Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Rootkit, I think.../ VERY slow internet / Many scans run witho

Started by Lisa0917 , Jul 23 2011 08:56 AM

  • This topic is locked This topic is locked

#1
Lisa0917
Posted 23 July 2011 - 08:56 AM

Lisa0917

    Member

  • Member
  • PipPip
  • 18 posts
Hello,
My computer is running the internet extremely slow. It can take 5-10 mins to load a page, and half the time it looks like what it would if you were loading it on your cel phone. The uploading is paticulary slow. I talked to my ISP, and they said my connection is fine. I should mention that I pay for extra speed. I have run virus scans (MSE, Housecall, Kapersky's - all other online scanners wouldn't work), malware scans (Malwarebytes, Superantispyware), a whole bunch of removal tools from Kapersky's, and a bunch of rootkit detectors. I only get positive results from Sophos and one other rootkit detector (Rootkit Revealer, I think, I'm sorry I can't remember or find it, I have run so many the past few days). But the values change everytime I run it and they are unspecified and, most importantly, I honestly don't know enough about them to play around without a utility that doesn't fix the problem by itself.
If you could please, please help as soon as possible, it would be really appreacited. I have some research to do, and I can't get anything done with the internet not working right. Thank-you so much!

(BTW, I can't figure out how I got this stupid thing. It happened about a week ago, most likely from an internet search, although it could have been a torrent.)

OTL LOG


OTL logfile created on: 7/23/2011 8:41:22 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\LR\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 73.18% Memory free
4.71 Gb Paging File | 4.10 Gb Available in Paging File | 87.14% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 449.71 Gb Free Space | 96.56% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 792.80 Gb Free Space | 42.55% Space Free | Partition Type: NTFS

Computer Name: LR-75D2A86C7E85 | User Name: LR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
PRC - [2011/07/14 06:21:10 | 000,108,032 | ---- | M] () -- C:\Program Files\VideoLAN\VLC\vlc.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/04/28 10:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (MEMSWEEP2)
DRV - [2011/07/23 01:00:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsla8f1557d.sys -- (MpKsla8f1557d)
DRV - [2011/07/22 11:46:43 | 000,012,714 | ---- | M] (Kaspersky Lab.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\flcss.sys -- (KLAntiFL)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2006/02/28 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [KL AntiFunLove] C:\WINDOWS\system32\flcss.exe (Kaspersky Lab.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1309015527531 (WUWebControl Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.165.200.135 142.165.157.5
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/25 08:50:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/22 15:48:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\Recent
[2011/07/22 11:48:23 | 000,135,232 | ---- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.exe
[2011/07/22 11:46:43 | 000,135,232 | RHS- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.bkp
[2011/07/22 11:46:43 | 000,012,714 | ---- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.sys
[2011/07/22 10:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\Today Programs
[2011/07/22 00:43:01 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
[2011/07/21 07:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/07/21 07:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/07/18 03:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\vlc
[2011/07/18 02:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/07/10 08:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Google
[2011/07/10 08:19:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/04 03:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/07/03 11:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\HP
[2011/07/03 11:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\HPAppData
[2011/07/03 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/07/03 11:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/07/03 11:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/07/03 11:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/07/03 11:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/07/03 11:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/07/03 11:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/07/03 11:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2011/07/03 11:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/07/03 11:14:54 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/07/02 23:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\New Folder
[2011/07/02 21:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\WinRAR
[2011/07/02 21:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\WinRAR
[2011/07/02 21:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/02 21:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/02 16:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/07/02 16:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Temp
[2011/07/02 16:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/02 16:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/07/02 16:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/07/02 16:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/02 16:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Adobe
[2011/07/02 16:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/07/02 16:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Google
[2011/07/02 16:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/07/02 16:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/07/02 16:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/07/02 16:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/06/28 11:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/06/28 11:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\DVDVideoSoft
[2011/06/28 11:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/06/28 11:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/06/28 05:50:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\IECompatCache
[2011/06/27 18:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Apple Computer
[2011/06/27 18:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/27 18:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/27 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/27 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/27 18:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/06/27 18:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Apple
[2011/06/27 18:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/27 18:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/06/27 18:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/06/27 18:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/27 18:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/06/27 18:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/06/27 18:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Apple Computer
[2011/06/26 22:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Adobe
[2011/06/26 22:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Macromedia
[2011/06/26 21:55:13 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2011/06/26 21:55:06 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2011/06/26 21:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/06/26 21:52:16 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2011/06/26 21:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011/06/26 21:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2011/06/26 21:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/06/26 21:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\The Crystal Method - Divided By Night (2009) 320Kbps [Electr0]
[2011/06/26 20:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Patterns
[2011/06/26 20:58:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Videos
[2011/06/26 20:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\My Scans
[2011/06/26 20:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Music
[2011/06/26 20:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\backup!
[2011/06/26 20:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\julian's stuff
[2011/06/26 20:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\uTorrent
[2011/06/26 20:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Camp forms
[2011/06/26 20:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Identities
[2011/06/26 12:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/26 11:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/06/26 11:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/06/26 11:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Malwarebytes
[2011/06/26 00:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/26 00:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/25 16:48:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/25 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\Computer Cleaners
[2011/06/25 16:44:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/25 16:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/25 16:44:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 16:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\SUPERAntiSpyware.com
[2011/06/25 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/25 16:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/25 16:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/25 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/06/25 16:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/06/25 16:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/06/25 16:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/25 16:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/25 16:32:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\PrivacIE
[2011/06/25 16:21:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\IETldCache
[2011/06/25 16:10:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/25 16:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/06/25 16:09:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/25 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/06/25 11:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/06/25 11:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/06/25 11:22:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/25 11:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/25 11:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/06/25 11:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/06/25 11:01:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/25 11:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/06/25 10:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/06/25 10:57:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/25 09:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/06/25 09:28:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/25 09:28:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/06/25 09:25:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/25 09:24:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\UserData
[2011/06/25 09:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Identities
[2011/06/25 09:21:19 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/06/25 09:21:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Pictures
[2011/06/25 09:21:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Music
[2011/06/25 09:21:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LR\Application Data\Microsoft
[2011/06/25 09:21:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\SendTo
[2011/06/25 09:21:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\Application Data
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\Startup
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Favorites
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\Accessories
[2011/06/25 09:21:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\Cookies
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\Templates
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\PrintHood
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\NetHood
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\Local Settings
[2011/06/25 09:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Microsoft
[2011/06/25 09:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop
[2011/06/25 09:17:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/06/25 09:17:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/06/25 09:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/06/25 09:17:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/06/25 08:53:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/06/25 08:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/06/25 08:52:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/06/25 08:52:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/06/25 08:51:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/06/25 08:50:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/06/25 08:49:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/06/25 08:49:35 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/06/25 08:49:35 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/06/25 08:49:26 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/06/25 08:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/06/25 08:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/06/25 08:48:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/06/25 08:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/06/25 08:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/06/25 08:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/06/25 08:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/06/25 08:48:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/06/25 08:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/06/25 08:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/06/25 08:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/06/25 08:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/06/25 08:48:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/06/25 08:47:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/06/25 08:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/06/25 08:47:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/06/25 08:47:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/06/25 08:47:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/06/25 08:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/06/25 08:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/06/25 08:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/06/25 08:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/06/25 08:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/06/25 08:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/06/25 08:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/06/25 08:46:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/06/25 08:46:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/25 08:33:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/06/25 02:25:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/06/25 02:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/06/25 02:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/06/25 02:25:41 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/06/25 02:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/06/25 02:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/06/25 02:25:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/06/25 02:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/06/25 02:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/06/25 02:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/06/25 02:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/06/25 02:25:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/06/25 02:25:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/06/25 02:24:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/06/25 02:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/06/25 02:17:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/06/25 02:17:54 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/06/25 02:17:54 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/06/25 02:17:54 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/06/25 02:17:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/23 08:43:10 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job
[2011/07/23 08:42:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/23 02:32:50 | 000,010,058 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\census.cache
[2011/07/23 02:32:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\ars.cache
[2011/07/23 01:16:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\housecall.guid.cache
[2011/07/23 01:09:53 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\srv32.exe
[2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\scrsvr.exe
[2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\marco!.scr
[2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\instit.bat
[2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bride.exe
[2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brasil.pif
[2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brasil.exe
[2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\alevir.exe
[2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\aavar.pif
[2011/07/23 01:00:54 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/23 01:00:54 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 01:00:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/22 19:59:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/22 14:17:10 | 000,006,582 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110722_141707.reg
