Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

antivirus 2011


  • This topic is locked This topic is locked

#1
hemabody

hemabody

    New Member

  • Member
  • Pip
  • 0 posts
OTL logfile created on: 3/19/2010 6:47:04 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\user\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 49.02% Memory free
3.85 Gb Paging File | 3.12 Gb Available in Paging File | 81.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 75.16 Gb Free Space | 76.96% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 95.25 Gb Free Space | 97.54% Space Free | Partition Type: NTFS
Drive E: | 102.77 Gb Total Space | 99.11 Gb Free Space | 96.43% Space Free | Partition Type: NTFS

Computer Name: USER-B9741187A2 | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/05 17:38:04 | 000,267,488 | ---- | M] () -- C:\Program Files\eType Toolbar\ToolbarUpdaterService.exe
PRC - [2011/08/01 13:14:02 | 003,325,552 | ---- | M] (Babylon Ltd.) -- C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
PRC - [2011/07/09 08:51:19 | 001,012,792 | ---- | M] (Google Inc.) -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2010/07/27 04:00:06 | 000,247,808 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2010/07/27 02:41:12 | 000,107,568 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
PRC - [2010/06/23 06:48:08 | 000,322,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2010/06/23 06:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/03/19 18:46:51 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL (1).exe
PRC - [2010/03/19 18:40:25 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\My Documents\Downloads\OTL.exe
PRC - [2010/03/19 17:37:28 | 000,091,712 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\setups\mwsAuto.exe
PRC - [2010/03/19 17:36:50 | 002,187,632 | ---- | M] (DSNR Labs) -- C:\Documents and Settings\user\Application Data\eType\eTypeUpdate.exe
PRC - [2010/03/19 17:36:44 | 002,932,592 | ---- | M] (DSNR Labs ) -- C:\Documents and Settings\user\Application Data\eType\eType.exe
PRC - [2010/03/15 21:56:58 | 000,038,408 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
PRC - [2010/03/15 21:56:58 | 000,034,336 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
PRC - [2008/09/30 17:11:04 | 001,956,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/09/30 17:10:56 | 000,031,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/06/24 17:47:38 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2008/06/24 17:47:36 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2008/04/14 11:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/26 18:55:20 | 001,181,016 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/10/24 15:40:18 | 004,662,776 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/05 17:38:04 | 000,267,488 | ---- | M] () -- C:\Program Files\eType Toolbar\ToolbarUpdaterService.exe
MOD - [2011/07/09 08:51:17 | 000,329,272 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\ppgooglenaclpluginchrome.dll
MOD - [2011/07/09 08:51:16 | 003,649,592 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\pdf.dll
MOD - [2011/07/09 08:50:03 | 000,309,304 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\Locales\ar.dll
MOD - [2011/07/09 08:49:50 | 000,104,520 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\avutil-50.dll
MOD - [2011/07/09 08:49:48 | 000,203,848 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\avformat-52.dll
MOD - [2011/07/09 08:49:47 | 001,846,344 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\avcodec-52.dll
MOD - [2011/07/09 06:31:29 | 006,333,088 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\gcswf32.dll
MOD - [2010/07/27 04:00:06 | 000,247,808 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
MOD - [2010/07/27 02:41:12 | 000,107,568 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpntray.exe
MOD - [2010/07/27 02:40:40 | 000,003,072 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\lang\gui-ara.dll
MOD - [2010/06/23 06:48:08 | 000,322,608 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
MOD - [2010/04/13 18:45:44 | 000,109,464 | ---- | M] () -- C:\Documents and Settings\user\Application Data\eType\MyZip.dll
MOD - [2010/03/29 16:02:48 | 000,520,234 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Babylon\sqlite3.dll
MOD - [2010/01/18 01:24:49 | 000,169,984 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\BabylonChromePI.dll
MOD - [2009/11/09 00:14:59 | 000,073,600 | ---- | M] () -- C:\WINDOWS\system32\ezGOSvc.dll
MOD - [2009/03/30 06:34:30 | 000,280,143 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\libidn-11.dll
MOD - [2009/03/28 00:02:24 | 000,332,254 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\libssl32.dll
MOD - [2009/03/28 00:02:22 | 001,554,920 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\libeay32.dll
MOD - [2008/04/14 11:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/14 11:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/10/24 15:40:22 | 000,081,920 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\Xmltok.dll
MOD - [2006/10/24 14:27:00 | 000,757,760 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll
MOD - [2006/10/24 14:27:00 | 000,041,472 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YIniDom.dll
MOD - [2006/10/24 14:26:58 | 001,290,240 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll
MOD - [2006/10/24 14:26:56 | 000,454,656 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\P2PCE.dll
MOD - [2006/10/24 14:23:28 | 000,053,248 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\XMLParse.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/08/05 17:38:04 | 000,267,488 | ---- | M] () [Auto | Running] -- C:\Program Files\eType Toolbar\ToolbarUpdaterService.exe -- (Updater Service for eType Toolbar)
SRV - [2010/07/27 04:00:06 | 000,247,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (HotspotShieldService)
SRV - [2010/07/27 02:41:20 | 000,057,640 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2010/06/23 06:48:08 | 000,322,608 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2010/06/23 06:48:00 | 000,348,208 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2010/03/15 21:56:58 | 000,034,320 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2009/11/09 00:14:59 | 000,073,600 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ezGOSvc.dll -- (ezGOSvc)
SRV - [2008/09/30 17:11:08 | 000,116,664 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2008/09/30 17:11:04 | 001,956,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/30 17:10:56 | 000,031,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2008/08/20 15:20:30 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2008/06/24 17:47:38 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2008/06/24 17:47:36 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2007/09/12 17:57:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/07/26 18:55:20 | 001,181,016 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/09/15 10:30:24 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110929.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/09/15 10:30:24 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110929.003\NAVENG.SYS -- (NAVENG)
DRV - [2011/08/04 12:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/08/04 12:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/07/24 18:55:16 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/06/23 06:48:00 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010/06/23 06:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2010/04/28 18:19:23 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/04/28 07:14:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/06/25 10:07:44 | 005,095,936 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/06/25 10:07:40 | 001,684,736 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/06/25 10:07:40 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/01/22 12:25:26 | 000,120,064 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/08/20 15:20:02 | 000,188,808 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/20 15:19:56 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/05/28 11:01:24 | 000,337,280 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2008/05/28 11:01:24 | 000,054,656 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2008/04/14 11:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 11:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 11:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007/07/26 18:55:18 | 000,400,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://securityrespo...r/fix_homepage/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityrespo...r/fix_homepage/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.etypestar...ion=5.1-x86-SP3
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://search.babylo...m/home?AF=10588
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "IMVU Inc Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.etypestar...on=5.1-x86-SP3"
FF - prefs.js..extensions.enabledItems: {c95a4e8e-816d-4655-8c79-d736da1adb6d}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {90b49673-5506-483e-b92b-ca0265bd9ca8}:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.8
FF - prefs.js..extensions.enabledItems: {BDE58274-7A2A-4682-8C47-A379DD9E36CB}:2.3.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll (MyWebSearch.com)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/20 18:07:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2010/03/15 21:57:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/02 13:23:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/02 13:23:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/07/20 18:07:32 | 000,000,000 | ---D | M]

[2010/07/13 17:08:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions
[2010/03/19 17:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\gk71vz1i.default\extensions
[2009/08/16 21:08:15 | 000,000,000 | ---D | M] (4shared.com Community Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\gk71vz1i.default\extensions\{09ec805c-cb2e-4d53-b0d3-a75a428b81c7}
[2009/11/24 16:32:44 | 000,000,000 | ---D | M] (IMVU Inc Community Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\gk71vz1i.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
[2010/03/19 17:36:47 | 000,000,000 | ---D | M] (eType Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\gk71vz1i.default\extensions\{BDE58274-7A2A-4682-8C47-A379DD9E36CB}
[2010/12/13 11:35:22 | 000,000,000 | ---D | M] (Hotspot Shield Toolbar) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\gk71vz1i.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
[2010/01/17 20:53:12 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\gk71vz1i.default\extensions\[email protected]
[2011/05/25 16:15:24 | 000,000,919 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\gk71vz1i.default\searchplugins\conduit.xml
[2010/03/19 17:36:44 | 000,001,391 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\gk71vz1i.default\searchplugins\yahoo-zugo.xml
[2010/03/19 17:37:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/24 19:04:11 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/01/17 20:53:23 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\Mozilla Firefox\extensions\adap[email protected]
[2010/01/17 20:53:22 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2010/03/15 21:57:02 | 000,000,000 | ---D | M] (My Web Search) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\1.BIN
[2010/01/17 20:53:08 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo (Enabled)
CHR - default_search_provider: search_url = http://www.etypestar...ion=5.1-x86-SP3
CHR - default_search_provider: suggest_url =
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\12.0.742.122\gcswf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\Application\plugins\nprpjplug.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\user\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Babylon Chrome OCR = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.1_0\
CHR - Extension: AT_WesCravenV2 = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nahooofggegjbnodalhoibemeabkapop\3_0\
CHR - Extension: Favorite Doodle = C:\Documents and Settings\user\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga\1.17_0\

O1 HOSTS File: ([2008/04/14 11:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh0.dll (Conduit Ltd.)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.6\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (eType Toolbar Helper) - {7D9463CD-BBD8-42f4-AB72-D7B1191D9F3D} - C:\Program Files\eType Toolbar\Toolbar32.dll ()
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (4shared.com Toolbar) - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\prxtb4sh0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.6\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (eType Toolbar) - {BDE58274-7A2A-4682-8C47-A379DD9E36CB} - C:\Program Files\eType Toolbar\Toolbar32.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (4shared.com Toolbar) - {09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - C:\Program Files\4shared.com\prxtb4sh0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [eTypeToolbarHelper] "C:\Program Files\eType Toolbar\ToolbarHelper.exe" File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [eType] C:\Documents and Settings\user\Application Data\eType\eType.exe (DSNR Labs )
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [My Web Search Installer] C:\Program Files\MyWebSearch\bar\setups\My Web Search Installer(01628ae0).exe (MyWebSearch.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm File not found
O8 - Extra context menu item: &Search - http://edits.mywebse...cg&n=2011100708 File not found
O8 - Extra context menu item: Download all links with IDM - G:\New Folder\MyEGY.COM_iDM_and_WINRAR.BY MIDO\MyEgY.CoM.IDM5.15b2.By.mido_elsaeed\IDM5.15b2fix\IEGetAll.htm File not found
O8 - Extra context menu item: Download FLV video content with IDM - G:\New Folder\MyEGY.COM_iDM_and_WINRAR.BY MIDO\MyEgY.CoM.IDM5.15b2.By.mido_elsaeed\IDM5.15b2fix\IEGetVL.htm File not found
O8 - Extra context menu item: Download with IDM - G:\New Folder\MyEGY.COM_iDM_and_WINRAR.BY MIDO\MyEgY.CoM.IDM5.15b2.By.mido_elsaeed\IDM5.15b2fix\IEExt.htm File not found
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7ACE9F09-4849-4414-90F4-B8A48E76CEEE}: NameServer = 10.26.32.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F91832F7-B716-44CA-9AA3-8385974E03A6}: NameServer = 213.42.20.20 195.229.241.222
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8910189574-1220177144-128404069-2266\wnzip32.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe) - File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe) - File not found
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/02 14:31:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{95f22e16-add6-11df-a997-002522295a75}\Shell - "" = Autorun
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/19 14:30:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Images
[2010/12/15 21:57:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2010/12/15 21:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\WinZip
[2010/12/15 21:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\en-US
[2010/12/14 11:59:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2010/12/14 11:59:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2010/12/14 11:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/12/09 11:21:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Live Add-in
[2010/12/09 11:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Outlook Connector
[2010/12/09 11:19:19 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/12/09 11:18:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/12/09 11:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/12/09 11:17:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/11/30 14:30:00 | 011,204,936 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WINZIP32.EXE
[2010/11/30 14:30:00 | 003,005,256 | R--- | C] (Sky Software) -- C:\Program Files\WZFILVW.OCX
[2010/11/30 14:30:00 | 002,958,664 | R--- | C] (Sky Software) -- C:\Program Files\WZFLDVW.OCX
[2010/11/30 14:30:00 | 002,904,904 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZIMGV32.DLL
[2010/11/30 14:30:00 | 001,945,416 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZSESS32.EXE
[2010/11/30 14:30:00 | 001,894,216 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZSRVR32.EXE
[2010/11/30 14:30:00 | 001,260,872 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZ32.DLL
[2010/11/30 14:30:00 | 000,907,080 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZWIA.DLL
[2010/11/30 14:30:00 | 000,885,064 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZEAY32.DLL
[2010/11/30 14:30:00 | 000,733,000 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WzWipe.exe
[2010/11/30 14:30:00 | 000,649,032 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZZPMAIL.DLL
[2010/11/30 14:30:00 | 000,608,584 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZQKPICK.EXE
[2010/11/30 14:30:00 | 000,597,832 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZSEPE32.EXE
[2010/11/30 14:30:00 | 000,464,712 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZCKTREE.DLL
[2010/11/30 14:30:00 | 000,306,504 | R--- | C] (Corel Inc.) -- C:\Program Files\LDCdBldr.dll
[2010/11/30 14:30:00 | 000,305,480 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZVINFO.DLL
[2010/11/30 14:30:00 | 000,166,728 | R--- | C] (Igor Pavlov) -- C:\Program Files\7ZXA.DLL
[2010/11/30 14:30:00 | 000,157,512 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZSHLEX1.DLL
[2010/11/30 14:30:00 | 000,136,008 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZGDIP32.DLL
[2010/11/30 14:30:00 | 000,134,472 | R--- | C] (Corel Inc.) -- C:\Program Files\VirtCDRDrv.dll
[2010/11/30 14:30:00 | 000,112,968 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZMSG.EXE
[2010/11/30 14:30:00 | 000,104,264 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZCAB3.DLL
[2010/11/30 14:30:00 | 000,070,984 | R--- | C] (Microsoft Corporation) -- C:\Program Files\WZCAB.DLL
[2010/11/30 14:30:00 | 000,011,080 | R--- | C] (WinZip Computing, S.L.) -- C:\Program Files\WZSHLSTB.DLL
[2010/10/27 21:37:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Identities
[2010/10/27 21:24:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2010/10/27 21:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/10/15 09:24:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Media Player Classic
[2010/10/15 09:24:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2010/10/15 09:24:30 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/10/15 09:24:30 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/10/15 09:24:30 | 000,090,112 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/10/15 09:24:29 | 000,685,056 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010/10/15 09:24:28 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010/10/15 09:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/10/09 14:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\HP
[2010/10/09 14:42:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/09/30 19:06:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/09/30 19:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/09/30 19:01:44 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/09/19 19:47:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\SmartVoip
[2010/09/19 19:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/09/19 19:44:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Conduit
[2010/09/19 19:42:49 | 000,000,000 | ---D | C] -- C:\Hotspot Shield
[2010/09/19 19:42:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hotspot Shield
[2010/09/19 19:42:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2010/09/19 17:30:27 | 000,000,000 | ---D | C] -- C:\Program Files\SmartVoip.com
[2010/09/19 17:30:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SmartVoip
[2010/09/18 15:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WEBREG
[2010/08/17 21:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\IDM
[2010/08/17 21:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\DMCache
[2010/08/16 00:09:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\bodys picture
[2010/08/10 22:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\GTA Vice City User Files
[2010/08/10 21:00:44 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/07/28 18:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Videos
[2010/07/25 18:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\VideoPower
[2010/07/25 15:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\Video Power
[2010/07/25 15:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Power
[2010/07/25 15:25:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panamusic
[2010/07/25 15:25:01 | 000,000,000 | ---D | C] -- C:\Program Files\Game-Cam
[2010/07/24 21:26:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\skypePM
[2010/07/24 19:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Skype
[2010/07/24 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/07/24 19:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2010/07/24 19:04:01 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/07/24 19:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2010/07/24 18:58:05 | 001,684,736 | R--- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2010/07/24 18:57:58 | 002,808,832 | R--- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2010/07/24 18:57:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2010/07/24 18:57:50 | 000,290,816 | R--- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2010/07/24 18:57:49 | 000,122,880 | R--- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2010/07/20 20:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Uniblue
[2010/07/20 20:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/20 20:11:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/07/20 18:04:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\HpUpdate
[2010/07/20 18:04:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2010/07/15 18:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\HP
[2010/07/14 18:30:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2010/07/14 18:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\HPAppData
[2010/07/13 17:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\Downloads
[2010/07/13 17:14:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Macromedia
[2010/07/13 17:14:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Google Chrome
[2010/07/13 17:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Temp
[2010/07/13 17:12:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Google
[2010/07/13 17:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Mozilla
[2010/07/13 17:08:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Mozilla
[2010/07/13 17:08:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2010/07/13 17:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/07/13 16:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Adobe
[2010/07/13 13:03:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
[2010/07/10 15:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\WMTools Downloaded Files
[2010/07/08 14:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Help
[2010/07/08 14:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Help
[2010/07/08 10:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\7Wonders2
[2010/07/08 08:44:06 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Videos
[2010/07/07 21:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\HPAppData
[2010/07/06 13:17:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2010/07/06 13:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2010/07/06 13:14:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2010/07/06 13:14:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2010/07/06 13:14:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2010/07/06 13:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2010/07/06 13:10:37 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2010/07/05 11:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BubbleS3
[2010/07/05 11:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\Absolutist.com
[2010/07/05 11:42:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Hercules Action Game
[2010/07/05 11:42:31 | 000,000,000 | ---D | C] -- C:\Hercules
[2010/07/05 11:41:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Virtua Cop 2
[2010/07/05 11:41:24 | 000,000,000 | ---D | C] -- C:\Program Files\VCop2
[2010/06/23 06:48:00 | 000,037,376 | ---- | C] (AnchorFree Inc.) -- C:\WINDOWS\System32\drivers\HssDrv.sys
[2010/06/23 06:47:58 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\WINDOWS\System32\drivers\taphss.sys
[2010/04/28 21:06:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2010/04/28 21:06:15 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2010/04/28 21:06:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2010/04/28 21:06:11 | 000,000,000 | R--D | C] -- C:\Program Files
[2010/04/28 21:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2010/04/28 21:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2010/04/28 21:06:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2010/04/28 21:05:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2010/04/28 21:05:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2010/04/28 21:05:33 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2010/04/28 21:05:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2010/04/28 21:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2010/04/28 21:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2010/04/28 21:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/04/28 21:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2010/04/28 21:05:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010/04/28 21:05:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2010/04/28 21:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2010/04/28 21:04:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010/04/28 21:00:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2010/04/28 21:00:59 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2010/04/28 21:00:59 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2010/04/28 21:00:59 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2010/04/28 21:00:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Offline Web Pages
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\NLDRV
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2010/04/28 21:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2010/04/28 18:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Symantec
[2010/04/28 18:19:20 | 000,060,800 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/28 18:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Client Security
[2010/04/28 18:19:19 | 000,123,952 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/28 18:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2010/04/28 18:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010/04/28 18:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2010/04/28 18:19:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010/04/28 18:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Tracing
[2010/04/28 18:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/04/28 18:16:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/04/28 18:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/04/28 18:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2010/04/28 18:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/04/28 18:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/04/28 18:13:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GRETECH
[2010/04/28 18:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\GRETECH
[2010/04/28 18:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\My Documents\GomPlayer
[2010/04/28 18:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Adobe
[2010/04/28 18:13:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2010/04/28 18:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/04/28 18:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GOM Player
[2010/04/28 18:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2010/04/28 18:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2010/04/28 18:12:42 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/04/28 18:12:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2010/04/28 18:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Real
[2010/04/28 18:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FairStars Audio Converter
[2010/04/28 18:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\FairStars Audio Converter
[2010/04/28 18:09:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\speech
[2010/04/28 18:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Ahead
[2010/04/28 18:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero 7 Essentials
[2010/04/28 18:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Golden Al-Wafi Translator
[2010/04/28 18:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Ahead
[2010/04/28 18:09:22 | 000,000,000 | ---D | C] -- C:\Program Files\Golden Al-Wafi Translator
[2010/04/28 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2010/04/28 18:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2010/04/28 18:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2010/04/28 18:06:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/04/28 18:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Al-Mutarjim Al-Fawri
[2010/04/28 18:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\Al-Mutarjim Al-Fawri
[2010/04/28 18:05:23 | 002,535,424 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamj.dll
[2010/04/28 18:05:23 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\akll.dll
[2010/04/28 18:05:23 | 001,245,184 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\bkll.dll
[2010/04/28 18:05:23 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\ckll.dll
[2010/04/28 18:05:23 | 000,610,304 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamg.dll
[2010/04/28 18:05:23 | 000,372,736 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamc.dll
[2010/04/28 18:05:23 | 000,196,608 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\maag.dll
[2010/04/28 18:05:23 | 000,090,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaami.dll
[2010/04/28 18:05:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\محول الصوتيات
[2010/04/28 18:05:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RMBin
[2010/04/28 18:05:21 | 000,000,000 | ---D | C] -- C:\Program Files\Real_SC
[2010/04/28 18:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2010/04/28 18:05:08 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/04/28 18:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2010/04/28 18:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2010/04/28 18:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/04/28 18:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010/04/28 18:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/04/28 18:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/04/28 18:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010/04/28 18:03:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\mpegable
[2010/04/28 18:03:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010/04/28 18:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\mpegable
[2010/04/28 18:03:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/04/28 17:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Identities
[2010/04/28 17:20:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Pictures
[2010/04/28 17:20:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents\My Music
[2010/04/28 17:20:46 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010/04/28 17:20:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\Local Settings\Application Data\Microsoft
[2010/04/28 17:20:40 | 000,000,000 | --SD | C] -- C:\Documents and Settings\user\Application Data\Microsoft
[2010/04/28 17:20:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\SendTo
[2010/04/28 17:20:40 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\user\Application Data
[2010/04/28 17:20:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Startup
[2010/04/28 17:20:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu
[2010/04/28 17:20:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\My Documents
[2010/04/28 17:20:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Favorites
[2010/04/28 17:20:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user\Start Menu\Programs\Accessories
[2010/04/28 17:20:40 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\user\Cookies
[2010/04/28 17:20:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Templates
[2010/04/28 17:20:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\PrintHood
[2010/04/28 17:20:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\NetHood
[2010/04/28 17:20:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\user\Local Settings
[2010/04/28 17:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Desktop
[2010/04/28 17:20:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2010/04/28 17:20:05 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2010/04/28 17:20:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/04/28 17:20:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/04/28 17:20:04 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/04/28 17:19:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/04/28 17:19:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/04/28 17:18:23 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/04/28 17:18:23 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/04/28 17:18:23 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2010/04/28 17:17:42 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/04/28 17:17:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2010/04/28 17:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2010/04/28 17:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2010/04/28 17:17:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/28 17:15:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2010/04/28 17:15:44 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010/04/28 17:15:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2010/04/28 17:15:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2010/04/28 17:15:01 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2010/04/28 17:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/04/28 17:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2010/04/28 17:14:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2010/04/28 17:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2010/04/28 17:14:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2010/04/28 17:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2010/04/28 17:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2010/04/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2010/04/28 17:14:03 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2010/04/28 17:14:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2010/04/28 17:13:44 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2010/04/28 17:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2010/04/28 17:13:26 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2010/04/28 17:13:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2010/04/28 17:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2010/04/28 17:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/04/28 17:13:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2010/04/28 17:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2010/04/28 17:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2010/04/28 17:12:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2010/04/28 17:12:20 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2010/04/28 17:12:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2010/04/28 17:12:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2010/04/28 17:12:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2010/04/28 17:12:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/04/28 17:11:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2010/04/28 13:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/04/28 13:01:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/04/28 13:00:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/04/28 13:00:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010/04/28 13:00:50 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/04/28 13:00:50 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2010/04/28 13:00:37 | 000,000,000 | ---D | C] -- C:\Intel
[2010/04/28 13:00:07 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2010/04/28 13:00:07 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010/03/19 17:36:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Start Menu\Programs\eType
[2010/03/19 17:36:45 | 000,000,000 | ---D | C] -- C:\Program Files\eType Toolbar
[2010/03/19 17:36:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\eType
[2010/03/17 21:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\InterLok
[2010/03/17 21:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Antares Audio Technologies
[2010/03/17 21:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Antares
[2010/03/17 21:56:54 | 000,000,000 | ---D | C] -- C:\Program Files\Antares Audio Technologies
[2010/03/15 21:56:59 | 000,038,320 | ---- | C] (FunWebProducts.com) -- C:\WINDOWS\System32\f3PSSavr.scr
[2010/03/15 21:56:59 | 000,000,000 | ---D | C] -- C:\Program Files\FunWebProducts
[2010/03/15 21:56:57 | 000,000,000 | ---D | C] -- C:\Program Files\MyWebSearch
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/17 22:53:54 | 033,110,416 | ---- | M] () -- C:\Documents and Settings\user\Desktop\20110617225009.avi
[2011/06/17 22:53:54 | 033,110,416 | ---- | M] () -- C:\20110617225009.avi
[2011/01/15 21:22:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484061587-1801674531-1003UA.job
[2011/01/15 20:22:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484061587-1801674531-1003Core.job
[2010/12/14 11:59:29 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/12/14 11:59:29 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Yahoo! Messenger.lnk
[2010/11/30 14:30:00 | 011,204,936 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WINZIP32.EXE
[2010/11/30 14:30:00 | 003,005,256 | R--- | M] (Sky Software) -- C:\Program Files\WZFILVW.OCX
[2010/11/30 14:30:00 | 002,958,664 | R--- | M] (Sky Software) -- C:\Program Files\WZFLDVW.OCX
[2010/11/30 14:30:00 | 002,904,904 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZIMGV32.DLL
[2010/11/30 14:30:00 | 001,945,416 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZSESS32.EXE
[2010/11/30 14:30:00 | 001,894,216 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZSRVR32.EXE
[2010/11/30 14:30:00 | 001,260,872 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZ32.DLL
[2010/11/30 14:30:00 | 000,907,080 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZWIA.DLL
[2010/11/30 14:30:00 | 000,885,064 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZEAY32.DLL
[2010/11/30 14:30:00 | 000,733,000 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WzWipe.exe
[2010/11/30 14:30:00 | 000,649,032 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZZPMAIL.DLL
[2010/11/30 14:30:00 | 000,608,584 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZQKPICK.EXE
[2010/11/30 14:30:00 | 000,597,832 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZSEPE32.EXE
[2010/11/30 14:30:00 | 000,464,712 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZCKTREE.DLL
[2010/11/30 14:30:00 | 000,306,504 | R--- | M] (Corel Inc.) -- C:\Program Files\LDCdBldr.dll
[2010/11/30 14:30:00 | 000,305,480 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZVINFO.DLL
[2010/11/30 14:30:00 | 000,169,288 | R--- | M] () -- C:\Program Files\UNRAR.DLL
[2010/11/30 14:30:00 | 000,166,728 | R--- | M] (Igor Pavlov) -- C:\Program Files\7ZXA.DLL
[2010/11/30 14:30:00 | 000,157,512 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZSHLEX1.DLL
[2010/11/30 14:30:00 | 000,150,856 | R--- | M] () -- C:\Program Files\LHA.DLL
[2010/11/30 14:30:00 | 000,136,008 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZGDIP32.DLL
[2010/11/30 14:30:00 | 000,134,472 | R--- | M] (Corel Inc.) -- C:\Program Files\VirtCDRDrv.dll
[2010/11/30 14:30:00 | 000,112,968 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZMSG.EXE
[2010/11/30 14:30:00 | 000,104,264 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZCAB3.DLL
[2010/11/30 14:30:00 | 000,011,080 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WZSHLSTB.DLL
[2010/11/30 14:30:00 | 000,000,674 | ---- | M] () -- C:\Program Files\0100WZ.wzconfig
[2010/10/10 17:20:19 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/08 14:24:41 | 000,000,613 | ---- | M] () -- C:\WINDOWS\wafi2000.ini
[2010/10/08 14:24:39 | 000,001,555 | ---- | M] () -- C:\WINDOWS\ata live update.ini
[2010/09/19 17:30:28 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\SmartVoip.lnk
[2010/09/18 15:22:44 | 000,079,998 | ---- | M] () -- C:\Documents and Settings\user\My Documents\أفزر 100 فزورة0001.mdi
[2010/09/18 15:22:14 | 000,066,286 | ---- | M] () -- C:\Documents and Settings\user\My Documents\أفزر 100 فزورة.mdi
[2010/09/18 10:12:13 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/07/26 10:38:44 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\user\My Documents\Broadband Connection (2).lnk
[2010/07/26 10:38:44 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Broadband Connection (2).lnk
[2010/07/24 21:26:37 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/24 18:55:01 | 000,000,010 | ---- | M] () -- C:\WINDOWS\GSetup.ini
[2010/07/20 18:07:52 | 000,023,629 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/07/13 17:08:46 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/08 08:43:59 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/07 21:02:51 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/06/23 06:48:00 | 000,037,376 | ---- | M] (AnchorFree Inc.) -- C:\WINDOWS\System32\drivers\HssDrv.sys
[2010/06/23 06:47:58 | 000,032,768 | ---- | M] (AnchorFree Inc) -- C:\WINDOWS\System32\drivers\taphss.sys
[2010/04/28 21:10:40 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/28 18:19:23 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2010/04/28 18:19:23 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2010/04/28 18:19:23 | 000,010,671 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/28 18:19:23 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/28 18:13:42 | 000,000,025 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/04/28 18:05:24 | 000,000,026 | ---- | M] () -- C:\WINDOWS\System32\kakle.dll
[2010/04/28 18:05:23 | 002,535,424 | ---- | M] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamj.dll
[2010/04/28 18:05:23 | 001,986,560 | ---- | M] (NCT Company Ltd.) -- C:\WINDOWS\System32\akll.dll
[2010/04/28 18:05:23 | 001,245,184 | ---- | M] (NCT Company Ltd.) -- C:\WINDOWS\System32\bkll.dll
[2010/04/28 18:05:23 | 001,212,416 | ---- | M] (NCT Company Ltd.) -- C:\WINDOWS\System32\ckll.dll
[2010/04/28 18:05:23 | 000,610,304 | ---- | M] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamg.dll
[2010/04/28 18:05:23 | 000,372,736 | ---- | M] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaamc.dll
[2010/04/28 18:05:23 | 000,196,608 | ---- | M] (NCT Company Ltd.) -- C:\WINDOWS\System32\maag.dll
[2010/04/28 18:05:23 | 000,090,112 | ---- | M] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\agsaami.dll
[2010/04/28 18:05:23 | 000,053,760 | ---- | M] () -- C:\WINDOWS\System\ppacklib.dll
[2010/04/28 18:04:40 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/04/28 18:03:39 | 000,047,104 | ---- | M] () -- C:\WINDOWS\AKDeInstall.exe
[2010/04/28 17:21:05 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/04/28 17:21:00 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/04/28 17:19:34 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/28 17:18:49 | 000,004,382 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/28 17:18:46 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/28 17:16:43 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/28 17:16:43 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/04/28 17:16:38 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/28 17:16:38 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/28 17:16:37 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/28 17:16:29 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/28 17:13:42 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/28 13:04:33 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/04/28 13:04:33 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/03/19 18:44:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/19 17:36:46 | 000,000,807 | ---- | M] () -- C:\Documents and Settings\user\Desktop\eType.lnk
[2010/03/19 11:11:12 | 000,236,041 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/19 11:11:09 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/19 11:11:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/17 15:44:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/16 20:35:53 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\user\Desktop\Skype.lnk
[2010/03/15 21:56:58 | 000,038,320 | ---- | M] (FunWebProducts.com) -- C:\WINDOWS\System32\f3PSSavr.scr
[2010/03/13 22:09:35 | 000,006,666 | ---- | M] () -- C:\Documents and Settings\user\Desktop\images (41).rar
[2010/03/13 14:46:24 | 000,075,341 | ---- | M] () -- C:\Documents and Settings\user\Desktop\9121.jpg
[2010/03/13 14:46:10 | 000,043,840 | ---- | M] () -- C:\Documents and Settings\user\Desktop\getimage.php
[2010/03/13 14:42:10 | 000,140,204 | ---- | M] () -- C:\Documents and Settings\user\Desktop\xQWQ5QPZH0Ej0X7yRoR4Hw.jpg
[2010/03/13 14:40:04 | 000,071,631 | ---- | M] () -- C:\Documents and Settings\user\Desktop\hFaotIUkFPbztZT5Bj9WcQ.jpg
[2010/03/13 14:39:14 | 000,138,906 | ---- | M] () -- C:\Documents and Settings\user\Desktop\GdumcGK8rwg8lQdVvMYmug.jpg
[2010/03/13 13:19:06 | 001,730,354 | ---- | M] () -- C:\Documents and Settings\user\Desktop\massari.bmp
[2010/03/13 13:18:12 | 000,016,081 | ---- | M] () -- C:\Documents and Settings\user\Desktop\body123.jpg
[2010/03/13 13:17:10 | 000,185,030 | ---- | M] () -- C:\Documents and Settings\user\Desktop\body123.php
[2010/03/12 11:14:37 | 000,421,032 | ---- | M] () -- C:\Documents and Settings\user\Desktop\-aoF7JrRpYyKH84XTIWorw.gif
[2010/03/12 11:02:46 | 000,066,740 | ---- | M] () -- C:\Documents and Settings\user\Desktop\pRYw40JpO4UNyn8YFuGjyg.jpg
[2010/03/06 21:39:42 | 000,036,572 | ---- | M] () -- C:\Documents and Settings\user\Desktop\street-racing-car.jpg
[2010/03/06 21:23:37 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/05 12:22:04 | 000,008,433 | ---- | M] () -- C:\Documents and Settings\user\Desktop\images (5).jpg
[2010/03/05 11:24:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user\Desktop\New Adobe Photoshop Image.psd
[2010/02/21 20:35:18 | 000,163,884 | ---- | M] () -- C:\Documents and Settings\user\Desktop\SOC_OnlinePDF_29thAug11.pdf
[2010/02/19 15:32:16 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/17 23:43:35 | 000,146,432 | ---- | M] () -- C:\Untitled.MSWMM
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/15 08:57:58 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2010/12/14 11:59:29 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2010/12/14 11:59:29 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Yahoo! Messenger.lnk
[2010/11/30 14:30:00 | 000,169,288 | R--- | C] () -- C:\Program Files\UNRAR.DLL
[2010/11/30 14:30:00 | 000,150,856 | R--- | C] () -- C:\Program Files\LHA.DLL
[2010/11/30 14:30:00 | 000,000,674 | ---- | C] () -- C:\Program Files\0100WZ.wzconfig
[2010/10/15 09:24:31 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010/10/15 09:24:31 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/10/15 09:24:30 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010/10/15 09:24:30 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/10/15 09:24:30 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/15 09:24:28 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/10/11 17:56:45 | 000,002,042 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS.lnk
[2010/10/10 17:20:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/09/30 19:01:49 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/30 19:01:48 | 000,000,878 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/19 17:30:28 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\SmartVoip.lnk
[2010/09/18 15:22:44 | 000,079,998 | ---- | C] () -- C:\Documents and Settings\user\My Documents\أفزر 100 فزورة0001.mdi
[2010/09/18 15:22:14 | 000,066,286 | ---- | C] () -- C:\Documents and Settings\user\My Documents\أفزر 100 فزورة.mdi
[2010/09/18 10:12:13 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010/07/29 17:27:40 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\user\My Documents\Broadband Connection (2).lnk
[2010/07/26 10:38:44 | 000,000,564 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Broadband Connection (2).lnk
[2010/07/24 21:26:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/07/24 18:55:01 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2010/07/24 18:55:01 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2010/07/20 20:12:13 | 000,002,311 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2010/07/20 18:06:57 | 000,023,629 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/07/13 17:14:38 | 000,002,255 | ---- | C] () -- C:\Documents and Settings\user\Desktop\Google Chrome.lnk
[2010/07/13 17:12:36 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484061587-1801674531-1003UA.job
[2010/07/13 17:12:35 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-484061587-1801674531-1003Core.job
[2010/07/13 17:08:46 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/13 13:02:53 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat.temp
[2010/07/11 13:05:56 | 000,001,555 | ---- | C] () -- C:\WINDOWS\ata live update.ini
[2010/07/09 11:44:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/09 11:44:32 | 000,053,760 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/08 18:13:00 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2010/07/08 08:43:59 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/07/07 21:02:51 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2010/07/06 13:07:19 | 000,173,249 | ---- | C] () -- C:\WINDOWS\hpoins44.dat
[2010/07/06 13:07:19 | 000,000,586 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat
[2010/07/05 11:30:59 | 000,019,495 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/04/28 21:10:40 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/28 21:06:18 | 000,004,382 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/04/28 21:06:15 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/04/28 21:06:12 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2010/04/28 21:06:12 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2010/04/28 21:06:12 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2010/04/28 21:06:11 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2010/04/28 21:05:43 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/04/28 21:05:32 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2010/04/28 21:05:32 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2010/04/28 21:05:32 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2010/04/28 21:05:32 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2010/04/28 21:05:32 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2010/04/28 21:05:32 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2010/04/28 21:05:32 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/04/28 21:05:32 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/04/28 21:05:32 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/04/28 21:05:31 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2010/04/28 21:05:31 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2010/04/28 21:05:31 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/04/28 21:05:31 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2010/04/28 21:05:31 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/04/28 21:05:31 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/04/28 21:05:31 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2010/04/28 21:05:31 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2010/04/28 21:05:31 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/04/28 21:05:31 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2010/04/28 21:04:52 | 000,306,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/28 21:04:05 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2010/04/28 21:04:00 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/28 18:19:19 | 000,010,671 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2010/04/28 18:19:19 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2010/04/28 18:13:42 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/04/28 18:12:56 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk
[2010/04/28 18:05:24 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\kakle.dll
[2010/04/28 18:05:23 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System\ppacklib.dll
[2010/04/28 18:05:22 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/04/28 18:04:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/28 18:03:39 | 000,047,104 | ---- | C] () -- C:\WINDOWS\AKDeInstall.exe
[2010/04/28 17:21:05 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/04/28 17:21:00 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/04/28 17:21:00 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Internet Explorer.lnk
[2010/04/28 17:20:50 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Outlook Express.lnk
[2010/04/28 17:20:41 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Remote Assistance.lnk
[2010/04/28 17:20:41 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\user\Start Menu\Programs\Windows Media Player.lnk
[2010/04/28 17:19:34 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2010/04/28 17:18:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/04/28 17:18:19 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/04/28 17:18:09 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/04/28 17:18:06 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/04/28 17:18:05 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/04/28 17:18:03 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/04/28 17:17:57 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/04/28 17:17:54 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/04/28 17:17:51 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2010/04/28 17:17:44 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/04/28 17:16:43 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/04/28 17:16:43 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2010/04/28 17:16:38 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/28 17:16:38 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/28 17:16:37 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2010/04/28 17:15:43 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2010/04/28 17:15:33 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2010/04/28 17:15:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2010/04/28 17:15:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2010/04/28 17:15:06 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2010/04/28 17:14:24 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2010/04/28 17:13:42 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/04/28 17:13:19 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2010/04/28 17:12:44 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2010/04/28 17:12:44 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2010/04/28 17:12:44 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2010/04/28 17:12:43 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2010/04/28 17:12:43 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2010/04/28 17:12:43 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2010/04/28 17:12:43 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2010/04/28 17:12:43 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2010/04/28 17:12:43 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2010/04/28 17:12:43 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2010/04/28 17:12:43 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2010/04/28 17:12:40 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2010/04/28 17:12:39 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2010/04/28 17:12:38 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2010/04/28 17:12:32 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2010/04/28 13:04:33 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2010/04/28 13:04:33 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2010/04/28 13:01:52 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4990.dll
[2010/04/28 13:01:51 | 000,029,472 | R--- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2010/04/28 13:01:51 | 000,002,096 | R--- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2010/03/19 17:36:46 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\user\Desktop\eType.lnk
[2010/03/13 22:09:35 | 000,006,666 | ---- | C] () -- C:\Documents and Settings\user\Desktop\images (41).rar
[2010/03/13 14:46:25 | 000,075,341 | ---- | C] () -- C:\Documents and Settings\user\Desktop\9121.jpg
[2010/03/13 14:46:14 | 000,043,840 | ---- | C] () -- C:\Documents and Settings\user\Desktop\getimage.php
[2010/03/13 14:42:11 | 000,140,204 | ---- | C] () -- C:\Documents and Settings\user\Desktop\xQWQ5QPZH0Ej0X7yRoR4Hw.jpg
[2010/03/13 14:40:06 | 000,071,631 | ---- | C] () -- C:\Documents and Settings\user\Desktop\hFaotIUkFPbztZT5Bj9WcQ.jpg
[2010/03/13 14:39:17 | 000,138,906 | ---- | C] () -- C:\Documents and Settings\user\Desktop\GdumcGK8rwg8lQdVvMYmug.jpg
[2010/03/13 13:19:06 | 001,730,354 | ---- | C] () -- C:\Documents and Settings\user\Desktop\massari.bmp
[2010/03/13 13:18:24 | 000,016,081 | ---- | C] () -- C:\Documents and Settings\user\Desktop\body123.jpg
[2010/03/13 13:17:20 | 000,185,030 | ---- | C] () -- C:\Documents and Settings\user\Desktop\body123.php
[2010/03/12 11:14:42 | 000,421,032 | ---- | C] () -- C:\Documents and Settings\user\Desktop\-aoF7JrRpYyKH84XTIWorw.gif
[2010/03/12 11:02:52 | 000,066,740 | ---- | C] () -- C:\Documents and Settings\user\Desktop\pRYw40JpO4UNyn8YFuGjyg.jpg
[2010/03/06 21:39:48 | 000,036,572 | ---- | C] () -- C:\Documents and Settings\user\Desktop\street-racing-car.jpg
[2010/03/05 11:24:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user\Desktop\New Adobe Photoshop Image.psd
[2010/03/03 18:19:27 | 000,008,433 | ---- | C] () -- C:\Documents and Settings\user\Desktop\images (5).jpg
[2010/02/21 20:35:27 | 000,163,884 | ---- | C] () -- C:\Documents and Settings\user\Desktop\SOC_OnlinePDF_29thAug11.pdf
[2010/02/17 23:43:34 | 000,146,432 | ---- | C] () -- C:\Untitled.MSWMM
[2009/12/24 20:51:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2009/12/02 14:31:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2009/12/02 14:31:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/11/10 18:18:54 | 000,073,600 | ---- | C] () -- C:\WINDOWS\System32\ezGOSvc.dll
[2009/09/23 19:37:43 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2009/06/12 02:28:32 | 000,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/06/10 14:33:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/06/10 07:59:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/06/10 07:59:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/06/10 07:59:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/06/10 07:59:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/06/10 07:59:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/06/10 07:59:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/06/10 07:59:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/04/14 11:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 11:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 11:00:00 | 000,395,650 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 11:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 11:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 11:00:00 | 000,059,890 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 11:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 11:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 11:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 11:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 11:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 11:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/22 18:36:32 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003/01/07 14:35:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/12/18 10:40:40 | 000,000,613 | ---- | C] () -- C:\WINDOWS\wafi2000.ini
[2001/09/17 12:50:02 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll

========== LOP Check ==========

[2010/03/19 18:12:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2009/12/02 14:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Big Fish Games
[2009/09/13 22:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund
[2009/09/14 17:04:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2010/03/19 18:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easybits GO
[2009/09/23 19:53:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FantaTunes
[2010/10/09 14:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/02 19:56:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/19 14:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/03/17 21:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Antares
[2010/01/17 21:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Babylon
[2010/01/28 05:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\BabylonToolbar
[2009/12/02 14:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Big Fish Games
[2010/08/17 21:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DMCache
[2010/01/05 23:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\DNA
[2010/03/19 18:43:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\eType
[2010/03/19 16:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\go
[2010/08/17 21:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IDM
[2010/01/05 23:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IMVU
[2009/12/03 22:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\IMVUClient
[2010/03/15 21:57:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\PriceGong
[2010/09/22 21:34:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\SmartVoip
[2010/07/20 20:17:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Application Data\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8E5EA40F

< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :yes:

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Do you recognize these files?

[2010/03/13 14:42:10 | 000,140,204 | ---- | M] () -- C:\Documents and Settings\user\Desktop\xQWQ5QPZH0Ej0X7yRoR4Hw.jpg
[2010/03/13 14:40:04 | 000,071,631 | ---- | M] () -- C:\Documents and Settings\user\Desktop\hFaotIUkFPbztZT5Bj9WcQ.jpg
[2010/03/13 14:39:14 | 000,138,906 | ---- | M] () -- C:\Documents and Settings\user\Desktop\GdumcGK8rwg8lQdVvMYmug.jpg
[2010/03/12 11:14:37 | 000,421,032 | ---- | M] () -- C:\Documents and Settings\user\Desktop\-aoF7JrRpYyKH84XTIWorw.gif
[2010/03/12 11:02:46 | 000,066,740 | ---- | M] () -- C:\Documents and Settings\user\Desktop\pRYw40JpO4UNyn8YFuGjyg.jpg

OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    O2 - BHO: (no name) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - No CLSID value found.
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKLM..\Run: [eTypeToolbarHelper] "C:\Program Files\eType Toolbar\ToolbarHelper.exe" File not found
    O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
    O8 - Extra context menu item: &Download All using 4shared Desktop - C:\Program Files\4shared Desktop\down_all.htm File not found
    O8 - Extra context menu item: &Search - http://edits.mywebse...cg&n=2011100708 File not found
    O8 - Extra context menu item: Download all links with IDM - G:\New Folder\MyEGY.COM_iDM_and_WINRAR.BY MIDO\MyEgY.CoM.IDM5.15b2.By.mido_elsaeed\IDM5.15b2fix\IEGetAll.htm File not found
    O8 - Extra context menu item: Download FLV video content with IDM - G:\New Folder\MyEGY.COM_iDM_and_WINRAR.BY MIDO\MyEgY.CoM.IDM5.15b2.By.mido_elsaeed\IDM5.15b2fix\IEGetVL.htm File not found
    O8 - Extra context menu item: Download with IDM - G:\New Folder\MyEGY.COM_iDM_and_WINRAR.BY MIDO\MyEgY.CoM.IDM5.15b2.By.mido_elsaeed\IDM5.15b2fix\IEExt.htm File not found
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyj3.exe) - File not found
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo32.exe) - File not found
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mmdg.exe) - File not found
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-8910189574-1220177144-128404069-2266\wnzip32.exe) - File not found
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psysnew3.exe) - File not found
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp1g.exe) - File not found
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\mpp2g.exe) - File not found
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\psyjo3.exe) - File not found
    O20 - HKCU Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1455\fjidg.exe) - File not found
    O33 - MountPoints2\{95f22e16-add6-11df-a997-002522295a75}\Shell - "" = Autorun
    
    :Reg
    
    :Files
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.



NEXT:



What issues are you currently experiencing with your computer?
  • 0

#3
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP