00:00 | 000,006,761 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig
[2008/04/14 07:00:00 | 000,006,761 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.sig
[2008/04/14 07:00:00 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx
[2008/04/14 07:00:00 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\dllcache\secupd.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\dllcache\oembios.dat
[2008/04/14 07:00:00 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2008/04/14 07:00:00 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp
[2008/04/14 07:00:00 | 000,004,126 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxmlc.dll
[2008/04/14 07:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm
[2008/04/14 07:00:00 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs
[2008/04/14 07:00:00 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs
[2008/04/14 07:00:00 | 000,003,683 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam
[2008/04/14 07:00:00 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep
[2008/04/14 07:00:00 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2008/04/14 07:00:00 | 000,003,338 | ---- | C] () -- C:\WINDOWS\System32\dllcache\redir.exe
[2008/04/14 07:00:00 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe
[2008/04/14 07:00:00 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nw16.exe
[2008/04/14 07:00:00 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep
[2008/04/14 07:00:00 | 000,003,178 | ---- | C] () -- C:\WINDOWS\System32\rsvpcnts.h
[2008/04/14 07:00:00 | 000,003,167 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat
[2008/04/14 07:00:00 | 000,003,010 | ---- | C] () -- C:\WINDOWS\System32\pschdcnt.h
[2008/04/14 07:00:00 | 000,002,755 | ---- | C] () -- C:\WINDOWS\System32\mqprfsym.h
[2008/04/14 07:00:00 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520850.cpx
[2008/04/14 07:00:00 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx
[2008/04/14 07:00:00 | 000,002,206 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2008/04/14 07:00:00 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\dllcache\12520437.cpx
[2008/04/14 07:00:00 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx
[2008/04/14 07:00:00 | 000,001,818 | ---- | C] () -- C:\WINDOWS\System32\rasctrnm.h
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.cht
[2008/04/14 07:00:00 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.chs
[2008/04/14 07:00:00 | 000,001,492 | ---- | C] () -- C:\WINDOWS\System32\mmdriver.inf
[2008/04/14 07:00:00 | 000,001,131 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2008/04/14 07:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe
[2008/04/14 07:00:00 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe
[2008/04/14 07:00:00 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/04/14 07:00:00 | 000,000,974 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pid.inf
[2008/04/14 07:00:00 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf
[2008/04/14 07:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2008/04/14 07:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\share.exe
[2008/04/14 07:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2008/04/14 07:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2008/04/14 07:00:00 | 000,000,862 | ---- | C] () -- C:\WINDOWS\System32\termcap
[2008/04/14 07:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2008/04/14 07:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2008/04/14 07:00:00 | 000,000,799 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\protocol
[2008/04/14 07:00:00 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.enu
[2008/04/14 07:00:00 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.eng
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/14 07:00:00 | 000,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif
[2008/04/14 07:00:00 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.tha
[2008/04/14 07:00:00 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\login.cmd
[2008/04/14 07:00:00 | 000,000,435 | ---- | C] () -- C:\WINDOWS\System32\perfwci.h
[2008/04/14 07:00:00 | 000,000,427 | ---- | C] () -- C:\WINDOWS\System32\perfci.h
[2008/04/14 07:00:00 | 000,000,407 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\networks
[2008/04/14 07:00:00 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\l_except.nls
[2008/04/14 07:00:00 | 000,000,168 | ---- | C] () -- C:\WINDOWS\System32\dllcache\l_except.nls
[2008/04/14 07:00:00 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\perffilt.h
[2008/04/14 07:00:00 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep
[2008/04/14 07:00:00 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd
[2008/04/14 07:00:00 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2008/04/14 07:00:00 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\View Channels.scf
[2008/04/14 07:00:00 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram
[2008/04/14 07:00:00 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2005/09/15 14:35:46 | 000,000,050 | ---- | C] () -- C:\WINDOWS\UNNeroMediaHome.cfg
[2005/08/30 21:37:52 | 000,000,050 | ---- | C] () -- C:\WINDOWS\UNNeroVision.cfg
[2005/08/30 21:37:04 | 000,000,050 | ---- | C] () -- C:\WINDOWS\UNNeroShowTime.cfg
[2005/08/30 21:36:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\UNRecode.cfg
[2005/08/30 21:33:38 | 000,000,050 | ---- | C] () -- C:\WINDOWS\UNNeroBackItUp.cfg
[2003/01/02 07:09:14 | 000,000,253 | ---- | C] () -- C:\Documents and Settings\B\Application Data\ANICONFIG_{B2BE880B-E430-4247-A2CD-48C7E0FC7355}.ini
[2003/01/01 15:53:25 | 000,216,416 | ---- | C] () -- C:\WINDOWS\System32\shellextlib.tlb
[2003/01/01 14:45:51 | 000,006,096 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2003/01/01 06:48:38 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2003/01/01 06:30:24 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\B\Desktop\NTREGOPT.lnk
[2003/01/01 06:30:23 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\B\Desktop\ERUNT.lnk
[2003/01/01 05:17:46 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2003/01/01 05:11:56 | 000,001,120 | ---- | C] () -- C:\Documents and Settings\B\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero Home.lnk
[2003/01/01 05:09:49 | 000,395,292 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2003/01/01 01:46:17 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\B\My Documents\DrWebscan1.csv
[2003/01/01 00:38:47 | 000,010,376 | ---- | C] () -- C:\Documents and Settings\B\My Documents\cc_20030101_003846.reg
[2003/01/01 00:24:31 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2003/01/01 00:24:31 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2003/01/01 00:24:31 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2003/01/01 00:24:31 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2003/01/01 00:24:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/01/01 00:24:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2002/12/31 23:22:48 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\20031Y.dat
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At96.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At95.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At94.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At93.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At92.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At91.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At90.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At89.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At88.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At87.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At86.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At85.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At84.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At83.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At82.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At81.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At80.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At79.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At78.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At77.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At76.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At75.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At74.job
[2002/12/31 23:22:44 | 000,000,416 | ---- | C] () -- C:\WINDOWS\tasks\At73.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At72.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At71.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At70.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At69.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At68.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At67.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At66.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At65.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At64.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At63.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At62.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At61.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At60.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At59.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At58.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At57.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At56.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At55.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At54.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At53.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At52.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At51.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At50.job
[2002/12/31 23:20:12 | 000,000,342 | ---- | C] () -- C:\WINDOWS\tasks\At49.job
[2002/12/31 23:10:28 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2002/12/31 21:32:25 | 000,005,660 | ---- | C] () -- C:\Documents and Settings\B\My Documents\cc_20021231_213222.reg

========== LOP Check ==========

[2003/01/01 06:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/10/29 21:13:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Prism
[2010/06/16 08:23:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/26 21:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\D36F17A64137DE4386AB5DCDFD0BF596
[2010/06/19 11:50:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Facebook
[2009/10/13 16:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Foxit
[2009/10/25 06:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Foxit Software
[2010/05/06 22:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\GARMIN
[2010/06/29 08:53:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\LimeWire
[2009/11/01 22:31:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\MSNInstaller
[2009/10/14 21:49:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\OpenOffice.org
[2009/11/12 09:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\Template
[2010/06/25 22:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\B\Application Data\uTorrent
[2010/06/28 23:02:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/06/29 08:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At10.job
[2010/06/29 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At100.job
[2010/06/29 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At101.job
[2010/06/29 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At102.job
[2010/06/29 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At103.job
[2010/06/29 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At104.job
[2010/06/29 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At105.job
[2010/06/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At106.job
[2010/06/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At107.job
[2010/06/29 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At108.job
[2010/06/29 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At109.job
[2010/06/29 09:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2010/06/29 12:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At110.job
[2010/06/29 13:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At111.job
[2010/06/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At112.job
[2010/06/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At113.job
[2010/06/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At114.job
[2010/06/29 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At115.job
[2010/06/29 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At116.job
[2010/06/29 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At117.job
[2010/06/29 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At118.job
[2010/06/29 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At119.job
[2010/06/29 10:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At12.job
[2010/06/28 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At120.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At121.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At122.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At123.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At124.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At125.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At126.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At127.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At128.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At129.job
[2010/06/29 11:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At130.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At131.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At132.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At133.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At134.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At135.job
[2010/06/29 14:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At136.job
[2010/06/29 15:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At137.job
[2010/06/29 16:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At138.job
[2010/06/29 17:23:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At139.job
[2010/06/29 12:00:02 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At14.job
[2010/06/29 18:23:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At140.job
[2010/06/29 19:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At141.job
[2010/06/29 20:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At142.job
[2010/06/29 21:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At143.job
[2010/06/29 14:01:57 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At144.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At145.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At146.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At147.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At148.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At149.job
[2010/06/29 13:00:01 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At150.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At151.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At152.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At153.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At154.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At155.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At156.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At157.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At158.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At159.job
[2010/06/29 14:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At16.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At160.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At161.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At162.job
[2010/06/29 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At163.job
[2010/06/29 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At164.job
[2010/06/29 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At165.job
[2010/06/29 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At166.job
[2010/06/29 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At167.job
[2010/06/29 16:20:24 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At168.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At169.job
[2010/06/29 15:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At170.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At171.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At172.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At173.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At174.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At175.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At176.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At177.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At178.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At179.job
[2010/06/29 16:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At18.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At180.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At181.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At182.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At183.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At184.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At185.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At186.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At187.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At188.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At189.job
[2010/06/29 17:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At190.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At191.job
[2010/06/29 21:20:29 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At192.job
[2010/06/29 00:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/06/29 18:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At20.job
[2010/06/29 19:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2010/06/29 20:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At22.job
[2010/06/29 21:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2010/06/28 22:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At24.job
[2010/06/28 23:04:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2010/06/29 00:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At26.job
[2010/06/29 01:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2010/06/29 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At28.job
[2010/06/29 03:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2010/06/29 01:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2010/06/29 04:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At30.job
[2010/06/29 05:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2010/06/29 06:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At32.job
[2010/06/29 07:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2010/06/29 08:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At34.job
[2010/06/29 09:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2010/06/29 10:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At36.job
[2010/06/29 11:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2010/06/29 12:00:03 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At38.job
[2010/06/29 13:00:01 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2010/06/29 02:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2010/06/29 14:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At40.job
[2010/06/29 15:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2010/06/29 16:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At42.job
[2010/06/29 17:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2010/06/29 18:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At44.job
[2010/06/29 19:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2010/06/29 20:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At46.job
[2010/06/29 21:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2010/06/28 22:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\At48.job
[2010/06/28 23:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At49.job
[2010/06/29 03:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2010/06/29 00:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At50.job
[2010/06/29 01:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At51.job
[2010/06/29 02:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At52.job
[2010/06/29 03:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At53.job
[2010/06/29 04:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At54.job
[2010/06/29 05:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At55.job
[2010/06/29 06:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At56.job
[2010/06/29 07:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At57.job
[2010/06/29 08:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At58.job
[2010/06/29 09:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At59.job
[2010/06/29 04:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At6.job
[2010/06/29 10:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At60.job
[2010/06/29 11:18:01 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At61.job
[2010/06/29 12:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At62.job
[2010/06/29 13:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At63.job
[2010/06/29 14:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At64.job
[2010/06/29 15:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At65.job
[2010/06/29 16:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At66.job
[2010/06/29 17:23:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At67.job
[2010/06/29 18:23:02 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At68.job
[2010/06/29 19:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At69.job
[2010/06/29 05:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2010/06/29 20:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At70.job
[2010/06/29 21:23:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At71.job
[2010/06/28 22:18:00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\Tasks\At72.job
[2010/06/28 23:42:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At73.job
[2010/06/29 00:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At74.job
[2010/06/29 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At75.job
[2010/06/29 02:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At76.job
[2010/06/29 03:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At77.job
[2010/06/29 04:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At78.job
[2010/06/29 05:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At79.job
[2010/06/29 06:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At8.job
[2010/06/29 06:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At80.job
[2010/06/29 07:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At81.job
[2010/06/29 08:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At82.job
[2010/06/29 09:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At83.job
[2010/06/29 10:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At84.job
[2010/06/29 11:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At85.job
[2010/06/29 12:00:03 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At86.job
[2010/06/29 13:00:01 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At87.job
[2010/06/29 14:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At88.job
[2010/06/29 15:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At89.job
[2010/06/29 07:00:00 | 000,000,380 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job
[2010/06/29 16:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At90.job
[2010/06/29 17:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At91.job
[2010/06/29 18:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At92.job
[2010/06/29 19:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At93.job
[2010/06/29 20:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At94.job
[2010/06/29 21:05:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At95.job
[2010/06/28 22:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At96.job
[2010/06/28 23:08:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At97.job
[2010/06/29 00:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At98.job
[2010/06/29 01:00:00 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\At99.job
[2010/06/29 20:58:13 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{70A47AB3-85DF-47CA-9AB3-B3470F78DCDD}.job
[2010/06/29 21:32:00 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{9290B7CE-3883-4F80-A67E-668F8186D5E1}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/11/09 16:46:57 | 000,030,648 | ---- | M] () -- C:\ASLog.txt
[2003/01/01 00:24:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/09/26 18:12:33 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2003/01/01 00:24:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/18 11:43:19 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2003/01/01 00:24:31 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2003/01/01 00:24:31 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/04/14 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/04/14 07:00:00 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2003/01/01 15:41:45 | 754,974,720 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/09/26 18:20:13 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.scr >
[2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/09/26 13:46:58 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/09/26 13:46:58 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/09/26 13:46:58 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 07:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 07:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-05-30 05:53:45

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >

Thanks for any help you can give me. Just let me know what I gotta do now. Thanks again!!

#6
Rorschach112

Posted 09 July 2010 - 12:50 PM

Ralphie

Retired Staff
47,710 posts

Please download HelpAsst_mebroot_fix.exe and save it to your desktop.
Close out all other open programs and windows.
Double click the file to run it and follow any prompts.
If the tool detects an mbr infection, please allow it to run mbr -f and shutdown your computer.
Upon restarting, please wait about 5 minutes, click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

*In the event the tool does not detect an mbr infection and completes, click Start>Run and type the following bolded command, then hit Enter.

mbr -f

Now, please do the Start>Run>mbr -f command a second time.
Now shut down the computer (do not restart, but shut it down), wait a few minutes then start it back up.
Give it about 5 minutes, then click Start>Run and type the following bolded command, then hit Enter.

helpasst -mbrt

Make sure you leave a space between helpasst and -mbrt !
When it completes, a log will open.
Please post the contents of that log.

**Important note to Dell users - fixing the mbr may prevent access the the Dell Restore Utility, which allows you to press a key on startup and revert your computer to a factory delivered state. There are a couple of known fixes for said condition, though the methods are somewhat advanced. If you are unwilling to take such a risk, you should not allow the tool to execute mbr -f nor execute the command manually, and you will either need to restore your computer to a factory state or allow your computer to remain having an infected mbr (the latter not recommended).

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vdfx.sys -- (vkrnqdvo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\TEMP\2C9.tmp -- ({7BBB90C3-0FF2-4D49-B2E93966CAE2C025})
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=...ISze8HTmrczXtEw
[2003/01/01 18:01:37 | 000,009,977 | ---- | M] () -- C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\csy4jfyb.default\searchplugins\mywebsearch.xml
O33 - MountPoints2\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\Shell - "" = AutoRun
O33 - MountPoints2\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\Shell\AutoRun\command - "" = F:\DYBB.exe -- File not found
[2010/06/19 14:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\B\Local Settings\Application Data\ujtwmdjux
:Files
DYBB.exe /s /alldrives
C:\WINDOWS\tasks\At*.job

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

post the log otl gives you, it should be in C:\OTL

#7
krazedchick

Posted 09 July 2010 - 02:33 PM

Member

Topic Starter
Member
12 posts

Ok so I can now load my computer without safemode.

Here is a log from the helpasst
it did detect an mbr infection first try and shutdown.

C:\Documents and Settings\B\My Documents\Downloads\HelpAsst_mebroot_fix.exe
01/01/2003 at 19:06:51.00

HelpAssistant account is Active ~ attempting to de-activate

Account active Yes
Local Group Memberships *Administrators

HelpAssistant successfully set Inactive

~~ Checking for termsrv32.dll ~~

termsrv32.dll present! ~ attempting to remove
Remove on reboot: C:\WINDOWS\system32\termsrv32.dll

~~ Checking firewall ports ~~

backing up DomainProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2963:TCP"=-
"4426:TCP"=-
"4286:TCP"=-
"7072:TCP"=-
"3389:TCP"=-
80:TCP=-
443:TCP=-
"6911:TCP"=-
"6912:TCP"=-

backing up StandardProfile\GloballyOpenPorts\List registry key
closing rogue ports

HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list
"65533:TCP"=-
"52344:TCP"=-
"2963:TCP"=-
"4426:TCP"=-
"4286:TCP"=-
"7072:TCP"=-
"3389:TCP"=-
"6911:TCP"=-
"6912:TCP"=-

~~ Checking profile list ~~

HelpAssistant profile found in registry ~ backing up and removing S-1-5-21-861567501-682003330-1606980848-1000
HelpAssistant profile directory exists at C:\Documents and Settings\HelpAssistant.BS ~ attempting to remove
~ All C:\Documents and Settings\HelpAssistant.BS files successfully removed ~

~~ Checking mbr ~~

mbr infection detected! ~ running mbr -f

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
copy of MBR has been found in sector 0x0262613A
malicious code @ sector 0x0262613D !
PE file found in sector at 0x02626153 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.
original MBR restored successfully !

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0262613A
malicious code @ sector 0x0262613D !
PE file found in sector at 0x02626153 !

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Status check on 01/01/2003 at 19:17:56.92

Account active No
Local Group Memberships

~~ Checking mbr ~~

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86624EE4]<<
kernel: MBR read successfully
user & kernel MBR OK
copy of MBR has been found in sector 0x0262613A
malicious code @ sector 0x0262613D !
PE file found in sector at 0x02626153 !

~~ Checking for termsrv32.dll ~~

termsrv32.dll not found

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\termservice\parameters
ServiceDll REG_EXPAND_SZ %systemroot%\System32\termsrv.dll

~~ Checking profile list ~~

No HelpAssistant profile in registry

~~ Checking for HelpAssistant directories ~~

HelpAssistant

~~ Checking firewall ports ~~

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
80:TCP=80:TCP:*:Enabled:Services
443:TCP=443:TCP:*:Enabled:Services

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

~~ EOF ~~

Also I did the fix in OTL and here is that log

All processes killed
========== OTL ==========
Service vkrnqdvo stopped successfully!
Service vkrnqdvo deleted successfully!
File C:\WINDOWS\System32\drivers\vdfx.sys not found.
Service {7BBB90C3-0FF2-4D49-B2E93966CAE2C025} stopped successfully!
Service {7BBB90C3-0FF2-4D49-B2E93966CAE2C025} deleted successfully!
File C:\WINDOWS\TEMP\2C9.tmp not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\csy4jfyb.default\searchplugins\mywebsearch.xml moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0d82b2e8-c372-11de-ab12-00159a10ae2d}\ not found.
File F:\DYBB.exe not found.
C:\Documents and Settings\B\Local Settings\Application Data\ujtwmdjux folder moved successfully.
========== FILES ==========
DYBB.exe not found in C:\
DYBB.exe not found in E:\
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At166.job moved successfully.
C:\WINDOWS\tasks\At167.job moved successfully.
C:\WINDOWS\tasks\At168.job moved successfully.
C:\WINDOWS\tasks\At169.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At170.job moved successfully.
C:\WINDOWS\tasks\At171.job moved successfully.
C:\WINDOWS\tasks\At172.job moved successfully.
C:\WINDOWS\tasks\At173.job moved successfully.
C:\WINDOWS\tasks\At174.job moved successfully.
C:\WINDOWS\tasks\At175.job moved successfully.
C:\WINDOWS\tasks\At176.job moved successfully.
C:\WINDOWS\tasks\At177.job moved successfully.
C:\WINDOWS\tasks\At178.job moved successfully.
C:\WINDOWS\tasks\At179.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At180.job moved successfully.
C:\WINDOWS\tasks\At181.job moved successfully.
C:\WINDOWS\tasks\At182.job moved successfully.
C:\WINDOWS\tasks\At183.job moved successfully.
C:\WINDOWS\tasks\At184.job moved successfully.
C:\WINDOWS\tasks\At185.job moved successfully.
C:\WINDOWS\tasks\At186.job moved successfully.
C:\WINDOWS\tasks\At187.job moved successfully.
C:\WINDOWS\tasks\At188.job moved successfully.
C:\WINDOWS\tasks\At189.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At190.job moved successfully.
C:\WINDOWS\tasks\At191.job moved successfully.
C:\WINDOWS\tasks\At192.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: B
->Temp folder emptied: 60010987 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 30772989 bytes
->Flash cache emptied: 434 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 832836 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 86299968 bytes

Total Files Cleaned = 170.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: B
->Flash cache emptied: 0 bytes

User: Default User

User: Guest

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.8.1 log created on 01012003_191940

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

pls let me know where to go from here. Thanks!!!

#8
Rorschach112

Posted 10 July 2010 - 08:09 AM

Ralphie

Retired Staff
47,710 posts

Download ComboFix here :

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them

Click me
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#9
krazedchick

Posted 10 July 2010 - 11:56 AM

Member

Topic Starter
Member
12 posts

Here is the combofix log

ComboFix 10-07-10.01 - B 10/07/2010 10:43:09.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.660 [GMT -7:00]
Running from: c:\documents and settings\B\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\Application Data\Windows Server
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server

Infected copy of c:\windows\system32\drivers\intelppm.sys was found and disinfected
Restored copy from - Kitty had a snack

.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-09 21:20 . 2010-07-09 21:20 -------- d-----w- c:\documents and settings\B\Application Data\Avira
2010-07-09 21:16 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-09 21:16 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-09 21:16 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-09 21:16 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-09 21:16 . 2010-07-09 21:16 -------- d-----w- c:\program files\Avira
2010-07-09 21:16 . 2010-07-09 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-01 06:01 . 2010-07-01 06:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-01 06:00 . 2003-01-01 14:26 -------- d-----w- c:\documents and settings\Administrator
2010-07-01 05:49 . 2003-01-01 14:29 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-07-01 05:49 . 2003-01-01 14:29 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-07-01 05:47 . 2010-07-01 05:47 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-07-01 05:43 . 2010-07-01 05:43 -------- d-----w- c:\documents and settings\HelpAssistant\.gstreamer-0.10
2010-07-01 05:43 . 2003-01-01 14:28 -------- d-----w- c:\documents and settings\HelpAssistant
2010-06-29 21:24 . 2010-06-29 21:24 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-25 13:43 . 2009-02-26 17:46 147456 ----a-w- c:\windows\system32\ANIWConnService.exe
2010-06-25 13:42 . 2009-04-22 14:23 270336 ----a-w- c:\windows\system32\wnicapi.dll
2010-06-25 13:42 . 2009-04-17 23:24 700416 ----a-w- c:\windows\system32\ANIWZCS2.dll
2010-06-25 13:42 . 2009-03-05 15:12 258048 ----a-w- c:\windows\system32\wlanapp.dll
2010-06-25 13:42 . 2008-11-27 22:25 204800 ----a-w- c:\windows\system32\aIPH.dll
2010-06-25 13:42 . 2008-11-27 22:22 45115 ----a-w- c:\windows\system32\ANICtl.dll
2010-06-25 13:42 . 2008-11-27 22:20 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2010-06-25 13:42 . 2005-10-27 12:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2010-06-25 13:42 . 2005-10-19 22:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2010-06-25 13:42 . 2009-02-09 22:26 315392 ----a-w- c:\windows\system32\ANIOApi.dll
2010-06-25 13:42 . 2009-02-09 22:36 48640 ----a-w- c:\windows\system32\ANIO64.sys
2010-06-25 13:42 . 2009-02-09 22:10 29411 ----a-w- c:\windows\system32\ANIO.sys
2010-06-25 13:42 . 2007-05-12 20:39 11904 ----a-w- c:\windows\system32\anio4.sys
2010-06-25 13:41 . 2008-09-25 17:16 204800 ----a-w- c:\windows\system32\ssleay32.dll
2010-06-25 13:41 . 2009-02-26 17:38 692224 ----a-w- c:\windows\system32\ANIOWPS.dll
2010-06-25 13:41 . 2009-02-26 15:22 237568 ----a-w- c:\windows\system32\ANIWPS.exe
2010-06-25 13:41 . 2008-09-25 17:15 1110016 ----a-w- c:\windows\system32\libeay32.dll
2010-06-25 13:41 . 2010-06-25 13:41 -------- d-----w- c:\documents and settings\B\Application Data\InstallShield
2010-06-19 16:50 . 2010-06-19 16:50 50354 ----a-w- c:\documents and settings\B\Application Data\Facebook\uninstall.exe
2010-06-19 16:50 . 2010-06-19 16:50 -------- d-----w- c:\documents and settings\B\Application Data\Facebook
2010-06-17 20:55 . 2008-12-08 16:53 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-17 20:55 . 2008-06-09 02:58 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-06-17 20:55 . 2010-06-17 20:55 -------- d-----w- c:\program files\ffdshow
2010-06-17 20:55 . 2010-06-17 20:55 -------- d-----w- c:\program files\Haali
2010-06-16 19:05 . 2010-06-16 19:05 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-30 02:20 . 2003-01-01 04:22 112 ----a-w- c:\documents and settings\All Users\Application Data\20031Y.dat
2010-06-29 13:53 . 2009-10-06 02:24 -------- d-----w- c:\documents and settings\B\Application Data\LimeWire
2010-06-28 21:57 . 2003-01-01 22:00 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 21:57 . 2003-01-01 22:00 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 21:37 . 2003-01-01 22:00 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 21:37 . 2003-01-01 22:00 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 21:33 . 2003-01-01 22:00 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 21:32 . 2003-01-01 22:00 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 21:32 . 2003-01-01 22:00 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 21:32 . 2003-01-01 22:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 21:32 . 2003-01-01 22:00 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-26 03:19 . 2009-10-04 18:27 -------- d-----w- c:\documents and settings\B\Application Data\uTorrent
2010-06-25 13:42 . 2009-10-03 23:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-25 13:42 . 2010-04-01 22:28 -------- d-----w- c:\program files\ANI
2010-06-19 16:24 . 2009-10-04 18:27 -------- d-----w- c:\program files\uTorrent
2010-06-18 03:37 . 2003-01-01 19:14 -------- d-----w- c:\documents and settings\B\Application Data\vlc
2010-06-17 23:36 . 2009-10-12 21:34 -------- d-----w- c:\documents and settings\B\Application Data\Ahead
2010-06-17 23:36 . 2009-10-12 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-06-16 13:23 . 2010-05-21 06:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\B\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-01 21:07 . 2010-05-24 17:07 -------- d-----w- c:\documents and settings\B\Application Data\DivX
2010-06-01 20:59 . 2010-05-24 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-01 20:55 . 2010-05-25 21:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-29 01:15 . 2010-05-29 01:15 -------- d-----w- c:\program files\SourceTec
2010-05-29 01:15 . 2010-05-29 01:15 -------- d-----w- c:\program files\Common Files\SourceTec
2010-05-28 04:55 . 2010-01-25 04:33 -------- d-----w- c:\documents and settings\B\Application Data\dvdcss
2010-05-25 20:42 . 2009-10-04 18:14 -------- d-----w- c:\program files\CCleaner
2010-05-25 20:29 . 2010-05-25 20:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-24 20:02 . 2010-05-24 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-24 20:02 . 2010-05-24 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-24 17:08 . 2010-04-18 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-24 17:08 . 2010-05-24 17:08 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-24 17:07 . 2010-05-24 17:07 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-24 17:07 . 2003-01-01 05:12 -------- d-----w- c:\program files\DivX
2010-05-24 17:07 . 2010-05-24 17:07 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-24 17:07 . 2010-05-24 17:07 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-24 17:07 . 2010-05-24 17:07 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-24 17:06 . 2010-05-24 17:06 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-24 17:04 . 2010-05-24 17:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-24 17:04 . 2010-05-24 17:04 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-24 17:04 . 2010-05-24 17:04 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-24 17:01 . 2010-05-24 17:01 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-24 17:01 . 2010-05-24 17:07 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-22 16:07 . 2003-01-01 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-22 07:32 . 2010-05-22 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-22 07:32 . 2010-05-22 07:32 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-05-21 23:29 . 2010-03-20 01:25 -------- d-----w- c:\documents and settings\B\Application Data\Skype
2010-05-21 21:57 . 2010-03-20 01:27 -------- d-----w- c:\documents and settings\B\Application Data\skypePM
2010-05-21 07:05 . 2010-05-21 06:57 -------- d-----w- c:\program files\SpywareGuard
2010-05-21 07:00 . 2010-05-21 06:53 -------- d-----w- c:\program files\SpywareBlaster
2010-05-21 06:52 . 2010-05-21 06:52 388096 ----a-r- c:\documents and settings\B\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-21 06:52 . 2010-05-21 06:52 -------- d-----w- c:\program files\Trend Micro
2010-04-29 20:39 . 2003-01-01 04:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2003-01-01 04:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 19:51 . 2010-05-24 17:07 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2009-10-08 01:56 . 2009-10-08 01:53 21822168 ----a-w- c:\program files\AdbeRdr80_en_US.exe
.

<pre>
c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2 .exe
c:\program files\D-Link\DWA-125 revA\AirGCFG .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\uTorrent\uTorrent .exe
c:\windows\system32\rundll32 .exe
</pre>

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\B\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 15:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 00:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link D-Link Wireless 150 USB Adapter DWA-125]
2009-04-22 20:20 1683456 ----a-w- c:\program files\D-Link\DWA-125 revA\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
c:\program files\Microsoft ActiveSync\wcescomm.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
c:\program files\DivX\Symantec\scstubinstaller.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 14:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-02-26 20:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-04 18:22 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total PC Defender 2010]
c:\program files\SystemDefender2010\Total PC Defender 2010.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
c:\program files\uTorrent\uTorrent.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiFiCFG.EXE]
2005-09-23 19:27 405504 ----a-w- c:\program files\I-O DATA\WN-G54BB\WiFiCfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent .exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:MSNSound
"1863:TCP"= 1863:TCP:MSNSound2
"6891:TCP"= 6891:TCP:MSNSound3
"6892:TCP"= 6892:TCP:MSNSound4
"6893:TCP"= 6893:TCP:MSNSound5

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/01/2003 3:00 PM 165456]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [25/06/2010 6:43 AM 147456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09/07/2010 2:16 PM 135336]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S2 SantFilt;Santana Filter;c:\windows\system32\drivers\SantFilt.sys [05/02/2010 6:11 PM 18944]
S2 SantSvc;Santana Service;c:\windows\system32\SantSvc.exe [05/02/2010 6:11 PM 44544]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [31/12/2002 10:45 PM 31872]
.
Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{70A47AB3-85DF-47CA-9AB3-B3470F78DCDD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

2010-07-10 c:\windows\Tasks\User_Feed_Synchronization-{9290B7CE-3883-4F80-A67E-668F8186D5E1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
Trusted Zone: bmo.com\www1
Trusted Zone: facebook.com\login
FF - ProfilePath - c:\documents and settings\B\Application Data\Mozilla\Firefox\Profiles\csy4jfyb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://searchwithlilwayne.swagbucks.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={8CDF3518-BFC6-D1AA-96BC-696F80195927}&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\B\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\B\Application Data\Mozilla\Firefox\Profiles\csy4jfyb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-AviSynth - c:\program files\AviSynth 2.5\Uninstall.exe
AddRemove-HaaliMkx - c:\program files\Haali\MatroskaSplitter\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 10:50
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,3f,df,16,8d,ed,dd,43,bc,8f,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,3f,df,16,8d,ed,dd,43,bc,8f,14,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-10 10:53:09
ComboFix-quarantined-files.txt 2010-07-10 17:53

Pre-Run: 2,160,332,800 bytes free
Post-Run: 2,092,408,832 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - EFE719EEB9E08FA26D14188E5AAFF9C5

#10
Rorschach112

Posted 10 July 2010 - 02:27 PM

Ralphie

Retired Staff
47,710 posts

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\documents and settings\All Users\Application Data\20031Y.dat
KillAll::
RenV::
c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2 .exe
c:\program files\D-Link\DWA-125 revA\AirGCFG .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
c:\program files\uTorrent\uTorrent .exe
c:\windows\system32\rundll32 .exe
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Total PC Defender 2010]
MBR::

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

#11
krazedchick

Posted 10 July 2010 - 02:59 PM

Member

Topic Starter
Member
12 posts

Here is the new combofix log

ComboFix 10-07-10.01 - B 10/07/2010 13:41:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.624 [GMT -7:00]
Running from: c:\documents and settings\B\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\B\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\All Users\Application Data\20031Y.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\20031Y.dat

.
((((((((((((((((((((((((( Files Created from 2010-06-10 to 2010-07-10 )))))))))))))))))))))))))))))))
.

2010-07-09 21:20 . 2010-07-09 21:20 -------- d-----w- c:\documents and settings\B\Application Data\Avira
2010-07-09 21:16 . 2010-03-01 15:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-07-09 21:16 . 2010-02-16 19:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-07-09 21:16 . 2009-05-11 17:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-07-09 21:16 . 2009-05-11 17:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-07-09 21:16 . 2010-07-09 21:16 -------- d-----w- c:\program files\Avira
2010-07-09 21:16 . 2010-07-09 21:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-07-01 06:01 . 2010-07-01 06:01 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-01 06:00 . 2003-01-01 14:26 -------- d-----w- c:\documents and settings\Administrator
2010-07-01 05:49 . 2003-01-01 14:29 -------- d-----w- c:\documents and settings\HelpAssistant\UserData
2010-07-01 05:49 . 2003-01-01 14:29 -------- d-----w- c:\documents and settings\HelpAssistant\Tracing
2010-07-01 05:47 . 2010-07-01 05:47 -------- d-----w- c:\documents and settings\HelpAssistant\IECompatCache
2010-07-01 05:43 . 2010-07-01 05:43 -------- d-----w- c:\documents and settings\HelpAssistant\.gstreamer-0.10
2010-07-01 05:43 . 2003-01-01 14:28 -------- d-----w- c:\documents and settings\HelpAssistant
2010-06-29 21:24 . 2010-06-29 21:24 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-25 13:43 . 2009-02-26 17:46 147456 ----a-w- c:\windows\system32\ANIWConnService.exe
2010-06-25 13:42 . 2009-04-22 14:23 270336 ----a-w- c:\windows\system32\wnicapi.dll
2010-06-25 13:42 . 2009-04-17 23:24 700416 ----a-w- c:\windows\system32\ANIWZCS2.dll
2010-06-25 13:42 . 2009-03-05 15:12 258048 ----a-w- c:\windows\system32\wlanapp.dll
2010-06-25 13:42 . 2008-11-27 22:25 204800 ----a-w- c:\windows\system32\aIPH.dll
2010-06-25 13:42 . 2008-11-27 22:22 45115 ----a-w- c:\windows\system32\ANICtl.dll
2010-06-25 13:42 . 2008-11-27 22:20 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2010-06-25 13:42 . 2005-10-27 12:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2010-06-25 13:42 . 2005-10-19 22:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2010-06-25 13:42 . 2009-02-09 22:26 315392 ----a-w- c:\windows\system32\ANIOApi.dll
2010-06-25 13:42 . 2009-02-09 22:36 48640 ----a-w- c:\windows\system32\ANIO64.sys
2010-06-25 13:42 . 2009-02-09 22:10 29411 ----a-w- c:\windows\system32\ANIO.sys
2010-06-25 13:42 . 2007-05-12 20:39 11904 ----a-w- c:\windows\system32\anio4.sys
2010-06-25 13:41 . 2008-09-25 17:16 204800 ----a-w- c:\windows\system32\ssleay32.dll
2010-06-25 13:41 . 2009-02-26 17:38 692224 ----a-w- c:\windows\system32\ANIOWPS.dll
2010-06-25 13:41 . 2009-02-26 15:22 237568 ----a-w- c:\windows\system32\ANIWPS.exe
2010-06-25 13:41 . 2008-09-25 17:15 1110016 ----a-w- c:\windows\system32\libeay32.dll
2010-06-25 13:41 . 2010-06-25 13:41 -------- d-----w- c:\documents and settings\B\Application Data\InstallShield
2010-06-19 16:50 . 2010-06-19 16:50 -------- d-----w- c:\documents and settings\B\Application Data\Facebook
2010-06-17 20:55 . 2008-12-08 16:53 57344 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-17 20:55 . 2008-06-09 02:58 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-06-17 20:55 . 2010-06-17 20:55 -------- d-----w- c:\program files\ffdshow
2010-06-17 20:55 . 2010-06-17 20:55 -------- d-----w- c:\program files\Haali
2010-06-16 19:05 . 2010-06-16 19:05 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-10 20:50 . 2009-10-04 18:27 -------- d-----w- c:\documents and settings\B\Application Data\uTorrent
2010-07-10 20:41 . 2009-10-04 18:27 -------- d-----w- c:\program files\uTorrent
2010-06-29 13:53 . 2009-10-06 02:24 -------- d-----w- c:\documents and settings\B\Application Data\LimeWire
2010-06-28 21:57 . 2003-01-01 22:00 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 21:57 . 2003-01-01 22:00 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 21:37 . 2003-01-01 22:00 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 21:37 . 2003-01-01 22:00 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 21:33 . 2003-01-01 22:00 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 21:32 . 2003-01-01 22:00 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 21:32 . 2003-01-01 22:00 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 21:32 . 2003-01-01 22:01 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 21:32 . 2003-01-01 22:00 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-25 13:42 . 2009-10-03 23:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-25 13:42 . 2010-04-01 22:28 -------- d-----w- c:\program files\ANI
2010-06-19 16:50 . 2010-06-19 16:50 50354 ----a-w- c:\documents and settings\B\Application Data\Facebook\uninstall.exe
2010-06-18 03:37 . 2003-01-01 19:14 -------- d-----w- c:\documents and settings\B\Application Data\vlc
2010-06-17 23:36 . 2009-10-12 21:34 -------- d-----w- c:\documents and settings\B\Application Data\Ahead
2010-06-17 23:36 . 2009-10-12 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2010-06-16 13:23 . 2010-05-21 06:54 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\B\Application Data\Facebook\npfbplugin_1_0_3.dll
2010-06-01 21:07 . 2010-05-24 17:07 -------- d-----w- c:\documents and settings\B\Application Data\DivX
2010-06-01 20:59 . 2010-05-24 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-01 20:55 . 2010-05-25 21:08 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-05-29 01:15 . 2010-05-29 01:15 -------- d-----w- c:\program files\SourceTec
2010-05-29 01:15 . 2010-05-29 01:15 -------- d-----w- c:\program files\Common Files\SourceTec
2010-05-28 04:55 . 2010-01-25 04:33 -------- d-----w- c:\documents and settings\B\Application Data\dvdcss
2010-05-25 20:42 . 2009-10-04 18:14 -------- d-----w- c:\program files\CCleaner
2010-05-25 20:29 . 2010-05-25 20:29 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-24 20:02 . 2010-05-24 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-05-24 20:02 . 2010-05-24 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-05-24 17:08 . 2010-04-18 22:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-05-24 17:08 . 2010-05-24 17:08 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-05-24 17:07 . 2010-05-24 17:07 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-05-24 17:07 . 2003-01-01 05:12 -------- d-----w- c:\program files\DivX
2010-05-24 17:07 . 2010-05-24 17:07 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-05-24 17:07 . 2010-05-24 17:07 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-05-24 17:07 . 2010-05-24 17:07 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-05-24 17:06 . 2010-05-24 17:06 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-05-24 17:05 . 2010-05-24 17:05 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-24 17:04 . 2010-05-24 17:04 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-05-24 17:04 . 2010-05-24 17:04 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-05-24 17:04 . 2010-05-24 17:04 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-05-24 17:01 . 2010-05-24 17:01 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-05-24 17:01 . 2010-05-24 17:07 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-05-22 16:07 . 2003-01-01 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-05-22 07:32 . 2010-05-22 07:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-05-22 07:32 . 2010-05-22 07:32 1025992 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\SecurityScan_Release.exe
2010-05-21 23:29 . 2010-03-20 01:25 -------- d-----w- c:\documents and settings\B\Application Data\Skype
2010-05-21 21:57 . 2010-03-20 01:27 -------- d-----w- c:\documents and settings\B\Application Data\skypePM
2010-05-21 07:05 . 2010-05-21 06:57 -------- d-----w- c:\program files\SpywareGuard
2010-05-21 07:00 . 2010-05-21 06:53 -------- d-----w- c:\program files\SpywareBlaster
2010-05-21 06:52 . 2010-05-21 06:52 388096 ----a-r- c:\documents and settings\B\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-21 06:52 . 2010-05-21 06:52 -------- d-----w- c:\program files\Trend Micro
2010-04-29 20:39 . 2003-01-01 04:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2003-01-01 04:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 19:51 . 2010-05-24 17:07 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2009-10-08 01:56 . 2009-10-08 01:53 21822168 ----a-w- c:\program files\AdbeRdr80_en_US.exe
.

<pre>
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-07-10_17.50.40 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-10 20:48 . 2010-07-10 20:48 16384 c:\windows\temp\Perflib_Perfdata_3ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\documents and settings\B\My Documents\Downloads\utorrent.exe" [2010-07-10 322352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\B\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2007-01-19 15:49 49152 ----a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-06-28 00:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link D-Link Wireless 150 USB Adapter DWA-125]
2009-04-22 20:20 1683456 ----a-w- c:\program files\D-Link\DWA-125 revA\AirGCFG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
c:\documents and settings\B\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
c:\program files\Microsoft ActiveSync\wcescomm.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 20:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSSInstallation]
c:\program files\DivX\Symantec\scstubinstaller.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 14:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-02-26 20:53 65024 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-04 18:22 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2003-01-01 04:12 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WiFiCFG.EXE]
2005-09-23 19:27 405504 ----a-w- c:\program files\I-O DATA\WN-G54BB\WiFiCfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\B\\My Documents\\Downloads\\utorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:MSNSound
"1863:TCP"= 1863:TCP:MSNSound2
"6891:TCP"= 6891:TCP:MSNSound3
"6892:TCP"= 6892:TCP:MSNSound4
"6893:TCP"= 6893:TCP:MSNSound5

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/01/2003 3:00 PM 165456]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [25/06/2010 6:43 AM 147456]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09/07/2010 2:16 PM 135336]
R2 SantSvc;Santana Service;c:\windows\system32\SantSvc.exe [05/02/2010 6:11 PM 44544]
S2 aswFsBlk;aswFsBlk;aswFsBlk.sys --> aswFsBlk.sys [?]
S2 SantFilt;Santana Filter;c:\windows\system32\drivers\SantFilt.sys [05/02/2010 6:11 PM 18944]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [31/12/2002 10:45 PM 31872]
.
Contents of the 'Scheduled Tasks' folder

2010-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-07-09 c:\windows\Tasks\User_Feed_Synchronization-{70A47AB3-85DF-47CA-9AB3-B3470F78DCDD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]

2010-07-10 c:\windows\Tasks\User_Feed_Synchronization-{9290B7CE-3883-4F80-A67E-668F8186D5E1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
Trusted Zone: bmo.com\www1
Trusted Zone: facebook.com\login
FF - ProfilePath - c:\documents and settings\B\Application Data\Mozilla\Firefox\Profiles\csy4jfyb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
FF - prefs.js: browser.search.selectedEngine - Fast Browser Search
FF - prefs.js: browser.startup.homepage - hxxp://searchwithlilwayne.swagbucks.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=19&tid={8CDF3518-BFC6-D1AA-96BC-696F80195927}&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\B\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\B\Application Data\Mozilla\Firefox\Profiles\csy4jfyb.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-10 13:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,3f,df,16,8d,ed,dd,43,bc,8f,14,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,3f,df,16,8d,ed,dd,43,bc,8f,14,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(596)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wdfmgr.exe
c:\program files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2010-07-10 13:57:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-10 20:57
ComboFix2.txt 2010-07-10 17:53

Pre-Run: 2,071,560,192 bytes free
Post-Run: 2,002,960,384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 048F90B89A46CD27DE8C3AD7485ECFB6

#12
krazedchick

Posted 10 July 2010 - 03:05 PM

Member

Topic Starter
Member
12 posts

I've also managed to install Avira AntiVir to my computer. Here is a scan log from running a virus scan.

Avira AntiVir Personal
Report file date: July 10, 2010 12:15

Scanning for 2329261 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : BS

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 21:18:43
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 21:18:51
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 21:18:51
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 21:18:51
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 21:18:52
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 21:18:52
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 21:18:53
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 21:18:53
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 21:18:55
VBASE014.VDF : 7.10.8.69 138752 Bytes 6/14/2010 21:18:56
VBASE015.VDF : 7.10.8.102 130560 Bytes 6/16/2010 21:18:57
VBASE016.VDF : 7.10.8.135 152064 Bytes 6/21/2010 21:18:58
VBASE017.VDF : 7.10.8.163 432128 Bytes 6/23/2010 21:19:01
VBASE018.VDF : 7.10.8.194 133632 Bytes 6/27/2010 21:19:02
VBASE019.VDF : 7.10.8.220 134656 Bytes 6/29/2010 21:19:03
VBASE020.VDF : 7.10.8.252 171520 Bytes 7/4/2010 21:19:04
VBASE021.VDF : 7.10.9.19 131072 Bytes 7/6/2010 21:19:06
VBASE022.VDF : 7.10.9.36 297472 Bytes 7/7/2010 21:19:07
VBASE023.VDF : 7.10.9.37 2048 Bytes 7/7/2010 21:19:07
VBASE024.VDF : 7.10.9.38 2048 Bytes 7/7/2010 21:19:08
VBASE025.VDF : 7.10.9.39 2048 Bytes 7/7/2010 21:19:08
VBASE026.VDF : 7.10.9.40 2048 Bytes 7/7/2010 21:19:08
VBASE027.VDF : 7.10.9.41 2048 Bytes 7/7/2010 21:19:08
VBASE028.VDF : 7.10.9.42 2048 Bytes 7/7/2010 21:19:08
VBASE029.VDF : 7.10.9.43 2048 Bytes 7/7/2010 21:19:09
VBASE030.VDF : 7.10.9.44 2048 Bytes 7/7/2010 21:19:09
VBASE031.VDF : 7.10.9.56 112640 Bytes 7/9/2010 21:19:10
Engineversion : 8.2.4.10
AEVDF.DLL : 8.1.2.0 106868 Bytes 7/9/2010 21:19:28
AESCRIPT.DLL : 8.1.3.39 1335674 Bytes 7/9/2010 21:19:28
AESCN.DLL : 8.1.6.1 127347 Bytes 7/9/2010 21:19:25
AESBX.DLL : 8.1.3.1 254324 Bytes 7/9/2010 21:19:29
AERDL.DLL : 8.1.4.6 541043 Bytes 7/9/2010 21:19:25
AEPACK.DLL : 8.2.2.5 430453 Bytes 7/9/2010 21:19:23
AEOFFICE.DLL : 8.1.1.6 201081 Bytes 7/9/2010 21:19:21
AEHEUR.DLL : 8.1.1.38 2724214 Bytes 7/9/2010 21:19:20
AEHELP.DLL : 8.1.11.6 242038 Bytes 7/9/2010 21:19:15
AEGEN.DLL : 8.1.3.13 381300 Bytes 7/9/2010 21:19:15
AEEMU.DLL : 8.1.2.0 393588 Bytes 7/9/2010 21:19:13
AECORE.DLL : 8.1.15.3 192886 Bytes 7/9/2010 21:19:13
AEBB.DLL : 8.1.1.0 53618 Bytes 7/9/2010 21:19:12
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: July 10, 2010 12:15

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '67' Module(s) have been scanned
Scan process 'utorrent.exe' - '58' Module(s) have been scanned
Scan process 'plugin-container.exe' - '58' Module(s) have been scanned
Scan process 'firefox.exe' - '127' Module(s) have been scanned
Scan process 'wuauclt.exe' - '35' Module(s) have been scanned
Scan process 'explorer.exe' - '97' Module(s) have been scanned
Scan process 'alg.exe' - '33' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '15' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'avshadow.exe' - '26' Module(s) have been scanned
Scan process 'jqs.exe' - '33' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'ANIWZCSdS.exe' - '42' Module(s) have been scanned
Scan process 'ANIWConnService.exe' - '17' Module(s) have been scanned
Scan process 'svchost.exe' - '34' Module(s) have been scanned
Scan process 'sched.exe' - '46' Module(s) have been scanned
Scan process 'spoolsv.exe' - '50' Module(s) have been scanned
Scan process 'AvastSvc.exe' - '62' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '170' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'Ati2evxx.exe' - '28' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '27' Module(s) have been scanned
Scan process 'winlogon.exe' - '74' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1714' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelppm.sys.vir
[DETECTION] Is the TR/Patched.Gen Trojan
C:\System Volume Information\_restore{301FC90C-D7F4-4B31-B514-87A209455F87}\RP33\A0040592.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
C:\System Volume Information\_restore{301FC90C-D7F4-4B31-B514-87A209455F87}\RP34\A0040679.sys
[DETECTION] Is the TR/Patched.Gen Trojan
Begin scan in 'E:\'

Beginning disinfection:
C:\System Volume Information\_restore{301FC90C-D7F4-4B31-B514-87A209455F87}\RP34\A0040679.sys
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f4c725d.qua'.
C:\System Volume Information\_restore{301FC90C-D7F4-4B31-B514-87A209455F87}\RP33\A0040592.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '57db5dfa.qua'.
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\intelppm.sys.vir
[DETECTION] Is the TR/Patched.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '054006d0.qua'.

End of the scan: July 10, 2010 13:22
Used time: 57:25 Minute(s)

The scan has been done completely.

5896 Scanned directories
131643 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
131640 Files not concerned
1472 Archives were scanned
0 Warnings
3 Notes
476234 Objects were scanned with rootkit scan
2 Hidden objects were found

#13
Rorschach112

Posted 10 July 2010 - 03:09 PM

Ralphie

Retired Staff
47,710 posts

you need to re-install this program

c:\program files\Spybot - Search & Destroy

also you cant have avast and avira installed, only keep one of them.

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#14
krazedchick

Posted 10 July 2010 - 07:29 PM

Member

Topic Starter
Member
12 posts

Here's the log from Malwarebytes

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4300

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/07/2010 2:58:45 PM
mbam-log-2010-07-10 (14-58-45).txt

Scan type: Quick scan
Objects scanned: 147294
Time elapsed: 10 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I also ran the Kaspersky virus scanner. It took a long time scanning and it came back no threats found. Also I could not get a report to come up so if there is still supposed to be one even though no threats were found I'll have to rescan again.