[2011/07/22 11:48:23 | 000,135,232 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.exe
[2011/07/22 11:46:43 | 000,135,232 | RHS- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.bkp
[2011/07/22 11:46:43 | 000,012,714 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.sys
[2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
[2011/07/21 08:33:48 | 099,123,520 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\setup_11.0.0.1245.x01_2011_07_21_17_18.exe
[2011/07/21 07:56:00 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\sar_15_sfx.exe
[2011/07/18 02:07:47 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/18 01:54:48 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\vlc-1.1.11-win32.exe
[2011/07/17 03:16:50 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110717_031646.reg
[2011/07/14 03:32:26 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/11 19:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/10 07:56:59 | 000,002,662 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110710_075654.reg
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/03 11:20:53 | 000,157,683 | ---- | M] () -- C:\WINDOWS\hpoins28.dat
[2011/06/30 03:21:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/29 05:23:05 | 000,000,297 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\Document.tch.rtf
[2011/06/29 01:41:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/29 01:13:16 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110629_011313.reg
[2011/06/28 11:09:09 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\DVDVideoSoft Free Studio.lnk
[2011/06/27 20:15:30 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2011/06/27 19:37:19 | 000,015,488 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110627_193716.reg
[2011/06/26 21:35:25 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/06/26 11:28:56 | 000,000,978 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110626_112854.reg
[2011/06/26 00:19:13 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 00:19:13 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/25 16:53:05 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_165302.reg
[2011/06/25 16:49:46 | 000,009,868 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_164935.reg
[2011/06/25 16:48:22 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\Shortcut to Downloads.lnk
[2011/06/25 16:34:49 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/25 11:25:05 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/25 11:25:05 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/25 11:24:25 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/25 11:24:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/06/25 11:11:42 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/06/25 11:07:50 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/25 10:59:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/25 09:21:26 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/25 08:54:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/06/25 08:52:53 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/25 08:50:44 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/25 08:50:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/25 08:50:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/25 08:50:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/25 08:50:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/25 08:50:32 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/25 08:47:46 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/25 08:32:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/23 02:32:50 | 000,010,058 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\census.cache
[2011/07/23 02:32:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\ars.cache
[2011/07/23 01:16:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\housecall.guid.cache
[2011/07/22 14:17:08 | 000,006,582 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110722_141707.reg
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\srv32.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scrsvr.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\marco!.scr
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\instit.bat
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bride.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brasil.pif
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brasil.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alevir.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\aavar.pif
[2011/07/21 08:33:45 | 099,123,520 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\setup_11.0.0.1245.x01_2011_07_21_17_18.exe
[2011/07/21 07:55:51 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\sar_15_sfx.exe
[2011/07/18 02:07:47 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/18 01:53:26 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\vlc-1.1.11-win32.exe
[2011/07/17 03:16:48 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110717_031646.reg
[2011/07/10 07:56:57 | 000,002,662 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110710_075654.reg
[2011/07/03 11:19:10 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/07/03 11:13:12 | 000,157,683 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/07/03 11:13:12 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/07/02 16:44:49 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/02 16:43:21 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/02 16:43:21 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 03:21:33 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/29 05:23:05 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\Document.tch.rtf
[2011/06/29 01:41:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/29 01:13:15 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110629_011313.reg
[2011/06/28 11:09:08 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\DVDVideoSoft Free Studio.lnk
[2011/06/28 09:00:22 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job
[2011/06/27 20:15:30 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2011/06/27 19:37:18 | 000,015,488 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110627_193716.reg
[2011/06/27 18:37:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/27 18:37:27 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/26 21:53:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2011/06/26 21:35:25 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/06/26 21:01:37 | 000,263,215 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\Application for a Death Certificate.pdf
[2011/06/26 21:01:37 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/06/26 21:00:25 | 000,657,888 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\28-DayBreakFreePlan.pdf
[2011/06/26 21:00:25 | 000,462,820 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\USSUGSAhealth.pdf
[2011/06/26 21:00:25 | 000,400,835 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\RiceCooker.pdf
[2011/06/26 21:00:25 | 000,032,390 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\fjerase.zip
[2011/06/26 11:28:55 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110626_112854.reg
[2011/06/26 00:25:51 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/06/25 16:53:03 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_165302.reg
[2011/06/25 16:49:44 | 000,009,868 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_164935.reg
[2011/06/25 16:48:22 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\Shortcut to Downloads.lnk
[2011/06/25 16:39:37 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/25 16:34:49 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/25 16:34:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/25 11:25:05 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/25 11:24:25 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/25 11:24:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/25 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/06/25 11:15:34 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/25 11:11:42 | 000,013,724 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/06/25 11:02:22 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/06/25 11:02:22 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/06/25 11:02:22 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/06/25 11:02:22 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/06/25 11:02:22 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/06/25 11:02:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/06/25 11:02:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/06/25 11:02:22 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/06/25 11:02:22 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/06/25 11:02:22 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/06/25 11:02:22 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/06/25 11:02:22 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/06/25 11:02:22 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/06/25 11:02:22 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/06/25 11:02:21 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/06/25 11:02:21 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/06/25 11:02:21 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/06/25 11:02:21 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/06/25 11:02:21 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/06/25 11:02:21 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/06/25 11:02:21 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/06/25 11:02:21 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/06/25 11:02:21 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/06/25 11:02:21 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/06/25 11:02:21 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/06/25 11:02:21 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/06/25 11:02:21 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/06/25 11:02:21 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/06/25 11:02:21 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/06/25 11:02:21 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/06/25 11:02:21 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/06/25 11:02:21 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/06/25 11:02:21 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/06/25 11:02:21 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/06/25 11:02:21 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/06/25 11:02:21 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/06/25 11:02:21 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/06/25 11:02:21 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/06/25 11:02:21 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/06/25 11:02:21 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/06/25 11:02:21 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/06/25 11:02:21 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/06/25 11:02:21 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/06/25 11:02:21 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/06/25 11:02:21 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/06/25 11:02:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/06/25 11:02:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/06/25 11:02:21 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/06/25 11:02:21 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/06/25 11:02:21 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/06/25 11:02:21 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/06/25 11:02:21 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/06/25 11:02:21 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/06/25 11:02:21 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/06/25 11:02:21 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/06/25 11:02:21 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/06/25 11:02:21 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/06/25 11:02:21 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/06/25 11:02:21 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/06/25 11:02:21 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/06/25 11:02:21 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/06/25 11:02:20 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/06/25 11:02:20 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/06/25 11:02:20 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/06/25 11:02:20 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/06/25 11:02:20 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/06/25 11:02:20 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/06/25 11:02:20 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/06/25 11:02:20 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/06/25 11:02:19 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/06/25 11:02:19 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/06/25 11:02:19 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/06/25 11:02:19 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/06/25 11:02:19 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/06/25 11:02:19 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/06/25 11:02:19 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/06/25 11:02:19 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/06/25 11:00:03 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/06/25 11:00:03 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/06/25 11:00:02 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/06/25 09:21:26 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/25 09:21:21 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Outlook Express.lnk
[2011/06/25 09:21:19 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Internet Explorer.lnk
[2011/06/25 09:21:15 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Remote Assistance.lnk
[2011/06/25 09:21:15 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Windows Media Player.lnk
[2011/06/25 08:54:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/06/25 08:52:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 08:52:24 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/25 08:52:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/25 08:52:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/25 08:52:03 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/25 08:52:02 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/25 08:51:51 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/25 08:51:47 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/25 08:51:35 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/25 08:50:44 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/25 08:50:44 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/25 08:50:44 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/06/25 08:50:41 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/25 08:50:41 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/25 08:50:40 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/25 08:49:25 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/25 08:49:15 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/06/25 08:48:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/06/25 08:48:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/06/25 08:48:42 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/06/25 08:47:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/25 08:47:03 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/06/25 08:47:03 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/06/25 08:47:03 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/06/25 08:47:03 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/06/25 08:47:03 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/06/25 08:47:03 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/06/25 08:47:03 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/06/25 08:47:03 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/06/25 08:47:03 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/06/25 08:47:03 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/06/25 08:47:03 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/06/25 08:47:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/06/25 08:47:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/06/25 08:46:59 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/06/25 08:46:50 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/06/25 02:27:32 | 002,104,298 | ---- | C] () -- C:\WINDOWS\System32\drivers\2gmgsmt.sf2
[2011/06/25 02:25:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/25 02:25:43 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/06/25 02:25:43 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/06/25 02:25:42 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/06/25 02:25:42 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/06/25 02:25:26 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/06/25 02:25:16 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/06/25 02:25:16 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/06/25 02:25:16 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/06/25 02:25:16 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/06/25 02:25:16 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/06/25 02:25:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/06/25 02:25:16 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/06/25 02:25:16 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/06/25 02:24:38 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 02:23:34 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/06/25 02:23:31 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/02/23 02:57:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/11/02 09:17:22 | 002,289,664 | ---- | C] () -- C:\WINDOWS\System32\ialmgicd.dll

========== LOP Check ==========

[2011/06/26 22:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2011/07/22 14:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/27 18:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/23 08:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LR\Application Data\uTorrent
[2011/07/23 01:09:53 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/23 08:43:10 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >

Edited by Lisa0917, 23 July 2011 - 08:59 AM.

  • 0

Advertisements

#2
Essexboy
Posted 23 July 2011 - 09:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there for this first run I will take out what I can see


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\srv32.exe
    [2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\scrsvr.exe
    [2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\marco!.scr
    [2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\instit.bat
    [2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bride.exe
    [2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brasil.pif
    [2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brasil.exe
    [2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\alevir.exe
    [2011/07/23 01:01:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\aavar.pif


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
Lisa0917
Posted 23 July 2011 - 10:31 AM

Lisa0917

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I got the OTL code, but the pictures wouldn't load, so please forgive me if I did something wrong. I was able to run both programs; I chose not to download Avast when prompted by aswMBR. Here are the logs.

OTL Log


OTL logfile created on: 7/23/2011 10:15:54 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\LR\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 83.33% Memory free
4.71 Gb Paging File | 4.34 Gb Available in Paging File | 92.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 449.81 Gb Free Space | 96.58% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 792.80 Gb Free Space | 42.55% Space Free | Partition Type: NTFS

Computer Name: LR-75D2A86C7E85 | User Name: LR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/04/28 10:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)


========== Driver Services (SafeList) ==========

DRV - [2011/07/23 10:10:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsla99acfd8.sys -- (MpKsla99acfd8)
DRV - [2011/07/23 01:00:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsla8f1557d.sys -- (MpKsla8f1557d)
DRV - [2011/07/22 11:46:43 | 000,012,714 | ---- | M] (Kaspersky Lab.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\flcss.sys -- (KLAntiFL)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/07/23 10:08:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [KL AntiFunLove] C:\WINDOWS\system32\flcss.exe (Kaspersky Lab.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1309015527531 (WUWebControl Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.165.200.135 142.165.157.5
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/25 08:50:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 10:10:08 | 000,135,232 | ---- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.exe
[2011/07/23 10:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/22 15:48:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\Recent
[2011/07/22 11:46:43 | 000,135,232 | RHS- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.bkp
[2011/07/22 11:46:43 | 000,012,714 | ---- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.sys
[2011/07/22 10:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\Today Programs
[2011/07/22 00:43:01 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
[2011/07/21 07:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/07/21 07:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/07/18 03:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\vlc
[2011/07/18 02:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/07/10 08:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Google
[2011/07/10 08:19:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/04 03:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/07/03 11:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\HP
[2011/07/03 11:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\HPAppData
[2011/07/03 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/07/03 11:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/07/03 11:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/07/03 11:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/07/03 11:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/07/03 11:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/07/03 11:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/07/03 11:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2011/07/03 11:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/07/03 11:14:54 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/07/02 23:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\New Folder
[2011/07/02 21:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\WinRAR
[2011/07/02 21:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\WinRAR
[2011/07/02 21:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/02 21:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/02 16:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/07/02 16:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Temp
[2011/07/02 16:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/02 16:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/07/02 16:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/07/02 16:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/02 16:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Adobe
[2011/07/02 16:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/07/02 16:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Google
[2011/07/02 16:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/07/02 16:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/07/02 16:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/07/02 16:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/06/28 11:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/06/28 11:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\DVDVideoSoft
[2011/06/28 11:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/06/28 11:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/06/28 05:50:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\IECompatCache
[2011/06/27 18:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Apple Computer
[2011/06/27 18:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/27 18:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/27 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/27 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/27 18:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/06/27 18:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Apple
[2011/06/27 18:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/27 18:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/06/27 18:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/06/27 18:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/27 18:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/06/27 18:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/06/27 18:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Apple Computer
[2011/06/26 22:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Adobe
[2011/06/26 22:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Macromedia
[2011/06/26 21:55:13 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2011/06/26 21:55:06 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2011/06/26 21:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/06/26 21:52:16 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2011/06/26 21:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011/06/26 21:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2011/06/26 21:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/06/26 21:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\The Crystal Method - Divided By Night (2009) 320Kbps [Electr0]
[2011/06/26 20:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Patterns
[2011/06/26 20:58:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Videos
[2011/06/26 20:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\My Scans
[2011/06/26 20:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Music
[2011/06/26 20:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\backup!
[2011/06/26 20:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\julian's stuff
[2011/06/26 20:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\uTorrent
[2011/06/26 20:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Camp forms
[2011/06/26 20:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Identities
[2011/06/26 12:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/26 11:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/06/26 11:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/06/26 11:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Malwarebytes
[2011/06/26 00:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/26 00:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/25 16:48:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/25 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\Computer Cleaners
[2011/06/25 16:44:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/25 16:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/25 16:44:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 16:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\SUPERAntiSpyware.com
[2011/06/25 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/25 16:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/25 16:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/25 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/06/25 16:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/06/25 16:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/06/25 16:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/25 16:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/25 16:32:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\PrivacIE
[2011/06/25 16:21:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\IETldCache
[2011/06/25 16:10:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/25 16:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/06/25 16:09:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/25 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/06/25 11:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/06/25 11:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/06/25 11:22:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/25 11:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/25 11:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/06/25 11:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/06/25 11:01:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/25 11:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/06/25 10:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/06/25 10:57:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/25 09:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/06/25 09:28:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/25 09:28:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/06/25 09:25:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/25 09:24:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\UserData
[2011/06/25 09:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Identities
[2011/06/25 09:21:19 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/06/25 09:21:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Pictures
[2011/06/25 09:21:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Music
[2011/06/25 09:21:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LR\Application Data\Microsoft
[2011/06/25 09:21:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\SendTo
[2011/06/25 09:21:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\Application Data
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\Startup
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Favorites
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\Accessories
[2011/06/25 09:21:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\Cookies
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\Templates
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\PrintHood
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\NetHood
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\Local Settings
[2011/06/25 09:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Microsoft
[2011/06/25 09:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop
[2011/06/25 09:17:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/06/25 09:17:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/06/25 09:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/06/25 09:17:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/06/25 08:53:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/06/25 08:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/06/25 08:52:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/06/25 08:52:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/06/25 08:51:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/06/25 08:50:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/06/25 08:49:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/06/25 08:49:35 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/06/25 08:49:35 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/06/25 08:49:26 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/06/25 08:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/06/25 08:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/06/25 08:48:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/06/25 08:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/06/25 08:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/06/25 08:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/06/25 08:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/06/25 08:48:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/06/25 08:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/06/25 08:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/06/25 08:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/06/25 08:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/06/25 08:48:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/06/25 08:47:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/06/25 08:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/06/25 08:47:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/06/25 08:47:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/06/25 08:47:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/06/25 08:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/06/25 08:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/06/25 08:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/06/25 08:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/06/25 08:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/06/25 08:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/06/25 08:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/06/25 08:46:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/06/25 08:46:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/25 08:33:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/06/25 02:25:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/06/25 02:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/06/25 02:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/06/25 02:25:41 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/06/25 02:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/06/25 02:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/06/25 02:25:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/06/25 02:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/06/25 02:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/06/25 02:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/06/25 02:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/06/25 02:25:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/06/25 02:25:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/06/25 02:24:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/06/25 02:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/06/25 02:17:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/06/25 02:17:54 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/06/25 02:17:54 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/06/25 02:17:54 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/06/25 02:17:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 30 Days ==========

[2011/07/23 10:17:34 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LR\Desktop\aswMBR.exe
[2011/07/23 10:15:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/23 10:10:08 | 000,135,232 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\srv32.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\scrsvr.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\marco!.scr
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\instit.bat
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bride.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brasil.pif
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brasil.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\alevir.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\aavar.pif
[2011/07/23 10:10:00 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/23 10:10:00 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 10:09:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/23 10:08:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/23 10:05:28 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job
[2011/07/23 09:42:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/23 02:32:50 | 000,010,058 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\census.cache
[2011/07/23 02:32:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\ars.cache
[2011/07/23 01:16:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\housecall.guid.cache
[2011/07/22 19:59:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/22 14:17:10 | 000,006,582 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110722_141707.reg
[2011/07/22 11:46:43 | 000,135,232 | RHS- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.bkp
[2011/07/22 11:46:43 | 000,012,714 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.sys
[2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
[2011/07/21 08:33:48 | 099,123,520 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\setup_11.0.0.1245.x01_2011_07_21_17_18.exe
[2011/07/21 07:56:00 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\sar_15_sfx.exe
[2011/07/18 02:07:47 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/18 01:54:48 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\vlc-1.1.11-win32.exe
[2011/07/17 03:16:50 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110717_031646.reg
[2011/07/14 03:32:26 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/11 19:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/10 07:56:59 | 000,002,662 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110710_075654.reg
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/03 11:20:53 | 000,157,683 | ---- | M] () -- C:\WINDOWS\hpoins28.dat
[2011/06/30 03:21:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/29 05:23:05 | 000,000,297 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\Document.tch.rtf
[2011/06/29 01:41:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/29 01:13:16 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110629_011313.reg
[2011/06/28 11:09:09 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\DVDVideoSoft Free Studio.lnk
[2011/06/27 20:15:30 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2011/06/27 19:37:19 | 000,015,488 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110627_193716.reg
[2011/06/26 21:35:25 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/06/26 11:28:56 | 000,000,978 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110626_112854.reg
[2011/06/26 00:19:13 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 00:19:13 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/25 16:53:05 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_165302.reg
[2011/06/25 16:49:46 | 000,009,868 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_164935.reg
[2011/06/25 16:48:22 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\Shortcut to Downloads.lnk
[2011/06/25 16:34:49 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/25 11:25:05 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/25 11:25:05 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/25 11:24:25 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/25 11:24:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/06/25 11:11:42 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/06/25 11:07:50 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/25 10:59:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/25 09:21:26 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/25 08:54:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/06/25 08:52:53 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/25 08:50:44 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/25 08:50:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/25 08:50:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/25 08:50:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/25 08:50:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/25 08:50:32 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/25 08:47:46 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/25 08:32:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2011/07/23 02:32:50 | 000,010,058 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\census.cache
[2011/07/23 02:32:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\ars.cache
[2011/07/23 01:16:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\housecall.guid.cache
[2011/07/22 14:17:08 | 000,006,582 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110722_141707.reg
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\srv32.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scrsvr.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\marco!.scr
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\instit.bat
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bride.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brasil.pif
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brasil.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alevir.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\aavar.pif
[2011/07/21 08:33:45 | 099,123,520 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\setup_11.0.0.1245.x01_2011_07_21_17_18.exe
[2011/07/21 07:55:51 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\sar_15_sfx.exe
[2011/07/18 02:07:47 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/18 01:53:26 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\vlc-1.1.11-win32.exe
[2011/07/17 03:16:48 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110717_031646.reg
[2011/07/10 07:56:57 | 000,002,662 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110710_075654.reg
[2011/07/03 11:19:10 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/07/03 11:13:12 | 000,157,683 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/07/03 11:13:12 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/07/02 16:44:49 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/02 16:43:21 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/02 16:43:21 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 03:21:33 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/29 05:23:05 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\Document.tch.rtf
[2011/06/29 01:41:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/29 01:13:15 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110629_011313.reg
[2011/06/28 11:09:08 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\DVDVideoSoft Free Studio.lnk
[2011/06/28 09:00:22 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job
[2011/06/27 20:15:30 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2011/06/27 19:37:18 | 000,015,488 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110627_193716.reg
[2011/06/27 18:37:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/27 18:37:27 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/26 21:53:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2011/06/26 21:35:25 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/06/26 21:01:37 | 000,263,215 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\Application for a Death Certificate.pdf
[2011/06/26 21:01:37 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/06/26 21:00:25 | 000,657,888 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\28-DayBreakFreePlan.pdf
[2011/06/26 21:00:25 | 000,462,820 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\USSUGSAhealth.pdf
[2011/06/26 21:00:25 | 000,400,835 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\RiceCooker.pdf
[2011/06/26 21:00:25 | 000,032,390 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\fjerase.zip
[2011/06/26 11:28:55 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110626_112854.reg
[2011/06/26 00:25:51 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/06/25 16:53:03 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_165302.reg
[2011/06/25 16:49:44 | 000,009,868 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_164935.reg
[2011/06/25 16:48:22 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\Shortcut to Downloads.lnk
[2011/06/25 16:39:37 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/25 16:34:49 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/25 16:34:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/25 11:25:05 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/25 11:24:25 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/25 11:24:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/25 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/06/25 11:15:34 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/25 11:11:42 | 000,013,724 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/06/25 11:02:22 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/06/25 11:02:22 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/06/25 11:02:22 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/06/25 11:02:22 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/06/25 11:02:22 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/06/25 11:02:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/06/25 11:02:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/06/25 11:02:22 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/06/25 11:02:22 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/06/25 11:02:22 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/06/25 11:02:22 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/06/25 11:02:22 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/06/25 11:02:22 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/06/25 11:02:22 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/06/25 11:02:21 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/06/25 11:02:21 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/06/25 11:02:21 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/06/25 11:02:21 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/06/25 11:02:21 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/06/25 11:02:21 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/06/25 11:02:21 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/06/25 11:02:21 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/06/25 11:02:21 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/06/25 11:02:21 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/06/25 11:02:21 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/06/25 11:02:21 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/06/25 11:02:21 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/06/25 11:02:21 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/06/25 11:02:21 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/06/25 11:02:21 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/06/25 11:02:21 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/06/25 11:02:21 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/06/25 11:02:21 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/06/25 11:02:21 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/06/25 11:02:21 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/06/25 11:02:21 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/06/25 11:02:21 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/06/25 11:02:21 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/06/25 11:02:21 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/06/25 11:02:21 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/06/25 11:02:21 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/06/25 11:02:21 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/06/25 11:02:21 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/06/25 11:02:21 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/06/25 11:02:21 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/06/25 11:02:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/06/25 11:02:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/06/25 11:02:21 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/06/25 11:02:21 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/06/25 11:02:21 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/06/25 11:02:21 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/06/25 11:02:21 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/06/25 11:02:21 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/06/25 11:02:21 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/06/25 11:02:21 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/06/25 11:02:21 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/06/25 11:02:21 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/06/25 11:02:21 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/06/25 11:02:21 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/06/25 11:02:21 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/06/25 11:02:21 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/06/25 11:02:20 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/06/25 11:02:20 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/06/25 11:02:20 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/06/25 11:02:20 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/06/25 11:02:20 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/06/25 11:02:20 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/06/25 11:02:20 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/06/25 11:02:20 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/06/25 11:02:19 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/06/25 11:02:19 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/06/25 11:02:19 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/06/25 11:02:19 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/06/25 11:02:19 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/06/25 11:02:19 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/06/25 11:02:19 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/06/25 11:02:19 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/06/25 11:00:03 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/06/25 11:00:03 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/06/25 11:00:02 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/06/25 09:21:26 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/25 09:21:21 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Outlook Express.lnk
[2011/06/25 09:21:19 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Internet Explorer.lnk
[2011/06/25 09:21:15 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Remote Assistance.lnk
[2011/06/25 09:21:15 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Windows Media Player.lnk
[2011/06/25 08:54:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/06/25 08:52:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 08:52:24 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/25 08:52:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/25 08:52:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/25 08:52:03 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/25 08:52:02 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/25 08:51:51 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/25 08:51:47 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/25 08:51:35 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/25 08:50:44 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/25 08:50:44 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/25 08:50:44 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/06/25 08:50:41 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/25 08:50:41 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/25 08:50:40 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/25 08:49:25 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/25 08:49:15 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/06/25 08:48:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/06/25 08:48:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/06/25 08:48:42 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/06/25 08:47:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/25 08:47:03 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/06/25 08:47:03 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/06/25 08:47:03 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/06/25 08:47:03 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/06/25 08:47:03 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/06/25 08:47:03 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/06/25 08:47:03 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/06/25 08:47:03 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/06/25 08:47:03 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/06/25 08:47:03 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/06/25 08:47:03 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/06/25 08:47:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/06/25 08:47:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/06/25 08:46:59 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/06/25 08:46:50 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/06/25 02:27:32 | 002,104,298 | ---- | C] () -- C:\WINDOWS\System32\drivers\2gmgsmt.sf2
[2011/06/25 02:25:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/25 02:25:43 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/06/25 02:25:43 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/06/25 02:25:42 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/06/25 02:25:42 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/06/25 02:25:26 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/06/25 02:25:16 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/06/25 02:25:16 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/06/25 02:25:16 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/06/25 02:25:16 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/06/25 02:25:16 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/06/25 02:25:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/06/25 02:25:16 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/06/25 02:25:16 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/06/25 02:24:38 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 02:23:34 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/06/25 02:23:31 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/02/23 02:57:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/11/02 09:17:22 | 002,289,664 | ---- | C] () -- C:\WINDOWS\System32\ialmgicd.dll

========== LOP Check ==========

[2011/06/26 22:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2011/07/22 14:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/27 18:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/23 08:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LR\Application Data\uTorrent
[2011/07/23 10:15:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/23 10:05:28 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >


aswMBR log

OTL logfile created on: 7/23/2011 10:15:54 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\LR\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.39 Gb Available Physical Memory | 83.33% Memory free
4.71 Gb Paging File | 4.34 Gb Available in Paging File | 92.07% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 449.81 Gb Free Space | 96.58% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 792.80 Gb Free Space | 42.55% Space Free | Partition Type: NTFS

Computer Name: LR-75D2A86C7E85 | User Name: LR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/04/28 10:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)


========== Driver Services (SafeList) ==========

DRV - [2011/07/23 10:10:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsla99acfd8.sys -- (MpKsla99acfd8)
DRV - [2011/07/23 01:00:57 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsla8f1557d.sys -- (MpKsla8f1557d)
DRV - [2011/07/22 11:46:43 | 000,012,714 | ---- | M] (Kaspersky Lab.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\flcss.sys -- (KLAntiFL)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/07/23 10:08:23 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [KL AntiFunLove] C:\WINDOWS\system32\flcss.exe (Kaspersky Lab.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1309015527531 (WUWebControl Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.165.200.135 142.165.157.5
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/25 08:50:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 10:10:08 | 000,135,232 | ---- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.exe
[2011/07/23 10:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/22 15:48:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\Recent
[2011/07/22 11:46:43 | 000,135,232 | RHS- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.bkp
[2011/07/22 11:46:43 | 000,012,714 | ---- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.sys
[2011/07/22 10:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\Today Programs
[2011/07/22 00:43:01 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
[2011/07/21 07:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/07/21 07:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/07/18 03:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\vlc
[2011/07/18 02:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/07/10 08:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Google
[2011/07/10 08:19:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/04 03:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/07/03 11:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\HP
[2011/07/03 11:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\HPAppData
[2011/07/03 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/07/03 11:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/07/03 11:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/07/03 11:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/07/03 11:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/07/03 11:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/07/03 11:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/07/03 11:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2011/07/03 11:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/07/03 11:14:54 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/07/02 23:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\New Folder
[2011/07/02 21:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\WinRAR
[2011/07/02 21:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\WinRAR
[2011/07/02 21:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/02 21:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/02 16:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/07/02 16:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Temp
[2011/07/02 16:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/02 16:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/07/02 16:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/07/02 16:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/02 16:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Adobe
[2011/07/02 16:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/07/02 16:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Google
[2011/07/02 16:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/07/02 16:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/07/02 16:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/07/02 16:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/06/28 11:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/06/28 11:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\DVDVideoSoft
[2011/06/28 11:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/06/28 11:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/06/28 05:50:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\IECompatCache
[2011/06/27 18:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Apple Computer
[2011/06/27 18:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/27 18:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/27 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/27 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/27 18:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/06/27 18:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Apple
[2011/06/27 18:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/27 18:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/06/27 18:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/06/27 18:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/27 18:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/06/27 18:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/06/27 18:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Apple Computer
[2011/06/26 22:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Adobe
[2011/06/26 22:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Macromedia
[2011/06/26 21:55:13 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2011/06/26 21:55:06 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2011/06/26 21:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/06/26 21:52:16 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2011/06/26 21:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011/06/26 21:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2011/06/26 21:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/06/26 21:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\The Crystal Method - Divided By Night (2009) 320Kbps [Electr0]
[2011/06/26 20:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Patterns
[2011/06/26 20:58:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Videos
[2011/06/26 20:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\My Scans
[2011/06/26 20:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Music
[2011/06/26 20:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\backup!
[2011/06/26 20:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\julian's stuff
[2011/06/26 20:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\uTorrent
[2011/06/26 20:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Camp forms
[2011/06/26 20:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Identities
[2011/06/26 12:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/26 11:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/06/26 11:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/06/26 11:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Malwarebytes
[2011/06/26 00:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/26 00:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/25 16:48:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/25 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\Computer Cleaners
[2011/06/25 16:44:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/25 16:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/25 16:44:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 16:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\SUPERAntiSpyware.com
[2011/06/25 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/25 16:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/25 16:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/25 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/06/25 16:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/06/25 16:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/06/25 16:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/25 16:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/25 16:32:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\PrivacIE
[2011/06/25 16:21:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\IETldCache
[2011/06/25 16:10:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/25 16:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/06/25 16:09:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/25 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/06/25 11:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/06/25 11:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/06/25 11:22:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/25 11:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/25 11:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/06/25 11:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/06/25 11:01:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/25 11:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/06/25 10:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/06/25 10:57:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/25 09:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/06/25 09:28:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/25 09:28:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/06/25 09:25:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/25 09:24:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\UserData
[2011/06/25 09:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Identities
[2011/06/25 09:21:19 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/06/25 09:21:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Pictures
[2011/06/25 09:21:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Music
[2011/06/25 09:21:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LR\Application Data\Microsoft
[2011/06/25 09:21:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\SendTo
[2011/06/25 09:21:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\Application Data
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\Startup
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Favorites
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\Accessories
[2011/06/25 09:21:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\Cookies
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\Templates
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\PrintHood
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\NetHood
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\Local Settings
[2011/06/25 09:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Microsoft
[2011/06/25 09:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop
[2011/06/25 09:17:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/06/25 09:17:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/06/25 09:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/06/25 09:17:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/06/25 08:53:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/06/25 08:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/06/25 08:52:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/06/25 08:52:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/06/25 08:51:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/06/25 08:50:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/06/25 08:49:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/06/25 08:49:35 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/06/25 08:49:35 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/06/25 08:49:26 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/06/25 08:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/06/25 08:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/06/25 08:48:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/06/25 08:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/06/25 08:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/06/25 08:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/06/25 08:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/06/25 08:48:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/06/25 08:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/06/25 08:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/06/25 08:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/06/25 08:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/06/25 08:48:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/06/25 08:47:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/06/25 08:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/06/25 08:47:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/06/25 08:47:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/06/25 08:47:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/06/25 08:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/06/25 08:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/06/25 08:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/06/25 08:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/06/25 08:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/06/25 08:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/06/25 08:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/06/25 08:46:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/06/25 08:46:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/25 08:33:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/06/25 02:25:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/06/25 02:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/06/25 02:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/06/25 02:25:41 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/06/25 02:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/06/25 02:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/06/25 02:25:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/06/25 02:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/06/25 02:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/06/25 02:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/06/25 02:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/06/25 02:25:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/06/25 02:25:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/06/25 02:24:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/06/25 02:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/06/25 02:17:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/06/25 02:17:54 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/06/25 02:17:54 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/06/25 02:17:54 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/06/25 02:17:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 30 Days ==========

[2011/07/23 10:17:34 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LR\Desktop\aswMBR.exe
[2011/07/23 10:15:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/23 10:10:08 | 000,135,232 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\srv32.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\scrsvr.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\marco!.scr
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\instit.bat
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bride.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brasil.pif
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brasil.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\alevir.exe
[2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\aavar.pif
[2011/07/23 10:10:00 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/23 10:10:00 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 10:09:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/23 10:08:23 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/23 10:05:28 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job
[2011/07/23 09:42:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/23 02:32:50 | 000,010,058 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\census.cache
[2011/07/23 02:32:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\ars.cache
[2011/07/23 01:16:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\housecall.guid.cache
[2011/07/22 19:59:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/22 14:17:10 | 000,006,582 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110722_141707.reg
[2011/07/22 11:46:43 | 000,135,232 | RHS- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.bkp
[2011/07/22 11:46:43 | 000,012,714 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.sys
[2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
[2011/07/21 08:33:48 | 099,123,520 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\setup_11.0.0.1245.x01_2011_07_21_17_18.exe
[2011/07/21 07:56:00 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\sar_15_sfx.exe
[2011/07/18 02:07:47 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/18 01:54:48 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\vlc-1.1.11-win32.exe
[2011/07/17 03:16:50 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110717_031646.reg
[2011/07/14 03:32:26 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/11 19:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/10 07:56:59 | 000,002,662 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110710_075654.reg
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/03 11:20:53 | 000,157,683 | ---- | M] () -- C:\WINDOWS\hpoins28.dat
[2011/06/30 03:21:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/29 05:23:05 | 000,000,297 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\Document.tch.rtf
[2011/06/29 01:41:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/29 01:13:16 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110629_011313.reg
[2011/06/28 11:09:09 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\DVDVideoSoft Free Studio.lnk
[2011/06/27 20:15:30 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2011/06/27 19:37:19 | 000,015,488 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110627_193716.reg
[2011/06/26 21:35:25 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/06/26 11:28:56 | 000,000,978 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110626_112854.reg
[2011/06/26 00:19:13 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 00:19:13 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/25 16:53:05 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_165302.reg
[2011/06/25 16:49:46 | 000,009,868 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_164935.reg
[2011/06/25 16:48:22 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\Shortcut to Downloads.lnk
[2011/06/25 16:34:49 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/25 11:25:05 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/25 11:25:05 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/25 11:24:25 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/25 11:24:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/06/25 11:11:42 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/06/25 11:07:50 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/25 10:59:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/25 09:21:26 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/25 08:54:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/06/25 08:52:53 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/25 08:50:44 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/25 08:50:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/25 08:50:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/25 08:50:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/25 08:50:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/25 08:50:32 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/25 08:47:46 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/25 08:32:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2011/07/23 02:32:50 | 000,010,058 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\census.cache
[2011/07/23 02:32:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\ars.cache
[2011/07/23 01:16:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\housecall.guid.cache
[2011/07/22 14:17:08 | 000,006,582 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110722_141707.reg
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\srv32.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\scrsvr.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\marco!.scr
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\instit.bat
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\bride.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brasil.pif
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brasil.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\alevir.exe
[2011/07/22 11:48:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\aavar.pif
[2011/07/21 08:33:45 | 099,123,520 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\setup_11.0.0.1245.x01_2011_07_21_17_18.exe
[2011/07/21 07:55:51 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\sar_15_sfx.exe
[2011/07/18 02:07:47 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/18 01:53:26 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\vlc-1.1.11-win32.exe
[2011/07/17 03:16:48 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110717_031646.reg
[2011/07/10 07:56:57 | 000,002,662 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110710_075654.reg
[2011/07/03 11:19:10 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/07/03 11:13:12 | 000,157,683 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/07/03 11:13:12 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/07/02 16:44:49 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/02 16:43:21 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/02 16:43:21 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 03:21:33 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/29 05:23:05 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\Document.tch.rtf
[2011/06/29 01:41:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/29 01:13:15 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110629_011313.reg
[2011/06/28 11:09:08 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\DVDVideoSoft Free Studio.lnk
[2011/06/28 09:00:22 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job
[2011/06/27 20:15:30 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2011/06/27 19:37:18 | 000,015,488 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110627_193716.reg
[2011/06/27 18:37:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/27 18:37:27 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/26 21:53:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2011/06/26 21:35:25 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/06/26 21:01:37 | 000,263,215 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\Application for a Death Certificate.pdf
[2011/06/26 21:01:37 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/06/26 21:00:25 | 000,657,888 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\28-DayBreakFreePlan.pdf
[2011/06/26 21:00:25 | 000,462,820 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\USSUGSAhealth.pdf
[2011/06/26 21:00:25 | 000,400,835 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\RiceCooker.pdf
[2011/06/26 21:00:25 | 000,032,390 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\fjerase.zip
[2011/06/26 11:28:55 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110626_112854.reg
[2011/06/26 00:25:51 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/06/25 16:53:03 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_165302.reg
[2011/06/25 16:49:44 | 000,009,868 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_164935.reg
[2011/06/25 16:48:22 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\Shortcut to Downloads.lnk
[2011/06/25 16:39:37 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/25 16:34:49 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/25 16:34:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/25 11:25:05 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/25 11:24:25 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/25 11:24:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/25 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/06/25 11:15:34 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/25 11:11:42 | 000,013,724 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/06/25 11:02:22 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/06/25 11:02:22 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/06/25 11:02:22 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/06/25 11:02:22 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/06/25 11:02:22 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/06/25 11:02:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/06/25 11:02:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/06/25 11:02:22 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/06/25 11:02:22 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/06/25 11:02:22 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/06/25 11:02:22 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/06/25 11:02:22 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/06/25 11:02:22 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/06/25 11:02:22 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/06/25 11:02:21 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/06/25 11:02:21 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/06/25 11:02:21 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/06/25 11:02:21 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/06/25 11:02:21 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/06/25 11:02:21 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/06/25 11:02:21 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/06/25 11:02:21 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/06/25 11:02:21 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/06/25 11:02:21 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/06/25 11:02:21 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/06/25 11:02:21 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/06/25 11:02:21 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/06/25 11:02:21 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/06/25 11:02:21 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/06/25 11:02:21 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/06/25 11:02:21 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/06/25 11:02:21 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/06/25 11:02:21 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/06/25 11:02:21 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/06/25 11:02:21 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/06/25 11:02:21 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/06/25 11:02:21 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/06/25 11:02:21 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/06/25 11:02:21 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/06/25 11:02:21 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/06/25 11:02:21 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/06/25 11:02:21 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/06/25 11:02:21 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/06/25 11:02:21 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/06/25 11:02:21 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/06/25 11:02:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/06/25 11:02:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/06/25 11:02:21 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/06/25 11:02:21 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/06/25 11:02:21 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/06/25 11:02:21 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/06/25 11:02:21 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/06/25 11:02:21 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/06/25 11:02:21 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/06/25 11:02:21 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/06/25 11:02:21 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/06/25 11:02:21 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/06/25 11:02:21 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/06/25 11:02:21 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/06/25 11:02:21 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/06/25 11:02:21 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/06/25 11:02:20 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/06/25 11:02:20 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/06/25 11:02:20 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/06/25 11:02:20 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/06/25 11:02:20 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/06/25 11:02:20 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/06/25 11:02:20 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/06/25 11:02:20 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/06/25 11:02:19 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/06/25 11:02:19 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/06/25 11:02:19 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/06/25 11:02:19 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/06/25 11:02:19 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/06/25 11:02:19 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/06/25 11:02:19 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/06/25 11:02:19 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/06/25 11:00:03 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/06/25 11:00:03 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/06/25 11:00:02 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/06/25 09:21:26 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/25 09:21:21 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Outlook Express.lnk
[2011/06/25 09:21:19 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Internet Explorer.lnk
[2011/06/25 09:21:15 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Remote Assistance.lnk
[2011/06/25 09:21:15 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Windows Media Player.lnk
[2011/06/25 08:54:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/06/25 08:52:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 08:52:24 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/25 08:52:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/25 08:52:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/25 08:52:03 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/25 08:52:02 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/25 08:51:51 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/25 08:51:47 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/25 08:51:35 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/25 08:50:44 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/25 08:50:44 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/25 08:50:44 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/06/25 08:50:41 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/25 08:50:41 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/25 08:50:40 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/25 08:49:25 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/25 08:49:15 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/06/25 08:48:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/06/25 08:48:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/06/25 08:48:42 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/06/25 08:47:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/25 08:47:03 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/06/25 08:47:03 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/06/25 08:47:03 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/06/25 08:47:03 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/06/25 08:47:03 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/06/25 08:47:03 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/06/25 08:47:03 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/06/25 08:47:03 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/06/25 08:47:03 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/06/25 08:47:03 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/06/25 08:47:03 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/06/25 08:47:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/06/25 08:47:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/06/25 08:46:59 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/06/25 08:46:50 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/06/25 02:27:32 | 002,104,298 | ---- | C] () -- C:\WINDOWS\System32\drivers\2gmgsmt.sf2
[2011/06/25 02:25:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/25 02:25:43 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/06/25 02:25:43 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/06/25 02:25:42 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/06/25 02:25:42 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/06/25 02:25:26 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/06/25 02:25:16 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/06/25 02:25:16 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/06/25 02:25:16 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/06/25 02:25:16 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/06/25 02:25:16 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/06/25 02:25:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/06/25 02:25:16 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/06/25 02:25:16 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/06/25 02:24:38 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 02:23:34 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/06/25 02:23:31 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/02/23 02:57:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/11/02 09:17:22 | 002,289,664 | ---- | C] () -- C:\WINDOWS\System32\ialmgicd.dll

========== LOP Check ==========

[2011/06/26 22:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2011/07/22 14:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/27 18:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/23 08:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LR\Application Data\uTorrent
[2011/07/23 10:15:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/23 10:05:28 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#4
Essexboy
Posted 23 July 2011 - 10:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi you posted the OTL log twice and not the aswMBR log.. However, I did miss one on the first run and it has re-installed itself so lets try again. Could you post the aswMBR.txt from your desktop please

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - [2011/07/22 11:46:43 | 000,012,714 | ---- | M] (Kaspersky Lab.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\flcss.sys -- (KLAntiFL)
    O4 - HKLM..\Run: [KL AntiFunLove] C:\WINDOWS\system32\flcss.exe (Kaspersky Lab.)
    [2011/07/23 10:10:08 | 000,135,232 | ---- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.exe
    [2011/07/22 11:46:43 | 000,135,232 | RHS- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.bkp
    [2011/07/22 11:46:43 | 000,012,714 | ---- | C] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.sys
    [2011/07/23 10:10:08 | 000,135,232 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.exe
    [2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\srv32.exe
    [2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\scrsvr.exe
    [2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\marco!.scr
    [2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\instit.bat
    [2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\bride.exe
    [2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brasil.pif
    [2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\brasil.exe
    [2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\alevir.exe
    [2011/07/23 10:10:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\aavar.pif
    [2011/07/22 11:46:43 | 000,135,232 | RHS- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.bkp
    [2011/07/22 11:46:43 | 000,012,714 | ---- | M] (Kaspersky Lab.) -- C:\WINDOWS\System32\flcss.sys

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Lisa0917
Posted 23 July 2011 - 10:50 AM

Lisa0917

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Yes, it seems I did. I'm very sorry. Here is the aswMBR log first, then the latest OTL log following.

aswMBR log

aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software
Run date: 2011-07-23 10:21:28
-----------------------------
10:21:28.265 OS Version: Windows 5.1.2600 Service Pack 3
10:21:28.265 Number of processors: 2 586 0x401
10:21:28.265 ComputerName: LR-75D2A86C7E85 UserName: LR
10:21:35.250 Initialize success
10:22:33.093 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e
10:22:33.093 Disk 0 Vendor: ST3500413AS JC45 Size: 476940MB BusType: 3
10:22:33.093 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T1L0-19
10:22:33.093 Disk 1 Vendor: ST32000542AS CC34 Size: 1907729MB BusType: 3
10:22:33.109 Disk 0 MBR read successfully
10:22:33.109 Disk 0 MBR scan
10:22:33.109 Disk 0 Windows XP default MBR code
10:22:33.109 Disk 0 scanning sectors +976752000
10:22:33.187 Disk 0 scanning C:\WINDOWS\system32\drivers
10:22:38.875 Service scanning
10:22:39.125 Service MpKsla99acfd8 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsla99acfd8.sys **LOCKED** 32
10:22:39.718 Modules scanning
10:22:42.250 Disk 0 trace - called modules:
10:22:42.265 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
10:22:42.281 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a38fab8]
10:22:42.281 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-e[0x8a391d98]
10:22:42.281 Scan finished successfully
10:22:55.796 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\LR\Desktop\MBR.dat"
10:22:55.812 The log file has been saved successfully to "C:\Documents and Settings\LR\Desktop\aswMBR.txt"


OTL log

OTL logfile created on: 7/23/2011 10:44:05 AM - Run 4
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\LR\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.87 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 84.47% Memory free
4.71 Gb Paging File | 4.39 Gb Available in Paging File | 93.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 449.80 Gb Free Space | 96.57% Space Free | Partition Type: NTFS
Drive E: | 1863.01 Gb Total Space | 792.80 Gb Free Space | 42.55% Space Free | Partition Type: NTFS

Computer Name: LR-75D2A86C7E85 | User Name: LR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:42 | 000,226,984 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/08/17 16:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/04/28 10:05:56 | 000,715,264 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/25 15:14:34 | 000,053,248 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/04/28 10:06:06 | 001,195,008 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall\acs.exe -- (acssrv)


========== Driver Services (SafeList) ==========

DRV - [2011/07/23 10:10:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsla99acfd8.sys -- (MpKsla99acfd8)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/04/06 11:37:12 | 000,704,384 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2009/02/18 17:30:56 | 000,031,128 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/02/10 16:15:42 | 000,257,432 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001/08/17 06:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 06:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 06:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 06:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2011/07/23 10:41:40 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall\op_mon.exe (Agnitum Ltd.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1309015527531 (WUWebControl Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadbl...ivex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 142.165.200.135 142.165.157.5
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/25 08:50:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/23 10:17:29 | 001,915,904 | ---- | C] (AVAST Software) -- C:\Documents and Settings\LR\Desktop\aswMBR.exe
[2011/07/23 10:08:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/22 15:48:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\Recent
[2011/07/22 10:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\Today Programs
[2011/07/22 00:43:01 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
[2011/07/21 07:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sophos
[2011/07/21 07:56:20 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/07/18 03:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\vlc
[2011/07/18 02:07:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/07/10 08:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Google
[2011/07/10 08:19:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/07/04 03:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/07/03 11:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\HP
[2011/07/03 11:49:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\HPAppData
[2011/07/03 11:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2011/07/03 11:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/07/03 11:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2011/07/03 11:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/07/03 11:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2011/07/03 11:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2011/07/03 11:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2011/07/03 11:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2011/07/03 11:15:17 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/07/03 11:14:54 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/07/02 23:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\New Folder
[2011/07/02 21:02:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\WinRAR
[2011/07/02 21:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\WinRAR
[2011/07/02 21:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/07/02 21:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/02 16:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/07/02 16:45:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Temp
[2011/07/02 16:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/07/02 16:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/07/02 16:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/07/02 16:43:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/07/02 16:43:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Adobe
[2011/07/02 16:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/07/02 16:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Google
[2011/07/02 16:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/07/02 16:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/07/02 16:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2011/07/02 16:42:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2011/06/28 11:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2011/06/28 11:09:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\DVDVideoSoft
[2011/06/28 11:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/06/28 11:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/06/28 05:50:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\IECompatCache
[2011/06/27 18:40:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Apple Computer
[2011/06/27 18:40:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/27 18:39:05 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/27 18:39:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/27 18:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/27 18:37:50 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/06/27 18:37:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/06/27 18:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Apple
[2011/06/27 18:37:25 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/06/27 18:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/06/27 18:37:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/06/27 18:36:38 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/06/27 18:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/06/27 18:36:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/06/27 18:35:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Apple Computer
[2011/06/26 22:15:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Adobe
[2011/06/26 22:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Macromedia
[2011/06/26 21:55:13 | 000,704,384 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\SandBox.sys
[2011/06/26 21:55:06 | 000,257,432 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afwcore.sys
[2011/06/26 21:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Agnitum
[2011/06/26 21:52:16 | 000,031,128 | ---- | C] (Agnitum Ltd.) -- C:\WINDOWS\System32\drivers\afw.sys
[2011/06/26 21:51:28 | 000,000,000 | ---D | C] -- C:\Program Files\Agnitum
[2011/06/26 21:51:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2011/06/26 21:35:20 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/06/26 21:00:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\The Crystal Method - Divided By Night (2009) 320Kbps [Electr0]
[2011/06/26 20:59:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Patterns
[2011/06/26 20:58:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Videos
[2011/06/26 20:58:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\My Scans
[2011/06/26 20:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Music
[2011/06/26 20:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\backup!
[2011/06/26 20:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\julian's stuff
[2011/06/26 20:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\uTorrent
[2011/06/26 20:34:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\My Documents\Camp forms
[2011/06/26 20:29:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Identities
[2011/06/26 12:43:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/26 11:27:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/06/26 11:27:36 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/06/26 11:06:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Malwarebytes
[2011/06/26 00:26:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/06/26 00:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/06/25 16:48:06 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/06/25 16:45:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop\Computer Cleaners
[2011/06/25 16:44:27 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/25 16:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/25 16:44:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 16:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/25 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\SUPERAntiSpyware.com
[2011/06/25 16:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/25 16:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/25 16:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/25 16:39:27 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2011/06/25 16:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2011/06/25 16:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/06/25 16:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/06/25 16:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/06/25 16:32:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\PrivacIE
[2011/06/25 16:21:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\IETldCache
[2011/06/25 16:10:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/06/25 16:09:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/06/25 16:09:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/06/25 11:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/06/25 11:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2011/06/25 11:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/06/25 11:22:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/06/25 11:07:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/06/25 11:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/06/25 11:02:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/06/25 11:02:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/06/25 11:01:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/06/25 11:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/06/25 10:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/06/25 10:57:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/06/25 09:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/06/25 09:28:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/06/25 09:28:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/06/25 09:25:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/06/25 09:24:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\UserData
[2011/06/25 09:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Application Data\Identities
[2011/06/25 09:21:19 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/06/25 09:21:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Pictures
[2011/06/25 09:21:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents\My Music
[2011/06/25 09:21:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LR\Application Data\Microsoft
[2011/06/25 09:21:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\SendTo
[2011/06/25 09:21:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\LR\Application Data
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\Startup
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\My Documents
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Favorites
[2011/06/25 09:21:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\LR\Start Menu\Programs\Accessories
[2011/06/25 09:21:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LR\Cookies
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\Templates
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\PrintHood
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\NetHood
[2011/06/25 09:21:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LR\Local Settings
[2011/06/25 09:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Local Settings\Application Data\Microsoft
[2011/06/25 09:21:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LR\Desktop
[2011/06/25 09:17:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/06/25 09:17:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/06/25 09:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/06/25 09:17:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/06/25 08:53:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/06/25 08:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/06/25 08:52:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/06/25 08:52:29 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/06/25 08:51:33 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/06/25 08:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/06/25 08:50:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/06/25 08:49:43 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/06/25 08:49:35 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/06/25 08:49:35 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/06/25 08:49:26 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/06/25 08:49:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/06/25 08:48:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/06/25 08:48:38 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/06/25 08:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/06/25 08:48:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/06/25 08:48:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/06/25 08:48:26 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/06/25 08:48:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/06/25 08:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/06/25 08:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/06/25 08:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/06/25 08:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/06/25 08:48:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/06/25 08:47:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/06/25 08:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/06/25 08:47:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/06/25 08:47:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/06/25 08:47:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/06/25 08:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/06/25 08:47:25 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/06/25 08:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/06/25 08:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/06/25 08:46:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/06/25 08:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/06/25 08:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/06/25 08:46:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/06/25 08:46:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/06/25 08:33:29 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/06/25 02:25:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/06/25 02:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/06/25 02:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/06/25 02:25:41 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/06/25 02:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/06/25 02:25:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/06/25 02:25:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/06/25 02:25:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/06/25 02:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/06/25 02:25:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/06/25 02:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/06/25 02:25:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/06/25 02:25:00 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/06/25 02:25:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/06/25 02:24:39 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/06/25 02:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/06/25 02:17:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/06/25 02:17:54 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/06/25 02:17:54 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/06/25 02:17:54 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/06/25 02:17:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/06/25 02:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 30 Days ==========

[2011/07/23 10:43:05 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/23 10:43:05 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/23 10:42:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/23 10:41:40 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/23 10:26:49 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job
[2011/07/23 10:22:55 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\MBR.dat
[2011/07/23 10:17:34 | 001,915,904 | ---- | M] (AVAST Software) -- C:\Documents and Settings\LR\Desktop\aswMBR.exe
[2011/07/23 10:15:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/07/23 09:42:00 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/23 02:32:50 | 000,010,058 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\census.cache
[2011/07/23 02:32:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\ars.cache
[2011/07/23 01:16:57 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\housecall.guid.cache
[2011/07/22 19:59:15 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\LR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/22 14:17:10 | 000,006,582 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110722_141707.reg
[2011/07/22 00:43:09 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\LR\Desktop\OTL.exe
[2011/07/21 08:33:48 | 099,123,520 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\setup_11.0.0.1245.x01_2011_07_21_17_18.exe
[2011/07/21 07:56:00 | 001,376,832 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\sar_15_sfx.exe
[2011/07/18 02:07:47 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/18 01:54:48 | 021,073,936 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\vlc-1.1.11-win32.exe
[2011/07/17 03:16:50 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110717_031646.reg
[2011/07/14 03:32:26 | 000,091,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/11 19:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/10 07:56:59 | 000,002,662 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110710_075654.reg
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/03 11:20:53 | 000,157,683 | ---- | M] () -- C:\WINDOWS\hpoins28.dat
[2011/06/30 03:21:33 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/29 05:23:05 | 000,000,297 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\Document.tch.rtf
[2011/06/29 01:41:48 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/29 01:13:16 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110629_011313.reg
[2011/06/28 11:09:09 | 000,000,892 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\DVDVideoSoft Free Studio.lnk
[2011/06/27 20:15:30 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2011/06/27 19:37:19 | 000,015,488 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110627_193716.reg
[2011/06/26 21:35:25 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/06/26 11:28:56 | 000,000,978 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110626_112854.reg
[2011/06/26 00:19:13 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/26 00:19:13 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/25 16:53:05 | 000,001,552 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_165302.reg
[2011/06/25 16:49:46 | 000,009,868 | ---- | M] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_164935.reg
[2011/06/25 16:48:22 | 000,000,350 | ---- | M] () -- C:\Documents and Settings\LR\Desktop\Shortcut to Downloads.lnk
[2011/06/25 16:34:49 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/06/25 11:25:05 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/25 11:25:05 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/25 11:24:25 | 000,252,316 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/25 11:24:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/06/25 11:11:42 | 000,013,724 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2011/06/25 11:07:50 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/25 10:59:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/25 09:21:26 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/25 08:54:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/06/25 08:52:53 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/06/25 08:50:44 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/25 08:50:44 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/06/25 08:50:44 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/06/25 08:50:41 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/25 08:50:41 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/25 08:50:32 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/25 08:47:46 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/25 08:32:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini

========== Files Created - No Company Name ==========

[2011/07/23 10:22:55 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\MBR.dat
[2011/07/23 02:32:50 | 000,010,058 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\census.cache
[2011/07/23 02:32:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\ars.cache
[2011/07/23 01:16:57 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\housecall.guid.cache
[2011/07/22 14:17:08 | 000,006,582 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110722_141707.reg
[2011/07/21 08:33:45 | 099,123,520 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\setup_11.0.0.1245.x01_2011_07_21_17_18.exe
[2011/07/21 07:55:51 | 001,376,832 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\sar_15_sfx.exe
[2011/07/18 02:07:47 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2011/07/18 01:53:26 | 021,073,936 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\vlc-1.1.11-win32.exe
[2011/07/17 03:16:48 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110717_031646.reg
[2011/07/10 07:56:57 | 000,002,662 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110710_075654.reg
[2011/07/03 11:19:10 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/07/03 11:13:12 | 000,157,683 | ---- | C] () -- C:\WINDOWS\hpoins28.dat
[2011/07/03 11:13:12 | 000,000,932 | ---- | C] () -- C:\WINDOWS\hpomdl28.dat
[2011/07/02 16:44:49 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/07/02 16:43:21 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/02 16:43:21 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 03:21:33 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/29 05:23:05 | 000,000,297 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\Document.tch.rtf
[2011/06/29 01:41:48 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/06/29 01:13:15 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110629_011313.reg
[2011/06/28 11:09:08 | 000,000,892 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\DVDVideoSoft Free Studio.lnk
[2011/06/28 09:00:22 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job
[2011/06/27 20:15:30 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\E-mail.lnk
[2011/06/27 19:37:18 | 000,015,488 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110627_193716.reg
[2011/06/27 18:37:31 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/27 18:37:27 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/06/26 21:53:35 | 000,000,049 | ---- | C] () -- C:\WINDOWS\transp.gif
[2011/06/26 21:35:25 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/06/26 21:01:37 | 000,263,215 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\Application for a Death Certificate.pdf
[2011/06/26 21:01:37 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\ASIO4ALL v2 Instruction Manual.lnk
[2011/06/26 21:00:25 | 000,657,888 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\28-DayBreakFreePlan.pdf
[2011/06/26 21:00:25 | 000,462,820 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\USSUGSAhealth.pdf
[2011/06/26 21:00:25 | 000,400,835 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\RiceCooker.pdf
[2011/06/26 21:00:25 | 000,032,390 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\fjerase.zip
[2011/06/26 11:28:55 | 000,000,978 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110626_112854.reg
[2011/06/26 00:25:51 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2011/06/25 16:53:03 | 000,001,552 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_165302.reg
[2011/06/25 16:49:44 | 000,009,868 | ---- | C] () -- C:\Documents and Settings\LR\My Documents\cc_20110625_164935.reg
[2011/06/25 16:48:22 | 000,000,350 | ---- | C] () -- C:\Documents and Settings\LR\Desktop\Shortcut to Downloads.lnk
[2011/06/25 16:39:37 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/25 16:34:49 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/06/25 16:34:28 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/06/25 11:25:05 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/25 11:24:25 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/25 11:24:25 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/25 11:24:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2011/06/25 11:15:34 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\LR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/25 11:11:42 | 000,013,724 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak
[2011/06/25 11:02:22 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/06/25 11:02:22 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/06/25 11:02:22 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/06/25 11:02:22 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/06/25 11:02:22 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/06/25 11:02:22 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/06/25 11:02:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/06/25 11:02:22 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/06/25 11:02:22 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/06/25 11:02:22 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/06/25 11:02:22 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/06/25 11:02:22 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/06/25 11:02:22 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/06/25 11:02:22 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/06/25 11:02:22 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/06/25 11:02:21 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/06/25 11:02:21 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/06/25 11:02:21 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/06/25 11:02:21 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/06/25 11:02:21 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/06/25 11:02:21 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/06/25 11:02:21 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/06/25 11:02:21 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/06/25 11:02:21 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/06/25 11:02:21 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/06/25 11:02:21 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/06/25 11:02:21 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/06/25 11:02:21 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/06/25 11:02:21 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/06/25 11:02:21 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/06/25 11:02:21 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/06/25 11:02:21 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/06/25 11:02:21 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/06/25 11:02:21 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/06/25 11:02:21 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/06/25 11:02:21 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/06/25 11:02:21 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/06/25 11:02:21 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/06/25 11:02:21 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/06/25 11:02:21 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/06/25 11:02:21 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/06/25 11:02:21 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/06/25 11:02:21 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/06/25 11:02:21 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/06/25 11:02:21 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/06/25 11:02:21 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/06/25 11:02:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/06/25 11:02:21 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/06/25 11:02:21 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/06/25 11:02:21 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/06/25 11:02:21 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/06/25 11:02:21 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/06/25 11:02:21 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/06/25 11:02:21 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/06/25 11:02:21 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/06/25 11:02:21 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/06/25 11:02:21 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/06/25 11:02:21 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/06/25 11:02:21 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/06/25 11:02:21 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/06/25 11:02:21 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/06/25 11:02:21 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/06/25 11:02:20 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/06/25 11:02:20 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/06/25 11:02:20 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/06/25 11:02:20 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/06/25 11:02:20 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/06/25 11:02:20 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/06/25 11:02:20 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/06/25 11:02:20 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/06/25 11:02:19 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/06/25 11:02:19 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/06/25 11:02:19 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/06/25 11:02:19 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/06/25 11:02:19 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/06/25 11:02:19 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/06/25 11:02:19 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/06/25 11:02:19 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/06/25 11:00:03 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/06/25 11:00:03 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/06/25 11:00:02 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/06/25 09:21:26 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\LR\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/06/25 09:21:21 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Outlook Express.lnk
[2011/06/25 09:21:19 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Internet Explorer.lnk
[2011/06/25 09:21:15 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Remote Assistance.lnk
[2011/06/25 09:21:15 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\LR\Start Menu\Programs\Windows Media Player.lnk
[2011/06/25 08:54:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/06/25 08:52:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/25 08:52:24 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/06/25 08:52:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/06/25 08:52:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/06/25 08:52:03 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/06/25 08:52:02 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/06/25 08:51:51 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/06/25 08:51:47 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/06/25 08:51:35 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/06/25 08:50:44 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/25 08:50:44 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/06/25 08:50:44 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/06/25 08:50:44 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/06/25 08:50:41 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/06/25 08:50:41 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/06/25 08:50:40 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/06/25 08:49:25 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/06/25 08:49:15 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/06/25 08:48:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/06/25 08:48:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/06/25 08:48:42 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/06/25 08:47:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/25 08:47:03 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/06/25 08:47:03 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/06/25 08:47:03 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/06/25 08:47:03 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/06/25 08:47:03 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/06/25 08:47:03 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/06/25 08:47:03 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/06/25 08:47:03 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/06/25 08:47:03 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/06/25 08:47:03 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/06/25 08:47:03 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/06/25 08:47:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/06/25 08:47:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/06/25 08:46:59 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/06/25 08:46:50 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/06/25 02:27:32 | 002,104,298 | ---- | C] () -- C:\WINDOWS\System32\drivers\2gmgsmt.sf2
[2011/06/25 02:25:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/25 02:25:43 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/06/25 02:25:43 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/06/25 02:25:42 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/06/25 02:25:42 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/06/25 02:25:26 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/06/25 02:25:16 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/06/25 02:25:16 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/06/25 02:25:16 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/06/25 02:25:16 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/06/25 02:25:16 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/06/25 02:25:16 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/06/25 02:25:16 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/06/25 02:25:16 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/06/25 02:24:38 | 000,091,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/25 02:23:34 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011/06/25 02:23:31 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/02/23 02:57:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2006/02/28 06:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 06:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 06:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 06:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/11/02 09:17:22 | 002,289,664 | ---- | C] () -- C:\WINDOWS\System32\ialmgicd.dll

========== LOP Check ==========

[2011/06/26 22:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2011/07/22 14:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/06/27 18:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/07/23 08:24:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LR\Application Data\uTorrent
[2011/07/23 10:15:03 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/07/23 10:26:49 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
  • 0

#6
Essexboy
Posted 23 July 2011 - 10:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Has there been any improvement ?

If not then do the following

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
Lisa0917
Posted 23 July 2011 - 11:31 AM

Lisa0917

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Unfortunately, the computer is as slow as ever, and I just got a weird pop-up saying the IE is not my default browser, and I have no other browser installed to my knowledge. I ran Combofix as described, here is the log.

Combofix log


ComboFix 11-07-23.03 - LR 07/23/2011 11:12:22.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2935.2496 [GMT -6:00]
Running from: c:\documents and settings\LR\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Outpost Firewall *Disabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((( Files Created from 2011-06-23 to 2011-07-23 )))))))))))))))))))))))))))))))
.
.
2011-07-23 16:08 . 2011-07-23 16:08 -------- d-----w- C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-02 14:02 . 2006-02-28 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-16 15:45 . 2011-05-16 15:45 7040 ----a-w- c:\windows\system32\sabprocenum.sys
2011-04-29 17:25 . 2006-02-28 12:00 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07 . 2006-02-28 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11 . 2006-02-28 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 14:47 . 2011-04-25 14:47 81920 ------w- c:\windows\system32\ieencode.dll
2011-04-25 12:01 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-07-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-23 13880424]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2009-04-28 2374464]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 18:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 22:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-07 23:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-07 01:52 449584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2011-02-23 07:33 13880424 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2011-02-23 07:33 111208 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-11-04 14:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostFeedBack]
2009-04-28 16:04 428032 ----a-w- c:\program files\Agnitum\Outpost Firewall\feedback.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OutpostMonitor]
2009-04-28 17:33 2374464 ----a-w- c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-06-10 16:26 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-07-10 14:24 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall Adobe Download Manager]
2011-05-25 21:14 35552 ----a-w- c:\program files\NOS\bin\getPlusUninst_Adobe.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
.
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [6/26/2011 9:55 PM 704384]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [6/26/2011 9:51 PM 1195008]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [6/26/2011 9:52 PM 31128]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [6/26/2011 9:55 PM 257432]
S1 MpKsl9aca333b;MpKsl9aca333b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsl9aca333b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsl9aca333b.sys [?]
S1 MpKsla99acfd8;MpKsla99acfd8;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsla99acfd8.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B1C36241-81F4-402C-B1CE-C66A664FDFA5}\MpKsla99acfd8.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/2/2011 4:43 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/2/2011 4:43 PM 136176]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3.tmp --> c:\windows\system32\3.tmp [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [2/28/2006 6:00 AM 14336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-02 22:43]
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-02 22:43]
.
2011-07-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 18:26]
.
2011-07-23 c:\windows\Tasks\User_Feed_Synchronization-{196FE181-EE2C-471D-BB36-B6DE6A612368}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 142.165.200.135 142.165.157.5
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-23 11:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(728)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\devldr32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-07-23 11:20:26 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-23 17:20
.
Pre-Run: 482,892,382,208 bytes free
Post-Run: 482,802,642,944 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 55B3A1837622EE249C95FE704C57F846
  • 0

#8
Essexboy
Posted 23 July 2011 - 11:44 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Well I can see no apparent malware - I can try one further programme which looks in different areas, but to be honest I do not feel it will find anything

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.

Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#9
Lisa0917
Posted 24 July 2011 - 12:27 PM

Lisa0917

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I just cold-booted my modem downstairs and my speed is back. Here are the logs for the scans. If they are clean, then I think all is well, and I owe you a great big thank-you!!

I have to attach the logs. I think they are too big to paste in.

I have to reboot to get the zip file.
  • 0

#10
Lisa0917
Posted 24 July 2011 - 01:05 PM

Lisa0917

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Okay. I figured it out. The text file for Kapersky autoscan is 34MB, so it won't attach and it won't paste into. The problem with the zip file is that it is not saved at the location you mentioned and I can't seem to track it down in the computer anywhere.
  • 0

Advertisements

#11
Essexboy
Posted 24 July 2011 - 02:06 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that is weird... However, did AVP report any infections during the main scan ? They should be enumerated at the end of the log
  • 0

#12
Lisa0917
Posted 25 July 2011 - 01:32 PM

Lisa0917

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
No, most files scanned ok, but many were not scanned, various reasons, one being that they were password protected, which I don't understand.

I can modify the log and post only files that do not say ok if that would help.

The program has changed since your screenshots. It looks different, the options are in different places, perhaps it stores differently now? For instance, your post said I should find the log in a folder on my desktop, but the program never created a folder on my desktop. I got it to open a folder with the log, but couldn't trace it to load it as an attachment (I'm talking about the zip file now). I didn't think until after to try the windows search. I could rerun it and try that if you like.

The internet is running fine now. Uploading is still a bit slow, but much, much better.
  • 0

#13
Essexboy
Posted 25 July 2011 - 01:49 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Password protected files are usually antivirus/malware signatures use by your AV or something like malwarebytes, this is to stop false alerts being made when you scan your computer

I will re-run AVP tool myself to check out any changes and amend as necessary, thank you :)

If you could find the zip file it would help

But I cannot see any malware so mayhap it just needs a bit of a spring clean - we will look at that anon
  • 0

#14
Lisa0917
Posted 25 July 2011 - 02:11 PM

Lisa0917

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Aha! I found it! Forgot to check for hidden folders, assumed I had the option checked to show hidden folders. Windows is a pain sometimes...

Attached Files


  • 0

#15
Essexboy
Posted 25 July 2011 - 02:17 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Again that came up clean - lets try a little spring clean next

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

THEN

This may take an hour or so for the disc check to run - so if you do not have the time then just select a standard defrag :)

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check
Posted Image
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP