Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Server with repeating infections. Need a better geek! [Solved]


  • This topic is locked This topic is locked

#1
twt4Christ

twt4Christ

    Member

  • Member
  • PipPip
  • 14 posts
This one Goes with the Cash Register I just posted. This machine was just reinstalled, but we noticed that the file system32\.crusader was created one night when nobody was using the machine.
I'm sorry I don't have a better description. Thank you for your help!


OTL logfile created on: 10/27/2011 1:26:41 AM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\SERVICE Only
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.16 Gb Available Physical Memory | 66.41% Memory free
5.09 Gb Paging File | 3.85 Gb Available in Paging File | 75.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.00 Gb Total Space | 72.02 Gb Free Space | 72.75% Space Free | Partition Type: NTFS
Drive T: | 50.01 Gb Total Space | 30.24 Gb Free Space | 60.47% Space Free | Partition Type: NTFS

Computer Name: SERVERPFWS | User Name: Plantation Server | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\SERVICE Only\DrenBot.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfplogvw.exe (COMODO)
PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBPOSDBService.exe (Intuit Inc.)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBDBMgrN10.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe (Intuit, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.15.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Api\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Api.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.15.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.299.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.299.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\Program Files\EASEUS\Todo Backup\bin\TbTapeBrowse.dll ()
MOD - C:\Program Files\EASEUS\Todo Backup\bin\ExImage.dll ()
MOD - C:\Program Files\EASEUS\Todo Backup\bin\ExchBackupSize.dll ()
MOD - C:\Program Files\EASEUS\Todo Backup\bin\EnumTapeDevice.dll ()
MOD - C:\Program Files\EASEUS\Todo Backup\bin\CodeLog.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\EASEUS\Todo Backup\bin\libxml2.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\Program Files\EASEUS\Todo Backup\bin\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)
SRV - (LMIGuardianSvc) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe (McAfee, Inc.)
SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (QBPOSDBServiceV10) -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBPOSDBService.exe (Intuit Inc.)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (EaseUS Agent) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe (CHENGDU YIWO Tech Development Co., Ltd)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Intuit Entitlement Service v6.0) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe (Intuit, Inc.)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (QuickBooksDB18) -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe (iAnywhere Solutions, Inc.)
SRV - (ASFIPmon) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe (Broadcom Corporation)


========== Driver Services (SafeList) ==========

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (LMIRfsClientNP) -- C:\WINDOWS\System32\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (EUFDDISK) -- C:\WINDOWS\system32\drivers\EuFdDisk.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBKMON) -- C:\WINDOWS\system32\drivers\EUBKMON.sys ()
DRV - (EUDSKACS) -- C:\WINDOWS\system32\drivers\eudskacs.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (EUBAKUP) -- C:\WINDOWS\system32\drivers\eubakup.sys (CHENGDU YIWO Tech Development Co., Ltd)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (slabser) -- C:\WINDOWS\system32\drivers\slabser.sys (MCCI Corporation)
DRV - (slabbus) Optimus WHQL USB Device driver (WDM) -- C:\WINDOWS\system32\drivers\slabbus.sys (MCCI Corporation)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (BASFND) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys (Broadcom Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/25 08:07:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1318266641531 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3FCA71A-4936-499F-9326-70C40100161A}: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/09 15:20:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/26 23:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2011/10/26 23:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/10/26 23:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2011/10/26 23:20:38 | 007,210,048 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Plantation Server\Desktop\stinger10.2.0.337.exe
[2011/10/25 01:03:21 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/24 22:19:09 | 000,000,000 | ---D | C] -- C:\Users
[2011/10/13 11:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Identities
[2011/10/13 10:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/10/13 10:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Google
[2011/10/13 10:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/10/13 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Google
[2011/10/13 10:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/13 10:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/10/13 10:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\LogMeIn
[2011/10/13 10:12:30 | 000,030,592 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/10/13 10:12:29 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/10/13 10:12:29 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/10/13 10:12:23 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/10/13 10:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/10/13 10:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/10/13 10:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Deployment
[2011/10/13 00:51:31 | 000,000,000 | ---D | C] -- C:\NTVDM REBUILD
[2011/10/12 23:09:40 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/12 22:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Temp
[2011/10/12 22:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\CutePDF Writer
[2011/10/12 22:34:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/10/12 22:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/10/12 22:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/10/12 22:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/10/12 22:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/10/12 22:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/10/12 17:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\KillSwitch 2
[2011/10/12 17:38:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/10/12 17:18:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/12 13:47:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\IECompatCache
[2011/10/12 13:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/11 20:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/10/11 20:48:06 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/10/11 19:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks Point of Sale
[2011/10/11 18:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2011/10/10 20:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Intuit
[2011/10/10 20:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2011/10/10 20:28:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Administrative Tools
[2011/10/10 20:28:24 | 001,843,200 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\acXMLParser.dll
[2011/10/10 20:28:23 | 003,833,856 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2011/10/10 20:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Intuit
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2011/10/10 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/10/10 20:02:36 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabcmnt.sys
[2011/10/10 20:02:35 | 000,075,776 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabser.sys
[2011/10/10 20:02:35 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabcm.sys
[2011/10/10 19:57:54 | 000,058,368 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabbus.sys
[2011/10/10 19:57:54 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabwhnt.sys
[2011/10/10 19:57:54 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabwh.sys
[2011/10/10 19:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\HpUpdate
[2011/10/10 19:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/10/10 19:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/10/10 19:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/10/10 19:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\HP
[2011/10/10 16:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/10/10 16:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/10/10 16:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/10/10 16:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2011/10/10 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Auslogics
[2011/10/10 14:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011/10/10 14:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/10/10 14:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Ghostscript
[2011/10/10 14:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011/10/10 13:47:52 | 000,184,072 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2011/10/10 13:47:52 | 000,038,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2011/10/10 13:47:52 | 000,016,008 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2011/10/10 13:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup 3.0
[2011/10/10 13:45:26 | 000,020,616 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe
[2011/10/10 13:34:34 | 000,000,000 | R--D | C] -- C:\SERVICE Only
[2011/10/10 13:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/10/10 13:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/10/10 13:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/10/10 13:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/10/10 13:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/10/10 13:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/10/10 13:02:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/10/10 13:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/10/10 13:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft Help
[2011/10/10 13:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/10/10 13:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/10/10 13:01:52 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/10/10 12:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2011/10/10 12:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/10/10 12:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/10 12:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/10/10 12:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/10/10 12:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/10/10 12:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Adobe
[2011/10/10 12:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Macromedia
[2011/10/10 12:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Adobe
[2011/10/10 11:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/10/10 11:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/10 11:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Malwarebytes
[2011/10/10 11:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/10 11:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/10 11:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/10 11:44:11 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/10 11:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/10 11:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/10/10 11:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/10/10 11:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/10/10 11:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/10/10 11:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/10 11:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/10/10 11:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/10/10 11:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/09 20:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/10/09 20:12:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/10/09 20:03:54 | 000,000,000 | ---D | C] -- C:\085321cf00bcec19e6
[2011/10/09 19:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/10/09 19:51:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/10/09 19:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/10/09 18:53:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\PrivacIE
[2011/10/09 18:47:38 | 000,000,000 | ---D | C] -- C:\1487a2a45830b98fba65346edc
[2011/10/09 18:33:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/10/09 18:33:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/10/09 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Desktop\Old Install Archive
[2011/10/09 17:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\AVG2012
[2011/10/09 17:41:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/09 17:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/10/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/09 17:40:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/10/09 17:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/10/09 17:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/09 17:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/10/09 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/10/09 17:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\TeamViewer
[2011/10/09 17:19:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\IETldCache
[2011/10/09 17:10:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/10/09 17:10:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/10/09 17:09:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/10/09 16:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/10/09 16:49:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/10/09 16:48:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\UserData
[2011/10/09 16:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2011/10/09 16:44:52 | 000,000,000 | ---D | C] -- C:\Intel
[2011/10/09 16:43:40 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/10/09 16:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\InstallShield
[2011/10/09 16:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/10/09 16:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/10/09 16:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/10/09 16:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
[2011/10/09 16:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/10/09 16:30:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/10/09 16:29:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/10/09 16:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/10/09 15:55:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/09 15:50:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/10/09 15:49:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/10/09 15:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/10/09 15:47:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/10/09 15:45:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/10/09 15:43:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/09 15:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Identities
[2011/10/09 15:25:05 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/10/09 15:25:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\My Documents\My Pictures
[2011/10/09 15:25:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\My Documents\My Music
[2011/10/09 15:24:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft
[2011/10/09 15:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Plantation Server\SendTo
[2011/10/09 15:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Plantation Server\Recent
[2011/10/09 15:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Plantation Server\Application Data
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Startup
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\My Documents
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Favorites
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Accessories
[2011/10/09 15:24:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\Cookies
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\Templates
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\PrintHood
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\NetHood
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\Local Settings
[2011/10/09 15:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft
[2011/10/09 15:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Desktop
[2011/10/09 15:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/10/09 15:23:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/10/09 15:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/10/09 15:23:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/10/09 15:23:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/10/09 15:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/10/09 15:22:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/10/09 15:22:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/10/09 15:21:28 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/10/09 15:21:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/10/09 15:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/10/09 15:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/10/09 15:20:54 | 000,000,000 | ---D | C] -- C:\DELL
[2011/10/09 15:20:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/10/09 15:19:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/10/09 15:19:29 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/10/09 15:19:28 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/10/09 15:19:19 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/10/09 15:19:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/10/09 15:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/10/09 15:18:30 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/10/09 15:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/10/09 15:18:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/10/09 15:18:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/10/09 15:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/10/09 15:18:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/10/09 15:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/10/09 15:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/10/09 15:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/10/09 15:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/10/09 15:17:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/10/09 15:17:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/10/09 15:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/10/09 15:17:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/10/09 15:17:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/10/09 15:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/10/09 15:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/10/09 15:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/10/09 15:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/10/09 15:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/10/09 15:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/10/09 15:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/10/09 15:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/10/09 15:16:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/10/09 15:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/10/09 15:15:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/10/09 10:10:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/10/09 10:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/10/09 10:09:59 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/10/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/10/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/10/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/10/09 10:09:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/10/09 10:09:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/10/09 10:09:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/10/09 10:09:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/10/09 10:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/10/09 10:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/10/09 10:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/10/09 10:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/10/09 10:09:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/10/09 10:09:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/10/09 10:08:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/10/09 10:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/10/09 10:02:38 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/10/09 10:02:38 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/10/09 10:02:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/10/09 10:02:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/27 01:09:41 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\stinger10.2.0.337.opt
[2011/10/27 00:57:00 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/26 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/10/26 19:49:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/10/26 16:54:00 | 007,210,048 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Plantation Server\Desktop\stinger10.2.0.337.exe
[2011/10/26 14:57:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/26 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/10/26 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/10/26 09:03:44 | 107,381,670 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/25 08:07:16 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/25 07:40:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/25 01:38:01 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/10/25 01:28:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/25 01:27:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 01:04:37 | 000,000,219 | -HS- | M] () -- C:\boot.ini
[2011/10/25 00:55:50 | 000,101,384 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Firewall Diag.xml
[2011/10/24 20:56:59 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\Plantation Server\My Documents\reprev.opt
[2011/10/22 08:36:09 | 000,053,957 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/14 02:16:04 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/10/13 10:12:20 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/10/12 23:59:31 | 000,000,108 | ---- | M] () -- C:\index.ini
[2011/10/12 22:57:05 | 009,420,800 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\NewPlantation (Backup Oct 12,2011 10 55 PM).QBB
[2011/10/12 22:49:20 | 000,242,788 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\HJF analysis.pdf
[2011/10/12 22:20:29 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/10/12 18:29:08 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/12 17:29:44 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Shortcut to KillSwitch.lnk
[2011/10/11 19:10:32 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Point of Sale 10.0.lnk
[2011/10/11 18:55:55 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 18:49:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/11 18:42:58 | 000,493,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/11 18:42:58 | 000,084,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/10 23:36:14 | 000,410,112 | -HS- | M] () -- C:\{9B45A6F1-76F5-48F7-8C6B-C0D76E8C0786}.CBM
[2011/10/10 23:36:14 | 000,410,112 | -HS- | M] () -- C:\{4730EF3E-5012-4D3D-9982-9C12450ED65C}.CBM
[2011/10/10 23:36:14 | 000,004,096 | -HS- | M] () -- C:\{50751C31-652C-418A-850D-2CFA5AD838AB}.CBM
[2011/10/10 23:25:33 | 000,406,528 | -HS- | M] () -- C:\EUMONBMP.SYS
[2011/10/10 20:28:13 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/10 20:28:12 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2011/10/10 19:47:54 | 000,001,957 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011/10/10 16:58:13 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/10 14:27:45 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Internet.lnk
[2011/10/10 13:28:19 | 000,001,138 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2011/10/10 13:10:53 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Microsoft Excel 2010.lnk
[2011/10/10 12:06:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/10 11:54:27 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Safer WEB BROWSER.lnk
[2011/10/10 11:45:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/09 20:12:32 | 000,001,682 | ---- | M] () -- C:\WINDOWS\System32\.ini
[2011/10/09 17:41:00 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\AVG 2012.lnk
[2011/10/09 17:20:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/09 16:38:40 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_OPT_745.MRK
[2011/10/09 16:38:40 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_OPT_745.MRK
[2011/10/09 15:56:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/09 15:48:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/09 15:25:13 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/09 15:23:28 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/10/09 15:22:59 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/10/09 15:20:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/09 15:20:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/09 15:20:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/10/09 15:20:29 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/10/09 15:20:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/10/09 15:20:20 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/09 15:17:36 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/07 12:48:02 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/10/07 12:48:01 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/10/07 12:48:00 | 000,492,768 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/10/07 12:47:59 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/10/07 12:47:11 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/07 12:47:10 | 000,300,200 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/27 01:09:41 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\stinger10.2.0.337.opt
[2011/10/26 09:03:44 | 107,381,670 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/25 08:07:16 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/25 00:55:50 | 000,101,384 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Firewall Diag.xml
[2011/10/24 20:56:59 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Plantation Server\My Documents\reprev.opt
[2011/10/22 08:36:09 | 000,053,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/14 02:16:36 | 000,650,942 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-1606980848-839522115-1003-0.dat
[2011/10/14 02:16:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/10/13 10:42:32 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/13 10:42:31 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/13 10:12:18 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/10/13 10:12:11 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/10/12 23:08:57 | 000,146,658 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/10/12 22:56:51 | 009,420,800 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\NewPlantation (Backup Oct 12,2011 10 55 PM).QBB
[2011/10/12 22:49:21 | 000,242,788 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\HJF analysis.pdf
[2011/10/12 22:43:31 | 000,000,108 | ---- | C] () -- C:\index.ini
[2011/10/12 22:20:22 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/10/12 18:29:08 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/12 17:29:44 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Shortcut to KillSwitch.lnk
[2011/10/11 19:10:32 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Point of Sale 10.0.lnk
[2011/10/10 23:36:14 | 000,004,096 | -HS- | C] () -- C:\{50751C31-652C-418A-850D-2CFA5AD838AB}.CBM
[2011/10/10 20:28:13 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/10 20:28:12 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2011/10/10 19:49:01 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/10/10 19:49:01 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/10/10 19:49:01 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/10/10 19:49:01 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/10/10 19:48:23 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/10/10 19:47:54 | 000,001,957 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011/10/10 16:58:13 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/10 15:12:08 | 000,410,112 | -HS- | C] () -- C:\{4730EF3E-5012-4D3D-9982-9C12450ED65C}.CBM
[2011/10/10 14:42:40 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/10/10 14:27:45 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Internet.lnk
[2011/10/10 14:11:39 | 000,410,112 | -HS- | C] () -- C:\{9B45A6F1-76F5-48F7-8C6B-C0D76E8C0786}.CBM
[2011/10/10 13:54:31 | 000,406,528 | -HS- | C] () -- C:\EUMONBMP.SYS
[2011/10/10 13:47:51 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/10/10 13:26:52 | 000,001,138 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2011/10/10 13:10:09 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Microsoft Excel 2010.lnk
[2011/10/10 12:06:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/10 12:06:44 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/10 11:58:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/10 11:54:27 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Safer WEB BROWSER.lnk
[2011/10/10 11:44:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/10 11:27:46 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/10/09 20:12:32 | 000,001,682 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/09 17:41:00 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\AVG 2012.lnk
[2011/10/09 16:43:37 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2011/10/09 16:38:40 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_OPT_745.MRK
[2011/10/09 16:38:40 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_OPT_745.MRK
[2011/10/09 15:50:52 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/10/09 15:50:52 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/10/09 15:50:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/10/09 15:50:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/10/09 15:50:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/10/09 15:50:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/10/09 15:50:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/10/09 15:50:52 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/10/09 15:50:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/10/09 15:50:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/10/09 15:50:52 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/10/09 15:50:52 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/10/09 15:50:52 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/10/09 15:50:52 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/10/09 15:50:52 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/10/09 15:50:52 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/10/09 15:50:52 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/10/09 15:50:52 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/10/09 15:50:52 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/10/09 15:50:52 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/10/09 15:50:52 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/10/09 15:50:52 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/10/09 15:50:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/10/09 15:50:52 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/10/09 15:50:52 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/10/09 15:50:51 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/10/09 15:50:51 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/10/09 15:50:51 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/10/09 15:50:51 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/10/09 15:50:51 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/10/09 15:50:51 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/10/09 15:50:51 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/10/09 15:50:51 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/10/09 15:50:51 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/10/09 15:50:51 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/10/09 15:50:51 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/10/09 15:50:51 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/10/09 15:50:51 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/10/09 15:50:51 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/10/09 15:50:51 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/10/09 15:50:51 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/10/09 15:50:51 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/10/09 15:50:51 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/10/09 15:50:51 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/10/09 15:50:51 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/10/09 15:50:51 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/10/09 15:50:51 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/10/09 15:50:51 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/10/09 15:50:51 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/10/09 15:50:51 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/10/09 15:50:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/10/09 15:50:51 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/10/09 15:50:51 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/10/09 15:50:51 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/10/09 15:50:51 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/10/09 15:50:51 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/10/09 15:50:51 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/10/09 15:50:51 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/10/09 15:50:51 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/10/09 15:50:51 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/10/09 15:50:51 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/10/09 15:50:51 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/10/09 15:50:51 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/10/09 15:50:51 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/10/09 15:50:51 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/10/09 15:50:51 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/10/09 15:50:51 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/10/09 15:50:50 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/10/09 15:50:50 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/10/09 15:50:50 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/10/09 15:50:50 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/10/09 15:50:50 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/10/09 15:50:50 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/10/09 15:50:50 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/10/09 15:50:50 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/10/09 15:50:50 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/10/09 15:50:50 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/10/09 15:50:50 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/10/09 15:50:50 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/10/09 15:50:50 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/10/09 15:48:27 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/10/09 15:48:27 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/10/09 15:48:26 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/10/09 15:25:13 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/09 15:25:07 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Outlook Express.lnk
[2011/10/09 15:25:05 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/09 15:25:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Internet Explorer.lnk
[2011/10/09 15:24:59 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Remote Assistance.lnk
[2011/10/09 15:24:59 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Windows Media Player.lnk
[2011/10/09 15:23:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/10/09 15:22:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/09 15:22:18 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/10/09 15:22:04 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/10/09 15:21:58 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/10/09 15:21:57 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/10/09 15:21:56 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/10/09 15:21:47 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/10/09 15:21:43 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/10/09 15:21:30 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/10/09 15:20:32 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/09 15:20:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/10/09 15:20:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/10/09 15:20:29 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/10/09 15:20:29 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/10/09 15:20:27 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/09 15:19:18 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/10/09 15:19:08 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/10/09 15:18:40 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/10/09 15:18:40 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/10/09 15:18:34 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/10/09 15:17:38 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/10/09 15:17:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/09 15:17:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/10/09 15:16:54 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/10/09 15:16:54 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/10/09 15:16:54 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/10/09 15:16:54 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/10/09 15:16:54 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/10/09 15:16:54 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/10/09 15:16:54 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/10/09 15:16:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/10/09 15:16:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/10/09 15:16:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/10/09 15:16:53 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/10/09 15:16:51 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/10/09 15:16:50 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/10/09 15:16:49 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/10/09 15:16:43 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/10/09 10:10:05 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/09 10:10:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/09 10:10:00 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/10/09 10:10:00 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/10/09 10:10:00 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/10/09 10:10:00 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/10/09 10:09:44 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/10/09 10:09:35 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/10/09 10:09:35 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/10/09 10:09:35 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/10/09 10:09:34 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/10/09 10:09:34 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/10/09 10:09:34 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/10/09 10:09:34 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/10/09 10:09:34 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/10/09 10:08:57 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/09 10:08:07 | 000,000,219 | -HS- | C] () -- C:\boot.ini
[2011/10/09 10:08:04 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,493,942 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,084,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/09 17:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/10 20:22:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/14 02:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/26 10:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/10/26 09:03:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/11 20:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/10/10 14:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\Auslogics
[2011/10/09 17:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\AVG2012
[2011/10/12 17:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\KillSwitch 2
[2011/10/24 21:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\TeamViewer
[2011/10/26 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/10/26 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/10/26 19:49:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/10/26 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Hi and welcome to GeeksToGo! Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just in case you are unable to access this site.

Please note:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for us to analyse and fix your PC in the long run.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • Please tell me if you have your original Windows CD/DVD available
  • When in doubt, please stop and ask first. There's no harm in asking questions!

system32\.crusader is part of Hitman Pro.

Please do the following:

Step 1

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply

Step 2

Please delete your copy of OTL.exe.

Posted Image OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

When completed the above, please post back the following in the order asked for:
  • aswMBR log and attached zipped file MBR.dat
  • OTL scan log
  • Extras log

  • 0

#3
twt4Christ

twt4Christ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks again for your help! We've been pounding our heads.


aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-10-27 22:33:57
-----------------------------
22:33:57.312 OS Version: Windows 5.1.2600 Service Pack 3
22:33:57.312 Number of processors: 2 586 0x605
22:33:57.312 ComputerName: SERVERPFWS UserName:
22:33:57.937 Initialize success
22:34:04.640 AVAST engine defs: 11102701
22:34:08.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:34:08.984 Disk 0 Vendor: WDC_WD1600JS-75NCB3 10.02E04 Size: 152587MB BusType: 3
22:34:11.015 Disk 0 MBR read successfully
22:34:11.109 Disk 0 MBR scan
22:34:11.156 Disk 0 Windows XP default MBR code
22:34:11.171 Disk 0 scanning sectors +312496380
22:34:11.296 Disk 0 scanning C:\WINDOWS\system32\drivers
22:34:31.015 Service scanning
22:34:32.343 Modules scanning
22:34:37.828 Disk 0 trace - called modules:
22:34:37.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
22:34:37.937 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a65dab8]
22:34:37.953 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a66bd98]
22:34:38.875 AVAST engine scan C:\WINDOWS
22:34:45.921 AVAST engine scan C:\WINDOWS\system32
22:37:58.234 AVAST engine scan C:\WINDOWS\system32\drivers
22:38:22.234 AVAST engine scan C:\Documents and Settings\Plantation Server
22:49:19.437 AVAST engine scan C:\Documents and Settings\All Users
22:50:45.687 Scan finished successfully
22:58:06.593 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Plantation Server\Desktop\10.27 Server Service Logs\MBR.dat"
22:58:06.625 The log file has been saved successfully to "C:\Documents and Settings\Plantation Server\Desktop\10.27 Server Service Logs\aswMBR.txt"




OTL logfile created on: 10/27/2011 11:08:12 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Plantation Server\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 62.73% Memory free
5.09 Gb Paging File | 3.76 Gb Available in Paging File | 73.96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.00 Gb Total Space | 72.01 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
Drive T: | 50.01 Gb Total Space | 30.24 Gb Free Space | 60.47% Space Free | Partition Type: NTFS

Computer Name: SERVERPFWS | User Name: Plantation Server | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/27 22:52:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Plantation Server\Desktop\OTL.exe
PRC - [2011/10/20 06:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 12:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/09/26 18:15:44 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/20 11:15:26 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe
PRC - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 15:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/08 14:34:56 | 003,136,376 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBPOSDBService.exe
PRC - [2011/09/08 14:32:32 | 021,028,904 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\qbpos.exe
PRC - [2011/08/30 11:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/30 11:18:30 | 002,143,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/08/30 10:26:54 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\tv_w32.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/06 00:52:46 | 000,744,072 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
PRC - [2011/08/06 00:52:46 | 000,070,792 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
PRC - [2011/08/06 00:52:46 | 000,060,040 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/10/22 12:06:44 | 000,141,104 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBDBMgrN10.exe
PRC - [2009/09/16 19:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/05/21 23:10:20 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/13 10:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe
PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 19:10:24 | 002,228,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2011/10/11 19:10:24 | 000,418,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.15.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/10/11 19:10:24 | 000,229,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Api\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Api.dll
MOD - [2011/10/11 19:10:23 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.15.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/10/11 19:10:20 | 000,765,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/10/11 19:10:20 | 000,402,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/10/11 19:10:20 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/10/11 19:10:20 | 000,023,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/10/11 19:10:20 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/10/11 19:10:20 | 000,012,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/10/11 19:10:19 | 000,255,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.299.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/10/11 19:10:19 | 000,206,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.299.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
MOD - [2011/10/11 19:10:19 | 000,131,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/10/11 19:10:19 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/10/11 19:10:19 | 000,072,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/10/11 18:48:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/11 18:48:29 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/11 18:48:16 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/11 18:46:30 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2011/10/11 18:46:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/11 18:46:17 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/11 18:46:13 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/11 18:46:03 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/11 18:41:18 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/11 18:41:17 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/11 18:41:15 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/11 18:41:14 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/11 18:41:09 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/11 18:41:08 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/11 18:41:07 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/11 18:41:06 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/11 18:41:06 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
MOD - [2011/10/11 18:41:03 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/11 18:40:57 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/10/10 20:25:54 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/08/06 00:51:58 | 000,064,648 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\TbTapeBrowse.dll
MOD - [2011/08/06 00:51:52 | 000,243,336 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\ExImage.dll
MOD - [2011/08/06 00:51:52 | 000,074,376 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\ExchBackupSize.dll
MOD - [2011/08/06 00:51:50 | 000,069,768 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\EnumTapeDevice.dll
MOD - [2011/08/06 00:51:50 | 000,051,848 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\CodeLog.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/09/16 19:32:54 | 000,288,032 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\boost_regex-vc80-mt-p-1_33.dll
MOD - [2008/11/25 17:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\libxml2.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/10/05 03:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/07 12:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/26 18:15:44 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/20 11:15:26 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/08 14:34:56 | 003,136,376 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV10)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/06 00:52:46 | 000,060,040 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/05/21 23:10:20 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/13 10:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB18)
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Unknown | Running] -- -- (nyyxfm)
DRV - File not found [Kernel | Unknown | Running] -- -- (KKillSwitch2)
DRV - [2011/10/07 12:48:02 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 12:48:01 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 12:48:00 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/09/26 18:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/06 00:52:38 | 000,184,072 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2011/08/06 00:52:36 | 000,042,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/08/06 00:52:30 | 000,016,008 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/08/06 00:52:28 | 000,038,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/23 13:55:04 | 000,075,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2010/08/23 13:55:04 | 000,058,368 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) Optimus WHQL USB Device driver (WDM)
DRV - [2010/06/25 12:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/06/06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000478354-1606980848-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2000478354-1606980848-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2000478354-1606980848-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/25 08:07:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1606980848-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1606980848-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1606980848-839522115-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-1606980848-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1318266641531 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3FCA71A-4936-499F-9326-70C40100161A}: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/09 15:20:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/10/27 22:58:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Plantation Server\Desktop\OTL.exe
[2011/10/27 22:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Desktop\10.27 Server Service Logs
[2011/10/27 02:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/26 23:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2011/10/26 23:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/10/26 23:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2011/10/25 01:03:21 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/24 22:19:09 | 000,000,000 | ---D | C] -- C:\Users
[2011/10/13 11:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Identities
[2011/10/13 10:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/10/13 10:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Google
[2011/10/13 10:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/10/13 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Google
[2011/10/13 10:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/13 10:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/10/13 10:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\LogMeIn
[2011/10/13 10:12:30 | 000,030,592 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/10/13 10:12:29 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/10/13 10:12:29 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/10/13 10:12:23 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/10/13 10:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/10/13 10:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/10/13 10:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Deployment
[2011/10/13 00:59:01 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ntdvm.exe
[2011/10/13 00:51:31 | 000,000,000 | ---D | C] -- C:\NTVDM REBUILD
[2011/10/12 23:09:40 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/12 22:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Temp
[2011/10/12 22:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\CutePDF Writer
[2011/10/12 22:34:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/10/12 22:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/10/12 22:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/10/12 22:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/10/12 22:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/10/12 22:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/10/12 17:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\KillSwitch 2
[2011/10/12 17:38:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/10/12 17:18:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/12 13:47:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\IECompatCache
[2011/10/12 13:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/11 20:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/10/11 20:48:06 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/10/11 19:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks Point of Sale
[2011/10/11 18:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2011/10/10 20:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Intuit
[2011/10/10 20:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2011/10/10 20:28:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Administrative Tools
[2011/10/10 20:28:24 | 001,843,200 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\acXMLParser.dll
[2011/10/10 20:28:23 | 003,833,856 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2011/10/10 20:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Intuit
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2011/10/10 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/10/10 20:02:36 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabcmnt.sys
[2011/10/10 20:02:35 | 000,075,776 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabser.sys
[2011/10/10 20:02:35 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabcm.sys
[2011/10/10 19:57:54 | 000,058,368 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabbus.sys
[2011/10/10 19:57:54 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabwhnt.sys
[2011/10/10 19:57:54 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabwh.sys
[2011/10/10 19:50:52 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2011/10/10 19:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\HpUpdate
[2011/10/10 19:47:54 | 000,527,208 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPDiscoPM5512.dll
[2011/10/10 19:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/10/10 19:47:44 | 000,267,112 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5512LM.dll
[2011/10/10 19:47:44 | 000,232,296 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts5512.dll
[2011/10/10 19:47:44 | 000,213,864 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi5512.dll
[2011/10/10 19:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/10/10 19:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/10/10 19:46:36 | 001,793,384 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanMiniDrv_OJ6500_E710af.dll
[2011/10/10 19:46:33 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2011/10/10 19:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\HP
[2011/10/10 16:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/10/10 16:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/10/10 16:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/10/10 16:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2011/10/10 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Auslogics
[2011/10/10 14:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011/10/10 14:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/10/10 14:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Ghostscript
[2011/10/10 14:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011/10/10 13:47:52 | 000,184,072 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2011/10/10 13:47:52 | 000,038,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2011/10/10 13:47:52 | 000,016,008 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2011/10/10 13:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup 3.0
[2011/10/10 13:45:26 | 000,020,616 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe
[2011/10/10 13:34:34 | 000,000,000 | R--D | C] -- C:\SERVICE Only
[2011/10/10 13:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/10/10 13:11:29 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2011/10/10 13:11:29 | 000,016,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2011/10/10 13:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/10/10 13:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/10/10 13:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/10/10 13:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/10/10 13:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/10/10 13:02:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/10/10 13:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/10/10 13:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft Help
[2011/10/10 13:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/10/10 13:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/10/10 13:01:52 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/10/10 12:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2011/10/10 12:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/10/10 12:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/10 12:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/10/10 12:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/10/10 12:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/10/10 12:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Adobe
[2011/10/10 12:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Macromedia
[2011/10/10 12:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Adobe
[2011/10/10 12:00:44 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/10 11:58:45 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/10 11:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/10/10 11:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/10 11:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Malwarebytes
[2011/10/10 11:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/10 11:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/10 11:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/10 11:44:11 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/10 11:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/10 11:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/10/10 11:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/10/10 11:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/10/10 11:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/10/10 11:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/10 11:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/10/10 11:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/10/10 11:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/09 20:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/10/09 20:12:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/10/09 20:03:54 | 000,000,000 | ---D | C] -- C:\085321cf00bcec19e6
[2011/10/09 19:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/10/09 19:51:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/10/09 19:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/10/09 18:53:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\PrivacIE
[2011/10/09 18:47:38 | 000,000,000 | ---D | C] -- C:\1487a2a45830b98fba65346edc
[2011/10/09 18:41:08 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg2.dll
[2011/10/09 18:33:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/10/09 18:33:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/10/09 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Desktop\Old Install Archive
[2011/10/09 17:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\AVG2012
[2011/10/09 17:41:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/09 17:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/10/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/09 17:40:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/10/09 17:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/10/09 17:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/09 17:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/10/09 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/10/09 17:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\TeamViewer
[2011/10/09 17:19:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\IETldCache
[2011/10/09 17:10:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/10/09 17:10:46 | 011,081,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2011/10/09 17:10:46 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/10/09 17:10:46 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/10/09 17:10:46 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/10/09 17:10:46 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/10/09 17:10:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/10/09 17:09:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/10/09 16:58:00 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/10/09 16:57:58 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011/10/09 16:57:56 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011/10/09 16:57:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2011/10/09 16:57:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2011/10/09 16:57:20 | 000,361,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcpip.sys
[2011/10/09 16:57:20 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswsock.dll
[2011/10/09 16:57:20 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsapi.dll
[2011/10/09 16:57:20 | 000,138,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\afd.sys
[2011/10/09 16:57:20 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[2011/10/09 16:57:09 | 000,290,432 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2011/10/09 16:56:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/10/09 16:55:55 | 000,590,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2011/10/09 16:55:47 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/10/09 16:55:47 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/10/09 16:55:17 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/10/09 16:55:08 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/10/09 16:54:48 | 000,692,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2011/10/09 16:53:52 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/10/09 16:53:52 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/10/09 16:53:22 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2011/10/09 16:52:10 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atl.dll
[2011/10/09 16:51:39 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/10/09 16:51:39 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011/10/09 16:51:38 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/10/09 16:51:38 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/10/09 16:51:15 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/10/09 16:51:12 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/10/09 16:50:46 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/10/09 16:50:43 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/10/09 16:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/10/09 16:49:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/10/09 16:49:38 | 000,989,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kernel32.dll
[2011/10/09 16:49:38 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\secur32.dll
[2011/10/09 16:49:34 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2011/10/09 16:49:28 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2011/10/09 16:48:29 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/10/09 16:48:27 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cabview.dll
[2011/10/09 16:48:18 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wintrust.dll
[2011/10/09 16:48:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\UserData
[2011/10/09 16:45:39 | 000,006,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\splitter.sys
[2011/10/09 16:45:38 | 000,083,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wdmaud.sys
[2011/10/09 16:45:36 | 000,052,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dmusic.sys
[2011/10/09 16:45:35 | 000,056,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swmidi.sys
[2011/10/09 16:45:33 | 000,142,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aec.sys
[2011/10/09 16:45:32 | 000,172,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kmixer.sys
[2011/10/09 16:45:31 | 000,002,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmkaud.sys
[2011/10/09 16:45:30 | 000,060,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sysaudio.sys
[2011/10/09 16:45:29 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mskssrv.sys
[2011/10/09 16:45:27 | 000,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspqm.sys
[2011/10/09 16:45:25 | 000,005,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspclock.sys
[2011/10/09 16:45:21 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2011/10/09 16:45:21 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2011/10/09 16:45:21 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/10/09 16:45:21 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2011/10/09 16:45:21 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2011/10/09 16:45:21 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2011/10/09 16:45:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/10/09 16:45:21 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2011/10/09 16:45:19 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2011/10/09 16:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2011/10/09 16:45:08 | 000,031,232 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\PostProc.dll
[2011/10/09 16:44:52 | 000,000,000 | ---D | C] -- C:\Intel
[2011/10/09 16:43:40 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/10/09 16:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\InstallShield
[2011/10/09 16:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/10/09 16:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/10/09 16:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/10/09 16:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
[2011/10/09 16:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/10/09 16:30:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/10/09 16:29:50 | 000,161,792 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\drivers\b57xp32.sys
[2011/10/09 16:29:50 | 000,161,792 | ---- | C] (Broadcom Corporation) -- C:\WINDOWS\System32\dllcache\b57xp32.sys
[2011/10/09 16:29:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/10/09 16:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/10/09 15:55:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/09 15:50:54 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2011/10/09 15:50:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2011/10/09 15:50:54 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2011/10/09 15:50:51 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2011/10/09 15:50:51 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2011/10/09 15:50:50 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2011/10/09 15:50:43 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2011/10/09 15:50:43 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2011/10/09 15:50:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2011/10/09 15:50:43 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2011/10/09 15:50:41 | 001,888,992 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3duag.dll
[2011/10/09 15:50:41 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2011/10/09 15:50:41 | 000,516,768 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ativvaxx.dll
[2011/10/09 15:50:41 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2011/10/09 15:50:41 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\azroles.dll
[2011/10/09 15:50:41 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2011/10/09 15:50:41 | 000,229,376 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2cqag.dll
[2011/10/09 15:50:41 | 000,201,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvag.dll
[2011/10/09 15:50:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll
[2011/10/09 15:50:41 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2011/10/09 15:50:41 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2011/10/09 15:50:41 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2011/10/09 15:50:41 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2011/10/09 15:50:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2011/10/09 15:50:41 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2011/10/09 15:50:40 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2011/10/09 15:50:40 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2011/10/09 15:50:40 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2011/10/09 15:50:40 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2011/10/09 15:50:40 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2011/10/09 15:50:40 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2011/10/09 15:50:40 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2011/10/09 15:50:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2011/10/09 15:50:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2011/10/09 15:50:40 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2011/10/09 15:50:40 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2011/10/09 15:50:39 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2011/10/09 15:50:39 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2011/10/09 15:50:39 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2011/10/09 15:50:39 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2011/10/09 15:50:39 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2011/10/09 15:50:39 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2011/10/09 15:50:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2011/10/09 15:50:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2011/10/09 15:50:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2011/10/09 15:50:39 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2011/10/09 15:50:38 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/10/09 15:50:38 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2011/10/09 15:50:38 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2011/10/09 15:50:38 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2011/10/09 15:50:38 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2011/10/09 15:50:38 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2011/10/09 15:50:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2011/10/09 15:50:38 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2011/10/09 15:50:38 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2011/10/09 15:50:38 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2011/10/09 15:50:38 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2011/10/09 15:50:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2011/10/09 15:50:37 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2011/10/09 15:50:37 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2011/10/09 15:50:37 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2011/10/09 15:50:37 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2011/10/09 15:50:37 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2011/10/09 15:50:37 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2011/10/09 15:50:37 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2011/10/09 15:50:37 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2011/10/09 15:50:37 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2011/10/09 15:50:37 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2011/10/09 15:50:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/10/09 15:50:37 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2011/10/09 15:50:36 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2011/10/09 15:50:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/10/09 15:50:31 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2011/10/09 15:50:29 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2011/10/09 15:50:26 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2011/10/09 15:50:20 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2011/10/09 15:50:19 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2011/10/09 15:49:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/10/09 15:49:24 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2011/10/09 15:48:27 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/10/09 15:48:27 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/10/09 15:48:27 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/10/09 15:48:27 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/10/09 15:48:27 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/10/09 15:48:27 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/10/09 15:48:27 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/10/09 15:48:27 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/10/09 15:48:27 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/10/09 15:48:27 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2011/10/09 15:48:27 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/10/09 15:48:27 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/10/09 15:48:27 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/10/09 15:48:27 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/10/09 15:48:27 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/10/09 15:48:27 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/10/09 15:48:27 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/10/09 15:48:27 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2011/10/09 15:48:27 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/10/09 15:48:27 | 000,021,183 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2011/10/09 15:48:27 | 000,017,279 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2011/10/09 15:48:27 | 000,015,423 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2011/10/09 15:48:27 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/10/09 15:48:27 | 000,014,143 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2011/10/09 15:48:27 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/10/09 15:48:27 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/10/09 15:48:27 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/10/09 15:48:27 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/10/09 15:48:27 | 000,011,359 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2011/10/09 15:48:27 | 000,004,255 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2011/10/09 15:48:27 | 000,003,967 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2011/10/09 15:48:27 | 000,003,775 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2011/10/09 15:48:27 | 000,003,711 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2011/10/09 15:48:27 | 000,003,647 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2011/10/09 15:48:27 | 000,003,615 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2011/10/09 15:48:27 | 000,003,135 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2011/10/09 15:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/10/09 15:48:26 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/10/09 15:48:26 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/10/09 15:48:26 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/10/09 15:48:26 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/10/09 15:48:26 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/10/09 15:48:26 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/10/09 15:48:26 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/10/09 15:48:26 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/10/09 15:48:26 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2011/10/09 15:48:26 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/10/09 15:48:26 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/10/09 15:48:26 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2011/10/09 15:48:26 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2011/10/09 15:48:26 | 000,003,901 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2011/10/09 15:48:25 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/10/09 15:48:25 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/10/09 15:48:25 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/10/09 15:48:25 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/10/09 15:48:25 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/10/09 15:48:25 | 000,011,325 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2011/10/09 15:48:25 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/10/09 15:47:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/10/09 15:47:11 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/10/09 15:45:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/10/09 15:43:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/09 15:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Identities
[2011/10/09 15:25:05 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/10/09 15:25:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\My Documents\My Pictures
[2011/10/09 15:25:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\My Documents\My Music
[2011/10/09 15:24:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft
[2011/10/09 15:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Plantation Server\SendTo
[2011/10/09 15:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Plantation Server\Recent
[2011/10/09 15:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Plantation Server\Application Data
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Startup
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\My Documents
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Favorites
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Accessories
[2011/10/09 15:24:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\Cookies
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\Templates
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\PrintHood
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\NetHood
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\Local Settings
[2011/10/09 15:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft
[2011/10/09 15:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Desktop
[2011/10/09 15:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/10/09 15:23:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/10/09 15:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/10/09 15:23:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/10/09 15:23:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/10/09 15:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/10/09 15:22:41 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/10/09 15:22:40 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/10/09 15:22:40 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/10/09 15:22:40 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/10/09 15:22:40 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/10/09 15:22:40 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/10/09 15:22:39 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/10/09 15:22:39 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/10/09 15:22:38 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/10/09 15:22:38 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/10/09 15:22:38 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/10/09 15:22:38 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/10/09 15:22:38 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/10/09 15:22:37 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/10/09 15:22:37 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/10/09 15:22:36 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/10/09 15:22:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/10/09 15:22:35 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/10/09 15:22:35 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/10/09 15:22:34 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/10/09 15:22:34 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/10/09 15:22:34 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/10/09 15:22:34 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/10/09 15:22:34 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/10/09 15:22:33 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/10/09 15:22:33 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/10/09 15:22:32 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/10/09 15:22:31 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/10/09 15:22:31 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/10/09 15:22:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/10/09 15:22:30 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/10/09 15:22:29 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/10/09 15:22:28 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/10/09 15:22:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/10/09 15:22:28 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/10/09 15:22:28 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/10/09 15:22:28 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/10/09 15:22:28 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/10/09 15:22:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/10/09 15:22:28 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/10/09 15:22:27 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/10/09 15:22:27 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/10/09 15:22:27 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/10/09 15:22:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/10/09 15:22:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/10/09 15:22:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/10/09 15:22:27 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/10/09 15:22:27 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/10/09 15:22:27 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/10/09 15:22:25 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/10/09 15:22:25 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/10/09 15:22:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/10/09 15:22:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/10/09 15:22:23 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/10/09 15:22:22 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/10/09 15:22:22 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/10/09 15:22:21 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/10/09 15:22:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/10/09 15:22:21 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/10/09 15:22:20 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/10/09 15:22:19 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/10/09 15:22:19 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/10/09 15:22:19 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/10/09 15:22:19 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/10/09 15:22:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/10/09 15:22:18 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/10/09 15:22:18 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/10/09 15:22:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/10/09 15:22:17 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/10/09 15:22:17 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/10/09 15:22:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/10/09 15:22:17 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/10/09 15:22:17 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/10/09 15:22:15 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/10/09 15:22:15 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/10/09 15:22:13 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/10/09 15:22:11 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/10/09 15:22:11 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/10/09 15:22:07 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/10/09 15:22:07 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/10/09 15:22:07 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/10/09 15:22:06 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/10/09 15:22:06 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/10/09 15:22:04 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/10/09 15:22:04 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/10/09 15:22:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/10/09 15:22:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/10/09 15:22:04 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/10/09 15:22:03 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/10/09 15:22:03 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/10/09 15:22:03 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/10/09 15:22:03 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/10/09 15:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/10/09 15:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/10/09 15:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/10/09 15:22:03 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/10/09 15:22:02 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/10/09 15:22:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/10/09 15:22:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/10/09 15:22:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/10/09 15:22:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/10/09 15:22:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/10/09 15:22:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/10/09 15:22:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/10/09 15:22:02 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/10/09 15:22:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/10/09 15:22:01 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/10/09 15:22:01 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/10/09 15:22:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/10/09 15:22:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/10/09 15:22:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/10/09 15:22:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/10/09 15:22:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/10/09 15:22:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/10/09 15:22:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/10/09 15:22:01 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/10/09 15:22:00 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/10/09 15:22:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/10/09 15:21:59 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/10/09 15:21:59 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/10/09 15:21:58 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/10/09 15:21:58 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/10/09 15:21:58 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/10/09 15:21:58 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/10/09 15:21:58 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/10/09 15:21:58 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/10/09 15:21:58 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/10/09 15:21:57 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/10/09 15:21:57 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/10/09 15:21:57 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/10/09 15:21:57 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/10/09 15:21:57 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/10/09 15:21:57 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/10/09 15:21:57 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/10/09 15:21:56 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/10/09 15:21:56 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/10/09 15:21:56 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/10/09 15:21:56 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/10/09 15:21:56 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/10/09 15:21:56 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/10/09 15:21:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/10/09 15:21:56 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/10/09 15:21:55 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/10/09 15:21:55 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/10/09 15:21:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/10/09 15:21:55 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/10/09 15:21:51 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/10/09 15:21:44 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/10/09 15:21:43 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/10/09 15:21:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/10/09 15:21:41 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/10/09 15:21:40 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/10/09 15:21:40 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/10/09 15:21:40 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/10/09 15:21:40 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/10/09 15:21:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/10/09 15:21:38 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/10/09 15:21:37 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/10/09 15:21:37 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/10/09 15:21:37 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/10/09 15:21:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/10/09 15:21:36 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2011/10/09 15:21:33 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/10/09 15:21:32 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/10/09 15:21:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/10/09 15:21:32 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/10/09 15:21:32 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/10/09 15:21:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/10/09 15:21:30 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/10/09 15:21:30 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/10/09 15:21:30 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/10/09 15:21:30 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/10/09 15:21:30 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/10/09 15:21:30 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/10/09 15:21:29 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/10/09 15:21:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/10/09 15:21:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/10/09 15:21:29 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/10/09 15:21:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/10/09 15:21:28 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/10/09 15:21:28 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/10/09 15:21:27 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/10/09 15:21:27 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/10/09 15:21:22 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/10/09 15:21:21 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/10/09 15:21:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/10/09 15:21:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/10/09 15:21:20 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/10/09 15:21:18 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/10/09 15:21:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/10/09 15:21:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/10/09 15:21:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/10/09 15:21:11 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/10/09 15:21:11 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/10/09 15:21:10 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/10/09 15:21:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/10/09 15:21:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/10/09 15:21:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/10/09 15:21:06 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/10/09 15:21:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/10/09 15:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/10/09 15:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/10/09 15:20:54 | 000,000,000 | ---D | C] -- C:\DELL
[2011/10/09 15:20:46 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/10/09 15:20:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/10/09 15:20:20 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2011/10/09 15:19:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/10/09 15:19:29 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/10/09 15:19:28 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/10/09 15:19:19 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/10/09 15:19:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/10/09 15:18:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2011/10/09 15:18:43 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2011/10/09 15:18:42 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2011/10/09 15:18:42 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2011/10/09 15:18:42 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2011/10/09 15:18:42 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2011/10/09 15:18:34 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2011/10/09 15:18:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2011/10/09 15:18:34 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2011/10/09 15:18:33 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2011/10/09 15:18:33 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2011/10/09 15:18:33 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2011/10/09 15:18:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2011/10/09 15:18:33 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2011/10/09 15:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/10/09 15:18:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2011/10/09 15:18:30 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2011/10/09 15:18:30 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/10/09 15:18:29 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2011/10/09 15:18:29 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2011/10/09 15:18:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2011/10/09 15:18:29 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2011/10/09 15:18:29 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2011/10/09 15:18:29 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2011/10/09 15:18:29 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/10/09 15:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/10/09 15:18:28 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2011/10/09 15:18:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/10/09 15:18:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/10/09 15:18:24 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2011/10/09 15:18:24 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2011/10/09 15:18:24 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/10/09 15:18:24 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2011/10/09 15:18:23 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2011/10/09 15:18:23 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2011/10/09 15:18:23 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2011/10/09 15:18:23 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2011/10/09 15:18:23 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2011/10/09 15:18:23 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2011/10/09 15:18:23 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/10/09 15:18:22 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2011/10/09 15:18:22 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2011/10/09 15:18:22 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2011/10/09 15:18:22 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2011/10/09 15:18:22 | 000,209,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2011/10/09 15:18:22 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2011/10/09 15:18:22 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2011/10/09 15:18:22 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2011/10/09 15:18:22 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2011/10/09 15:18:22 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2011/10/09 15:18:21 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2011/10/09 15:18:21 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2011/10/09 15:18:21 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/10/09 15:18:21 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2011/10/09 15:18:21 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2011/10/09 15:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/10/09 15:18:14 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2011/10/09 15:18:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2011/10/09 15:18:14 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2011/10/09 15:18:14 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2011/10/09 15:18:11 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2011/10/09 15:18:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/10/09 15:18:10 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2011/10/09 15:18:10 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2011/10/09 15:18:10 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2011/10/09 15:18:10 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2011/10/09 15:18:09 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2011/10/09 15:18:09 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2011/10/09 15:18:07 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2011/10/09 15:18:07 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2011/10/09 15:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/10/09 15:18:06 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2011/10/09 15:18:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2011/10/09 15:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/10/09 15:18:03 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2011/10/09 15:18:03 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2011/10/09 15:18:03 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2011/10/09 15:18:03 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2011/10/09 15:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/10/09 15:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/10/09 15:17:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/10/09 15:17:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/10/09 15:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/10/09 15:17:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/10/09 15:17:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/10/09 15:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/10/09 15:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/10/09 15:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/10/09 15:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/10/09 15:17:11 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2011/10/09 15:17:11 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2011/10/09 15:17:11 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2011/10/09 15:17:11 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2011/10/09 15:17:11 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2011/10/09 15:17:11 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2011/10/09 15:17:10 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2011/10/09 15:17:10 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2011/10/09 15:17:10 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2011/10/09 15:17:10 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2011/10/09 15:17:10 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2011/10/09 15:17:10 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2011/10/09 15:17:10 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2011/10/09 15:17:10 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2011/10/09 15:17:10 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2011/10/09 15:17:10 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2011/10/09 15:17:10 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2011/10/09 15:17:10 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2011/10/09 15:17:09 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2011/10/09 15:17:09 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2011/10/09 15:17:09 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2011/10/09 15:17:09 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2011/10/09 15:17:09 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2011/10/09 15:17:09 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2011/10/09 15:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/10/09 15:17:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/10/09 15:17:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2011/10/09 15:17:00 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/10/09 15:17:00 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2011/10/09 15:17:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2011/10/09 15:17:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/10/09 15:17:00 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/10/09 15:17:00 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2011/10/09 15:16:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2011/10/09 15:16:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/10/09 15:16:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/10/09 15:16:59 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2011/10/09 15:16:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2011/10/09 15:16:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/10/09 15:16:52 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2011/10/09 15:16:52 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2011/10/09 15:16:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2011/10/09 15:16:52 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/10/09 15:16:52 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2011/10/09 15:16:52 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/10/09 15:16:51 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/10/09 15:16:51 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2011/10/09 15:16:51 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/10/09 15:16:51 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2011/10/09 15:16:51 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/10/09 15:16:51 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2011/10/09 15:16:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/10/09 15:16:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2011/10/09 15:16:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2011/10/09 15:16:51 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2011/10/09 15:16:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2011/10/09 15:16:50 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2011/10/09 15:16:50 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2011/10/09 15:16:50 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2011/10/09 15:16:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2011/10/09 15:16:50 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2011/10/09 15:16:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2011/10/09 15:16:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2011/10/09 15:16:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2011/10/09 15:16:50 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2011/10/09 15:16:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2011/10/09 15:16:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2011/10/09 15:16:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2011/10/09 15:16:50 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2011/10/09 15:16:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2011/10/09 15:16:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2011/10/09 15:16:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2011/10/09 15:16:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2011/10/09 15:16:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2011/10/09 15:16:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2011/10/09 15:16:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2011/10/09 15:16:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2011/10/09 15:16:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2011/10/09 15:16:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2011/10/09 15:16:49 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2011/10/09 15:16:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2011/10/09 15:16:49 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2011/10/09 15:16:49 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2011/10/09 15:16:48 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2011/10/09 15:16:48 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2011/10/09 15:16:48 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2011/10/09 15:16:48 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2011/10/09 15:16:48 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2011/10/09 15:16:48 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2011/10/09 15:16:48 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2011/10/09 15:16:48 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2011/10/09 15:16:45 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2011/10/09 15:16:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2011/10/09 15:16:45 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2011/10/09 15:16:44 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2011/10/09 15:16:44 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2011/10/09 15:16:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2011/10/09 15:16:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2011/10/09 15:16:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2011/10/09 15:16:44 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2011/10/09 15:16:44 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2011/10/09 15:16:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2011/10/09 15:16:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2011/10/09 15:16:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2011/10/09 15:16:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2011/10/09 15:16:43 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2011/10/09 15:16:43 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2011/10/09 15:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/10/09 15:16:30 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/10/09 15:16:30 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2011/10/09 15:16:29 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/10/09 15:16:29 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/10/09 15:16:29 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2011/10/09 15:16:28 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2011/10/09 15:16:26 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/10/09 15:16:26 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/10/09 15:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/10/09 15:16:25 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2011/10/09 15:16:22 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2011/10/09 15:16:21 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2011/10/09 15:16:21 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2011/10/09 15:16:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/10/09 15:16:20 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/10/09 15:16:19 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2011/10/09 15:16:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2011/10/09 15:16:19 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2011/10/09 15:16:17 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2011/10/09 15:16:17 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/10/09 15:16:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2011/10/09 15:16:17 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2011/10/09 15:16:16 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2011/10/09 15:16:15 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2011/10/09 15:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/10/09 15:16:13 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2011/10/09 15:16:13 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2011/10/09 15:16:12 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2011/10/09 15:16:12 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2011/10/09 15:16:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/10/09 15:16:08 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2011/10/09 15:16:08 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2011/10/09 15:16:05 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2011/10/09 15:15:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2011/10/09 15:15:46 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2011/10/09 15:15:46 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2011/10/09 15:15:45 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2011/10/09 15:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/10/09 15:15:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/10/09 10:11:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2011/10/09 10:11:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbui.dll
[2011/10/09 10:10:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/10/09 10:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/10/09 10:10:01 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2011/10/09 10:10:01 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2011/10/09 10:10:00 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2011/10/09 10:09:59 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2011/10/09 10:09:59 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/10/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/10/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/10/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/10/09 10:09:56 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2011/10/09 10:09:56 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2011/10/09 10:09:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2011/10/09 10:09:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2011/10/09 10:09:56 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2011/10/09 10:09:56 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2011/10/09 10:09:55 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2011/10/09 10:09:55 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2011/10/09 10:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2011/10/09 10:09:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2011/10/09 10:09:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2011/10/09 10:09:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2011/10/09 10:09:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2011/10/09 10:09:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2011/10/09 10:09:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2011/10/09 10:09:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2011/10/09 10:09:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2011/10/09 10:09:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2011/10/09 10:09:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2011/10/09 10:09:54 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2011/10/09 10:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2011/10/09 10:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2011/10/09 10:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2011/10/09 10:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2011/10/09 10:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2011/10/09 10:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2011/10/09 10:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2011/10/09 10:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2011/10/09 10:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2011/10/09 10:09:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2011/10/09 10:09:52 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2011/10/09 10:09:52 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2011/10/09 10:09:52 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2011/10/09 10:09:52 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2011/10/09 10:09:52 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2011/10/09 10:09:52 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2011/10/09 10:09:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2011/10/09 10:09:52 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2011/10/09 10:09:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2011/10/09 10:09:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2011/10/09 10:09:52 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2011/10/09 10:09:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2011/10/09 10:09:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2011/10/09 10:09:52 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2011/10/09 10:09:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2011/10/09 10:09:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2011/10/09 10:09:51 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2011/10/09 10:09:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2011/10/09 10:09:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2011/10/09 10:09:51 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2011/10/09 10:09:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2011/10/09 10:09:51 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2011/10/09 10:09:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2011/10/09 10:09:51 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2011/10/09 10:09:49 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2011/10/09 10:09:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2011/10/09 10:09:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2011/10/09 10:09:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2011/10/09 10:09:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2011/10/09 10:09:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2011/10/09 10:09:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2011/10/09 10:09:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2011/10/09 10:09:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2011/10/09 10:09:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2011/10/09 10:09:49 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2011/10/09 10:09:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2011/10/09 10:09:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2011/10/09 10:09:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2011/10/09 10:09:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2011/10/09 10:09:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2011/10/09 10:09:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2011/10/09 10:09:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2011/10/09 10:09:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2011/10/09 10:09:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2011/10/09 10:09:49 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2011/10/09 10:09:49 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2011/10/09 10:09:49 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2011/10/09 10:09:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2011/10/09 10:09:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2011/10/09 10:09:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2011/10/09 10:09:47 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2011/10/09 10:09:47 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2011/10/09 10:09:47 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2011/10/09 10:09:47 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2011/10/09 10:09:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/10/09 10:09:47 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/10/09 10:09:46 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2011/10/09 10:09:46 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2011/10/09 10:09:46 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/10/09 10:09:46 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/10/09 10:09:46 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2011/10/09 10:09:46 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2011/10/09 10:09:46 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2011/10/09 10:09:46 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2011/10/09 10:09:46 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2011/10/09 10:09:46 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2011/10/09 10:09:46 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2011/10/09 10:09:46 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2011/10/09 10:09:45 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2011/10/09 10:09:45 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2011/10/09 10:09:45 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2011/10/09 10:09:45 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2011/10/09 10:09:45 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2011/10/09 10:09:45 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2011/10/09 10:09:45 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2011/10/09 10:09:45 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2011/10/09 10:09:45 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2011/10/09 10:09:45 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2011/10/09 10:09:45 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2011/10/09 10:09:45 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2011/10/09 10:09:44 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2011/10/09 10:09:44 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2011/10/09 10:09:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2011/10/09 10:09:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2011/10/09 10:09:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2011/10/09 10:09:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/10/09 10:09:43 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2011/10/09 10:09:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/10/09 10:09:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/10/09 10:09:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/10/09 10:09:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/10/09 10:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/10/09 10:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/10/09 10:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/10/09 10:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/10/09 10:09:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/10/09 10:09:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/10/09 10:08:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/10/09 10:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/10/09 10:02:38 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/10/09 10:02:38 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/10/09 10:02:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/10/09 10:02:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/27 23:01:01 | 009,826,304 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\NewPlantation BACKUP BEFORE DERVICE (Backup Oct 27,2011 10 59 PM).QBB
[2011/10/27 22:57:00 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/27 22:52:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Plantation Server\Desktop\OTL.exe
[2011/10/27 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2011/10/27 19:49:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/10/27 14:57:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/27 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/10/27 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/10/27 09:00:20 | 107,552,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/27 07:45:09 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/27 02:44:00 | 000,000,389 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Shortcut to SERVICE Only.lnk
[2011/10/27 01:09:41 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\stinger10.2.0.337.opt
[2011/10/25 08:07:16 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/25 01:38:01 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/10/25 01:28:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/25 01:27:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/25 01:04:37 | 000,000,219 | -HS- | M] () -- C:\boot.ini
[2011/10/24 20:56:59 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\Plantation Server\My Documents\reprev.opt
[2011/10/22 08:36:09 | 000,053,957 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/14 02:16:04 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/10/13 10:43:05 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/10/13 10:12:20 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/10/12 23:59:31 | 000,000,108 | ---- | M] () -- C:\index.ini
[2011/10/12 22:20:29 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/10/12 18:29:08 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/11 19:10:32 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Point of Sale 10.0.lnk
[2011/10/11 18:55:55 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 18:49:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/11 18:42:58 | 000,493,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/11 18:42:58 | 000,084,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/10 23:36:14 | 000,410,112 | -HS- | M] () -- C:\{9B45A6F1-76F5-48F7-8C6B-C0D76E8C0786}.CBM
[2011/10/10 23:36:14 | 000,410,112 | -HS- | M] () -- C:\{4730EF3E-5012-4D3D-9982-9C12450ED65C}.CBM
[2011/10/10 23:36:14 | 000,004,096 | -HS- | M] () -- C:\{50751C31-652C-418A-850D-2CFA5AD838AB}.CBM
[2011/10/10 23:25:33 | 000,406,528 | -HS- | M] () -- C:\EUMONBMP.SYS
[2011/10/10 20:28:13 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/10 20:28:12 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2011/10/10 19:47:54 | 000,001,957 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011/10/10 16:58:13 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/10 14:27:45 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Internet.lnk
[2011/10/10 13:28:19 | 000,001,138 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2011/10/10 13:10:53 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Microsoft Excel 2010.lnk
[2011/10/10 12:06:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/10 11:58:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/10/10 11:54:27 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Safer WEB BROWSER.lnk
[2011/10/10 11:45:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/09 20:12:32 | 000,001,682 | ---- | M] () -- C:\WINDOWS\System32\.ini
[2011/10/09 17:41:00 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\AVG 2012.lnk
[2011/10/09 17:20:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/09 16:38:40 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_OPT_745.MRK
[2011/10/09 16:38:40 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_OPT_745.MRK
[2011/10/09 15:56:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/09 15:48:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/09 15:25:13 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/09 15:23:28 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/10/09 15:22:59 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/10/09 15:20:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/09 15:20:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/09 15:20:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/10/09 15:20:29 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/10/09 15:20:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/10/09 15:20:20 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/09 15:17:36 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/07 12:48:02 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/10/07 12:48:01 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/10/07 12:48:00 | 000,492,768 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/10/07 12:47:59 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/10/07 12:47:11 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/07 12:47:10 | 000,300,200 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll
[2011/10/03 03:35:11 | 005,971,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/27 23:00:50 | 009,826,304 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\NewPlantation BACKUP BEFORE DERVICE (Backup Oct 27,2011 10 59 PM).QBB
[2011/10/27 09:00:20 | 107,552,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/27 02:44:00 | 000,000,389 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Shortcut to SERVICE Only.lnk
[2011/10/27 01:09:41 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\stinger10.2.0.337.opt
[2011/10/25 08:07:16 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/24 20:56:59 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Plantation Server\My Documents\reprev.opt
[2011/10/22 08:36:09 | 000,053,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/14 02:16:36 | 000,650,942 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-1606980848-839522115-1003-0.dat
[2011/10/14 02:16:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/10/13 10:42:32 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/13 10:42:31 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/13 10:12:18 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/10/13 10:12:11 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/10/12 23:08:57 | 000,146,658 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/10/12 22:43:31 | 000,000,108 | ---- | C] () -- C:\index.ini
[2011/10/12 22:20:22 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/10/12 18:29:08 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/11 19:10:32 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Point of Sale 10.0.lnk
[2011/10/10 23:36:14 | 000,004,096 | -HS- | C] () -- C:\{50751C31-652C-418A-850D-2CFA5AD838AB}.CBM
[2011/10/10 20:28:13 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/10 20:28:12 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2011/10/10 19:49:01 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2011/10/10 19:49:01 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/10/10 19:49:01 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2011/10/10 19:49:01 | 000,000,460 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/10/10 19:48:23 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/10/10 19:47:54 | 000,001,957 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011/10/10 16:58:13 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/10 15:12:08 | 000,410,112 | -HS- | C] () -- C:\{4730EF3E-5012-4D3D-9982-9C12450ED65C}.CBM
[2011/10/10 14:42:40 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/10/10 14:27:45 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Internet.lnk
[2011/10/10 14:11:39 | 000,410,112 | -HS- | C] () -- C:\{9B45A6F1-76F5-48F7-8C6B-C0D76E8C0786}.CBM
[2011/10/10 13:54:31 | 000,406,528 | -HS- | C] () -- C:\EUMONBMP.SYS
[2011/10/10 13:47:51 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/10/10 13:26:52 | 000,001,138 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2011/10/10 13:10:09 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Microsoft Excel 2010.lnk
[2011/10/10 12:06:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/10 12:06:44 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/10 11:58:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/10 11:54:27 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Safer WEB BROWSER.lnk
[2011/10/10 11:44:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/10 11:27:46 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/10/09 20:12:32 | 000,001,682 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/09 17:41:00 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\AVG 2012.lnk
[2011/10/09 16:43:37 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2011/10/09 16:38:40 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_OPT_745.MRK
[2011/10/09 16:38:40 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_OPT_745.MRK
[2011/10/09 15:50:52 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/10/09 15:50:52 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/10/09 15:50:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/10/09 15:50:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/10/09 15:50:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/10/09 15:50:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/10/09 15:50:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/10/09 15:50:52 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/10/09 15:50:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/10/09 15:50:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/10/09 15:50:52 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/10/09 15:50:52 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/10/09 15:50:52 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/10/09 15:50:52 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/10/09 15:50:52 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/10/09 15:50:52 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/10/09 15:50:52 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/10/09 15:50:52 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/10/09 15:50:52 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/10/09 15:50:52 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/10/09 15:50:52 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/10/09 15:50:52 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/10/09 15:50:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/10/09 15:50:52 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/10/09 15:50:52 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/10/09 15:50:51 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/10/09 15:50:51 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/10/09 15:50:51 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/10/09 15:50:51 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/10/09 15:50:51 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/10/09 15:50:51 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/10/09 15:50:51 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/10/09 15:50:51 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/10/09 15:50:51 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/10/09 15:50:51 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/10/09 15:50:51 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/10/09 15:50:51 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/10/09 15:50:51 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/10/09 15:50:51 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/10/09 15:50:51 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/10/09 15:50:51 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/10/09 15:50:51 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/10/09 15:50:51 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/10/09 15:50:51 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/10/09 15:50:51 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/10/09 15:50:51 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/10/09 15:50:51 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/10/09 15:50:51 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/10/09 15:50:51 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/10/09 15:50:51 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/10/09 15:50:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/10/09 15:50:51 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/10/09 15:50:51 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/10/09 15:50:51 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/10/09 15:50:51 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/10/09 15:50:51 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/10/09 15:50:51 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/10/09 15:50:51 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/10/09 15:50:51 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/10/09 15:50:51 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/10/09 15:50:51 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/10/09 15:50:51 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/10/09 15:50:51 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/10/09 15:50:51 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/10/09 15:50:51 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/10/09 15:50:51 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/10/09 15:50:51 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/10/09 15:50:50 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/10/09 15:50:50 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/10/09 15:50:50 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/10/09 15:50:50 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/10/09 15:50:50 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/10/09 15:50:50 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/10/09 15:50:50 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/10/09 15:50:50 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/10/09 15:50:50 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/10/09 15:50:50 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/10/09 15:50:50 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/10/09 15:50:50 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/10/09 15:50:50 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/10/09 15:48:27 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/10/09 15:48:27 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/10/09 15:48:26 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/10/09 15:25:13 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/09 15:25:07 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Outlook Express.lnk
[2011/10/09 15:25:05 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/09 15:25:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Internet Explorer.lnk
[2011/10/09 15:24:59 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Remote Assistance.lnk
[2011/10/09 15:24:59 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Windows Media Player.lnk
[2011/10/09 15:23:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/10/09 15:22:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/09 15:22:18 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/10/09 15:22:04 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/10/09 15:21:58 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/10/09 15:21:57 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/10/09 15:21:56 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/10/09 15:21:47 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/10/09 15:21:43 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/10/09 15:21:30 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/10/09 15:20:32 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/09 15:20:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/10/09 15:20:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/10/09 15:20:29 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/10/09 15:20:29 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/10/09 15:20:27 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/09 15:19:18 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/10/09 15:19:08 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/10/09 15:18:40 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/10/09 15:18:40 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/10/09 15:18:34 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/10/09 15:17:38 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/10/09 15:17:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/09 15:17:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/10/09 15:16:54 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/10/09 15:16:54 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/10/09 15:16:54 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/10/09 15:16:54 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/10/09 15:16:54 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/10/09 15:16:54 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/10/09 15:16:54 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/10/09 15:16:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/10/09 15:16:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/10/09 15:16:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/10/09 15:16:53 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/10/09 15:16:51 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/10/09 15:16:50 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/10/09 15:16:49 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/10/09 15:16:43 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/10/09 10:10:05 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/09 10:10:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/09 10:10:00 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/10/09 10:10:00 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/10/09 10:10:00 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/10/09 10:10:00 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/10/09 10:09:44 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/10/09 10:09:35 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/10/09 10:09:35 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/10/09 10:09:35 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/10/09 10:09:34 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/10/09 10:09:34 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/10/09 10:09:34 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/10/09 10:09:34 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/10/09 10:09:34 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/10/09 10:08:57 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/09 10:08:07 | 000,000,219 | -HS- | C] () -- C:\boot.ini
[2011/10/09 10:08:04 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,493,942 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,084,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/12 23:51:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2011/10/13 00:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\KillSwitch 2
[2011/10/09 17:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/10 20:22:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/14 02:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/27 10:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/10/27 09:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/11 20:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/10/10 14:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\Auslogics
[2011/10/09 17:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\AVG2012
[2011/10/12 17:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\KillSwitch 2
[2011/10/24 21:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\TeamViewer
[2011/10/27 10:10:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/10/27 20:40:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2011/10/27 19:49:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/10/27 14:00:00 | 000,000,460 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/08/22 06:56:56 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< End of report >



OTL Extras logfile created on: 10/27/2011 11:08:12 PM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Plantation Server\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.04 Gb Available Physical Memory | 62.73% Memory free
5.09 Gb Paging File | 3.76 Gb Available in Paging File | 73.96% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.00 Gb Total Space | 72.01 Gb Free Space | 72.73% Space Free | Partition Type: NTFS
Drive T: | 50.01 Gb Total Space | 30.24 Gb Free Space | 60.47% Space Free | Partition Type: NTFS

Computer Name: SERVERPFWS | User Name: Plantation Server | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [hitmanpro] -- "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" "%1\"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe" = C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\DeviceSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe" = C:\Program Files\HP\HP Officejet 6500 E710a-f\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:HP Network Communicator -- (Hewlett-Packard Co.)
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBPOSDBService.exe" = C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBPOSDBService.exe:LocalSubNet:Enabled:Image Server for QBPOS 10.0 -- (Intuit Inc.)
"C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBDBMgrN10.exe" = C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBDBMgrN10.exe:LocalSubNet:Enabled:Database manager for QBPOS 10.0 -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBDBMgr10.exe" = C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBDBMgr10.exe:LocalSubNet:Enabled:Database manager for QBPOS 10.0 -- (iAnywhere Solutions, Inc.)
"C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe" = C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe:LocalSubNet:Enabled:Intuit Entitlement Service v6.0 -- (Intuit, Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Help
"{071B9AFA-EBE8-4ABF-8F4A-9F92612F517E}" = Broadcom ASF Management Applications
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{474A7BA6-A657-4152-8FB5-244D178D7174}" = HP Officejet 6500 E710a-f Product Improvement Study
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{670A25D9-1029-4D4E-93FF-66B3C07769D6}" = HP Officejet 6500 E710a-f Basic Device Software
"{6CABAF8F-2DBE-4038-A37B-C4AFEFCA4C21}" = QuickBooks Point of Sale 10.0
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7D004944-C4F1-4C44-AAD4-E7F85190ED00}" = AVG 2012
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.EXCELR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.EXCELR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.EXCELR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.EXCELR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.EXCELR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.EXCELR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.EXCELR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2010
"{91140000-0016-0000-0000-0000000FF1CE}_Office14.EXCELR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{E217A3D4-2FF9-4D5F-9C20-1386E0FF9864}" = LogMeIn
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Defraggler" = Defraggler
"EaseUS Todo Backup Free 3.0_is1" = EaseUS Todo Backup Free 3.0
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HijackThis" = HijackThis 2.0.2
"HitmanPro35" = Hitman Pro 3.5
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.EXCELR" = Microsoft Excel 2010
"TeamViewer 6" = TeamViewer 6
"WhoCrashed_is1" = WhoCrashed 3.00
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/25/2011 8:42:44 AM | Computer Name = SERVERPFWS | Source = QuickBooks | ID = 4
Description =

Error - 10/25/2011 8:42:44 AM | Computer Name = SERVERPFWS | Source = QuickBooks | ID = 4
Description =

Error - 10/25/2011 8:42:44 AM | Computer Name = SERVERPFWS | Source = QuickBooks | ID = 4
Description =

Error - 10/26/2011 8:42:26 AM | Computer Name = SERVERPFWS | Source = QuickBooks | ID = 4
Description =

Error - 10/26/2011 8:42:26 AM | Computer Name = SERVERPFWS | Source = QuickBooks | ID = 4
Description =

Error - 10/26/2011 8:42:26 AM | Computer Name = SERVERPFWS | Source = QuickBooks | ID = 4
Description =

Error - 10/27/2011 12:33:08 AM | Computer Name = SERVERPFWS | Source = Application Hang | ID = 1002
Description = Hanging application UNINSTAL.EXE, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/27/2011 8:44:56 AM | Computer Name = SERVERPFWS | Source = QuickBooks | ID = 4
Description =

Error - 10/27/2011 8:44:56 AM | Computer Name = SERVERPFWS | Source = QuickBooks | ID = 4
Description =

Error - 10/27/2011 8:44:56 AM | Computer Name = SERVERPFWS | Source = QuickBooks | ID = 4
Description =

[ System Events ]
Error - 10/12/2011 2:39:44 PM | Computer Name = SERVERPFWS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/12/2011 2:39:44 PM | Computer Name = SERVERPFWS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 10/12/2011 2:39:44 PM | Computer Name = SERVERPFWS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 10/12/2011 2:39:53 PM | Computer Name = SERVERPFWS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/12/2011 2:39:53 PM | Computer Name = SERVERPFWS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 10/12/2011 2:39:53 PM | Computer Name = SERVERPFWS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 10/12/2011 2:44:45 PM | Computer Name = SERVERPFWS | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 10/12/2011 2:44:45 PM | Computer Name = SERVERPFWS | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference
error message: The referenced assembly is not installed on your system. .

Error - 10/12/2011 2:44:45 PM | Computer Name = SERVERPFWS | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_dec6ddd2\MFC80.DLL.
Reference
error message: The operation completed successfully. .

Error - 10/13/2011 12:10:44 AM | Computer Name = SERVERPFWS | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >


Attached File  MBR.zip   509bytes   70 downloads
  • 0

#4
twt4Christ

twt4Christ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Also, on both machines, yes we have the XP install disks. Sorry that I forgot to include that info.
I mentioned system32\.crusader because of the odd time of file activity.
  • 0

#5
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Are you aware of this peace of code: KKillSwitch 2?

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

  • Please double click on Posted Image on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
  • Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):

    :OTL
    DRV - File not found [Kernel | Unknown | Running] -- -- (nyyxfm)
    DRV - File not found [Kernel | Unknown | Running] -- -- (KKillSwitch2)
    O4 - HKLM..\Run: [] File not found
      	
    :Files
    ipconfig /flushdns /c
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    C:\085321cf00bcec19e6
    C:\1487a2a45830b98fba65346edc
    C:\WINDOWS\tasks\At*.job
    
    :Reg
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYJAVA]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

When completed the above, please post back the following in the order asked for:
  • OTL fix log
  • OTL Quick scan log

  • 0

#6
twt4Christ

twt4Christ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Believe it or not, this system was just wiped and reinstalled. It was put back into service and online on 10/10. Sometime after 17:00 is when it was connected to the 'net and the financial guy started installing Quickbooks. We're all wondering if someone made themselves a back door already, especially with the \at*.job listed in the tasks dir. I think we're all surprised at the 'purity' check....
And thanks again!


All processes killed
========== OTL ==========
Error: Unable to stop service nyyxfm!
Service\Driver key nyyxfm not found.
Error: Unable to stop service KKillSwitch2!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KKillSwitch2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Plantation Server\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Plantation Server\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Plantation Server\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Plantation Server\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Plantation Server\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Plantation Server\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Plantation Server\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Plantation Server\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Plantation Server\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Plantation Server\Desktop\cmd.txt deleted successfully.
C:\085321cf00bcec19e6\i386 folder moved successfully.
C:\085321cf00bcec19e6\amd64 folder moved successfully.
C:\085321cf00bcec19e6 folder moved successfully.
C:\1487a2a45830b98fba65346edc\Graphics folder moved successfully.
C:\1487a2a45830b98fba65346edc\Extended folder moved successfully.
C:\1487a2a45830b98fba65346edc\Client folder moved successfully.
C:\1487a2a45830b98fba65346edc\3082 folder moved successfully.
C:\1487a2a45830b98fba65346edc\3076 folder moved successfully.
C:\1487a2a45830b98fba65346edc\2070 folder moved successfully.
C:\1487a2a45830b98fba65346edc\2052 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1055 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1053 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1049 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1046 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1045 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1044 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1043 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1042 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1041 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1040 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1038 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1037 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1036 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1035 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1033 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1032 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1031 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1030 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1029 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1028 folder moved successfully.
C:\1487a2a45830b98fba65346edc\1025 folder moved successfully.
C:\1487a2a45830b98fba65346edc folder moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 259336 bytes
->Temporary Internet Files folder emptied: 2969937 bytes
->Flash cache emptied: 56818 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Plantation Server
->Temp folder emptied: 1197887972 bytes
->Temporary Internet Files folder emptied: 141463224 bytes
->Flash cache emptied: 725 bytes

User: QBDataServiceUser18
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: QBPOSDBSrvUser
->Temp folder emptied: 8163328 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 316841 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 628 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1175146 bytes

Total Files Cleaned = 1,292.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

User: Plantation Server

User: QBDataServiceUser18

User: QBPOSDBSrvUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: LogMeInRemoteUser
->Flash cache emptied: 0 bytes

User: NetworkService

User: Plantation Server
->Flash cache emptied: 0 bytes

User: QBDataServiceUser18
->Flash cache emptied: 0 bytes

User: QBPOSDBSrvUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 10282011_055328

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\QBPOSDBSrvUser\Local Settings\Temp\sqla0000.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...




OTL logfile created on: 10/28/2011 3:14:48 PM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Plantation Server\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 69.62% Memory free
5.09 Gb Paging File | 3.83 Gb Available in Paging File | 75.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 99.00 Gb Total Space | 73.28 Gb Free Space | 74.01% Space Free | Partition Type: NTFS
Drive T: | 50.01 Gb Total Space | 30.24 Gb Free Space | 60.47% Space Free | Partition Type: NTFS

Computer Name: SERVERPFWS | User Name: Plantation Server | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/27 22:52:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Plantation Server\Desktop\OTL.exe
PRC - [2011/10/20 06:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2011/10/07 12:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/09/26 18:15:44 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2011/09/23 06:31:50 | 002,404,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011/09/21 19:53:12 | 000,973,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011/09/20 11:15:26 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe
PRC - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/09/16 15:10:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2011/09/13 06:32:40 | 001,227,616 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/09/08 20:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/09/08 14:35:02 | 002,315,120 | ---- | M] (Intuit) -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\QBPOSShell.exe
PRC - [2011/09/08 14:34:56 | 003,136,376 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBPOSDBService.exe
PRC - [2011/09/08 14:32:32 | 021,028,904 | ---- | M] (Intuit Inc.) -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\qbpos.exe
PRC - [2011/08/30 11:18:30 | 008,093,056 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/08/30 11:18:30 | 002,143,104 | ---- | M] (TeamViewer GmbH) -- c:\Program Files\TeamViewer\Version6\TeamViewer_Desktop.exe
PRC - [2011/08/30 10:26:54 | 000,108,416 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\tv_w32.exe
PRC - [2011/08/15 06:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011/08/06 00:52:46 | 000,744,072 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
PRC - [2011/08/06 00:52:46 | 000,070,792 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
PRC - [2011/08/06 00:52:46 | 000,060,040 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2009/10/22 12:06:44 | 000,141,104 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBDBMgrN10.exe
PRC - [2009/09/16 19:33:46 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe
PRC - [2009/05/21 23:10:20 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/13 10:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe
PRC - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/11 19:56:06 | 000,252,416 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\b18816abd9dd59ca3f1d682a756e5745\WindowsFormsIntegration.ni.dll
MOD - [2011/10/11 19:42:47 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\c170b431f43ab80000d31bcc58acd1a5\UIAutomationTypes.ni.dll
MOD - [2011/10/11 19:42:46 | 000,096,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\6f4a1ba24dffa86dd2a2ab8127e0b16d\UIAutomationProvider.ni.dll
MOD - [2011/10/11 19:42:18 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.ni.dll
MOD - [2011/10/11 19:42:18 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\a2baf116d3055aadb99b77e327a74907\System.EnterpriseServices.Wrapper.dll
MOD - [2011/10/11 19:42:16 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\344c1e000e4158cc37a5e9068e095d40\System.Transactions.ni.dll
MOD - [2011/10/11 19:42:08 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\1faca3f09472860e010689b67c68a327\System.Xml.Linq.ni.dll
MOD - [2011/10/11 19:42:07 | 001,630,208 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationUI\dbfb5689700b31f9173aceca76863885\PresentationUI.ni.dll
MOD - [2011/10/11 19:41:21 | 001,878,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Deployment\384a6a4a4ec8cf84ca9b0d031afe290b\System.Deployment.ni.dll
MOD - [2011/10/11 19:40:55 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4185130eda1d7a5e0e0474e72343570b\System.Xaml.ni.dll
MOD - [2011/10/11 19:40:43 | 000,044,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Accessibility\1f368300314889ee35325be9f80ef1c3\Accessibility.ni.dll
MOD - [2011/10/11 19:10:24 | 002,228,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Common\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Common.dll
MOD - [2011/10/11 19:10:24 | 000,418,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.15.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MOD - [2011/10/11 19:10:24 | 000,229,376 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.EntitlementClient.Api\6.0.1.0__7ce6deabcb36a8ea\Intuit.Spc.Map.EntitlementClient.Api.dll
MOD - [2011/10/11 19:10:23 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.15.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MOD - [2011/10/11 19:10:20 | 000,765,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.60.0__db937bc2d44ff139\System.Data.SQLite.dll
MOD - [2011/10/11 19:10:20 | 000,402,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MOD - [2011/10/11 19:10:20 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MOD - [2011/10/11 19:10:20 | 000,023,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MOD - [2011/10/11 19:10:20 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MOD - [2011/10/11 19:10:20 | 000,012,064 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MOD - [2011/10/11 19:10:19 | 000,255,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.299.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MOD - [2011/10/11 19:10:19 | 000,206,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core.XmlSerializers\2.0.299.0__540d4816ead86321\Intuit.Spc.Esd.Core.XmlSerializers.dll
MOD - [2011/10/11 19:10:19 | 000,131,360 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MOD - [2011/10/11 19:10:19 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MOD - [2011/10/11 19:10:19 | 000,072,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.152.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MOD - [2011/10/11 18:48:48 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011/10/11 18:48:29 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\60df958ca96c9b8945f836759b6abd34\System.Web.ni.dll
MOD - [2011/10/11 18:48:16 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\36bf3d5f05a40c9e3cadca5789c8a469\System.Runtime.Remoting.ni.dll
MOD - [2011/10/11 18:46:30 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2011/10/11 18:46:24 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/11 18:46:17 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011/10/11 18:46:13 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/11 18:46:03 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/11 18:45:45 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63d537bacaab5416d09a2a3cdf6a3667\PresentationFramework.ni.dll
MOD - [2011/10/11 18:45:34 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f2a34f1fb98ab9e8a76a22e132e18b21\System.Windows.Forms.ni.dll
MOD - [2011/10/11 18:45:15 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\75f3656725581b2c90785755775bdf48\PresentationCore.ni.dll
MOD - [2011/10/11 18:45:15 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d2ad394c477fc1c71c900c892d7fce0b\PresentationFramework.Aero.ni.dll
MOD - [2011/10/11 18:45:13 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\61aa640996b77695572adefea8fd36b7\PresentationFramework.Luna.ni.dll
MOD - [2011/10/11 18:45:08 | 006,798,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\494945003f729a5d6ec21324dff8c7b9\System.Data.ni.dll
MOD - [2011/10/11 18:44:58 | 000,690,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\d5f97e0367e37f9aead033b54f40a895\System.ComponentModel.Composition.ni.dll
MOD - [2011/10/11 18:44:55 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6e1c62ce679c8157560c7593c066cd85\WindowsBase.ni.dll
MOD - [2011/10/11 18:44:50 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c04dcef499114715d2a222c01ea6b227\System.Drawing.ni.dll
MOD - [2011/10/11 18:44:44 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\52598abacb89081ab248f435d9dabdf4\System.Core.ni.dll
MOD - [2011/10/11 18:44:40 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a401952384c24581989cdc85270f3d9d\System.Xml.ni.dll
MOD - [2011/10/11 18:44:32 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb7cfe8f0e8532f6381c22bf719a95dc\System.Configuration.ni.dll
MOD - [2011/10/11 18:44:30 | 009,085,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\af709611f9ffff0544b1d750303c4afa\System.ni.dll
MOD - [2011/10/11 18:44:17 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\d038332bf07a163f855200919ee678cc\System.Numerics.ni.dll
MOD - [2011/10/11 18:44:16 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/10/11 18:41:18 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2011/10/11 18:41:17 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/10/11 18:41:15 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2011/10/11 18:41:14 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2011/10/11 18:41:09 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/10/11 18:41:08 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/10/11 18:41:07 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2011/10/11 18:41:06 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2011/10/11 18:41:03 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MOD - [2011/10/11 18:40:57 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/10/10 20:25:54 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MOD - [2011/08/06 00:51:58 | 000,064,648 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\TbTapeBrowse.dll
MOD - [2011/08/06 00:51:52 | 000,243,336 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\ExImage.dll
MOD - [2011/08/06 00:51:52 | 000,074,376 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\ExchBackupSize.dll
MOD - [2011/08/06 00:51:50 | 000,069,768 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\EnumTapeDevice.dll
MOD - [2011/08/06 00:51:50 | 000,051,848 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\CodeLog.dll
MOD - [2009/11/05 08:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2009/09/16 19:32:54 | 000,288,032 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks 2008\boost_regex-vc80-mt-p-1_33.dll
MOD - [2008/11/25 17:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\libxml2.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/10/05 03:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EASEUS\Todo Backup\bin\zlib1.dll
MOD - [2003/11/02 10:18:54 | 000,155,648 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\ssleay32.dll
MOD - [2003/11/02 10:18:24 | 000,696,320 | ---- | M] () -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/10/07 12:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/09/26 18:15:44 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/09/26 18:15:36 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/09/20 11:15:26 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.229\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/09/16 15:10:50 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2011/09/12 06:23:46 | 005,265,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/09/08 14:34:56 | 003,136,376 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks Point of Sale 10.0\DatabaseServer\QBPOSDBService.exe -- (QBPOSDBServiceV10)
SRV - [2011/08/30 11:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/08/06 00:52:46 | 000,060,040 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/06/25 12:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009/09/16 18:22:08 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/06/02 12:49:56 | 000,020,480 | ---- | M] (Intuit, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Entitlement Client\v6.0\Server\Intuit.Spc.Map.EntitlementClient.Server.Service.exe -- (Intuit Entitlement Service v6.0)
SRV - [2009/05/21 23:10:20 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/09/13 10:32:12 | 000,128,536 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe -- (QuickBooksDB18)
SRV - [2006/03/17 17:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)


========== Driver Services (SafeList) ==========

DRV - [2011/10/07 12:48:02 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011/10/07 12:48:01 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/10/07 12:48:00 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/09/26 18:16:14 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/09/16 15:10:50 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/09/16 15:10:50 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2011/09/13 06:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/08 06:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/08/06 00:52:38 | 000,184,072 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2011/08/06 00:52:36 | 000,042,376 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/08/06 00:52:30 | 000,016,008 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/08/06 00:52:28 | 000,038,920 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/07/11 01:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 01:14:30 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/07/11 01:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 01:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 01:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/07/11 01:13:46 | 000,229,840 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/08/23 13:55:04 | 000,075,776 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)
DRV - [2010/08/23 13:55:04 | 000,058,368 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) Optimus WHQL USB Device driver (WDM)
DRV - [2010/06/25 12:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/06/06 12:51:04 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/04/24 16:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/10/25 08:07:15 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/10/28 05:55:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [HitmanPro35] C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe (SurfRight B.V.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.229\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1318266641531 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3FCA71A-4936-499F-9326-70C40100161A}: DhcpNameServer = 10.1.10.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\qbpos {662E7FAE-5C17-491C-AD9D-98C1F66CC6A0} - C:\Program Files\Common Files\Intuit\QuickBooks\QBPOSProtocol.dll (Intuit Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/10/09 15:20:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 05:53:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/10/27 22:58:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Plantation Server\Desktop\OTL.exe
[2011/10/27 02:44:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/10/26 23:27:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPcap
[2011/10/26 23:27:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2011/10/26 23:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Cain
[2011/10/25 01:03:21 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/24 22:19:09 | 000,000,000 | ---D | C] -- C:\Users
[2011/10/13 11:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Identities
[2011/10/13 10:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/10/13 10:43:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Google
[2011/10/13 10:42:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/10/13 10:42:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Google
[2011/10/13 10:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/13 10:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/10/13 10:12:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\LogMeIn
[2011/10/13 10:12:30 | 000,030,592 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/10/13 10:12:29 | 000,083,360 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/10/13 10:12:29 | 000,047,640 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\drivers\LMIRfsDriver.sys
[2011/10/13 10:12:23 | 000,087,424 | ---- | C] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/10/13 10:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/10/13 10:12:08 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn
[2011/10/13 10:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Deployment
[2011/10/13 00:51:31 | 000,000,000 | ---D | C] -- C:\NTVDM REBUILD
[2011/10/12 23:09:40 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/12 22:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Temp
[2011/10/12 22:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\CutePDF Writer
[2011/10/12 22:34:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/10/12 22:21:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2011/10/12 22:20:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2011/10/12 22:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee Security Scan Plus
[2011/10/12 22:20:20 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2011/10/12 22:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/10/12 17:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\KillSwitch 2
[2011/10/12 17:38:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/10/12 17:18:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/12 13:47:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\IECompatCache
[2011/10/12 13:36:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/11 20:58:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/10/11 20:48:06 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2011/10/11 19:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks Point of Sale
[2011/10/11 18:56:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2011/10/10 20:29:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Intuit
[2011/10/10 20:28:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\supportsoft
[2011/10/10 20:28:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Administrative Tools
[2011/10/10 20:28:24 | 001,843,200 | ---- | C] (Apache Software Foundation) -- C:\WINDOWS\System32\acXMLParser.dll
[2011/10/10 20:28:23 | 003,833,856 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf300.dll
[2011/10/10 20:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Intuit
[2011/10/10 20:25:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2011/10/10 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/10/10 20:02:36 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabcmnt.sys
[2011/10/10 20:02:35 | 000,075,776 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabser.sys
[2011/10/10 20:02:35 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabcm.sys
[2011/10/10 19:57:54 | 000,058,368 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabbus.sys
[2011/10/10 19:57:54 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabwhnt.sys
[2011/10/10 19:57:54 | 000,005,504 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\slabwh.sys
[2011/10/10 19:48:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\HpUpdate
[2011/10/10 19:47:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/10/10 19:46:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2011/10/10 19:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011/10/10 19:46:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\HP
[2011/10/10 16:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\COMODO
[2011/10/10 16:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2011/10/10 16:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo
[2011/10/10 16:56:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Comodo Downloader
[2011/10/10 14:54:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Auslogics
[2011/10/10 14:42:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CutePDF
[2011/10/10 14:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Acro Software
[2011/10/10 14:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Ghostscript
[2011/10/10 14:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\gs
[2011/10/10 13:47:52 | 000,184,072 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\EuFdDisk.sys
[2011/10/10 13:47:52 | 000,038,920 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys
[2011/10/10 13:47:52 | 000,016,008 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys
[2011/10/10 13:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EaseUS Todo Backup 3.0
[2011/10/10 13:45:26 | 000,020,616 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe
[2011/10/10 13:34:34 | 000,000,000 | R--D | C] -- C:\SERVICE Only
[2011/10/10 13:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/10/10 13:04:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/10/10 13:03:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2011/10/10 13:03:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/10/10 13:03:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/10/10 13:03:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/10/10 13:02:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011/10/10 13:02:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/10/10 13:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft Help
[2011/10/10 13:02:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/10/10 13:02:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/10/10 13:01:52 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/10/10 12:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\nLite
[2011/10/10 12:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\WhoCrashed
[2011/10/10 12:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/10/10 12:05:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/10/10 12:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/10/10 12:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/10/10 12:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Adobe
[2011/10/10 12:03:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Macromedia
[2011/10/10 12:02:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Adobe
[2011/10/10 11:46:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2011/10/10 11:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/10 11:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Malwarebytes
[2011/10/10 11:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/10 11:44:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/10/10 11:44:12 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/10/10 11:44:11 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/10/10 11:44:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/10/10 11:43:30 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2011/10/10 11:42:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2011/10/10 11:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2011/10/10 11:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/10/10 11:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/10 11:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2011/10/10 11:27:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hitman Pro 3.5
[2011/10/10 11:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/09 20:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/10/09 20:12:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/10/09 19:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/10/09 19:51:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/10/09 19:51:14 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/10/09 18:53:44 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\PrivacIE
[2011/10/09 18:33:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/10/09 18:33:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/10/09 17:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Desktop\Old Install Archive
[2011/10/09 17:42:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\AVG2012
[2011/10/09 17:41:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/09 17:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2012
[2011/10/09 17:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/09 17:40:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/10/09 17:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/10/09 17:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/09 17:33:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/10/09 17:33:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2011/10/09 17:21:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\TeamViewer
[2011/10/09 17:19:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\IETldCache
[2011/10/09 17:10:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/10/09 17:10:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/10/09 17:09:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/10/09 16:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/10/09 16:49:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/10/09 16:48:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\UserData
[2011/10/09 16:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2011/10/09 16:44:52 | 000,000,000 | ---D | C] -- C:\Intel
[2011/10/09 16:43:40 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/10/09 16:38:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\InstallShield
[2011/10/09 16:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/10/09 16:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/10/09 16:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/10/09 16:34:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom
[2011/10/09 16:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/10/09 16:30:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/10/09 16:29:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2011/10/09 16:29:49 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2011/10/09 15:55:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/10/09 15:50:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/10/09 15:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/10/09 15:49:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/10/09 15:48:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011/10/09 15:47:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/10/09 15:45:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/10/09 15:43:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/10/09 15:25:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Application Data\Identities
[2011/10/09 15:25:05 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/10/09 15:25:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\My Documents\My Pictures
[2011/10/09 15:25:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\My Documents\My Music
[2011/10/09 15:24:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft
[2011/10/09 15:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Plantation Server\SendTo
[2011/10/09 15:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Plantation Server\Recent
[2011/10/09 15:24:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Plantation Server\Application Data
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Startup
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\My Documents
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Favorites
[2011/10/09 15:24:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Accessories
[2011/10/09 15:24:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Plantation Server\Cookies
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\Templates
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\PrintHood
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\NetHood
[2011/10/09 15:24:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Plantation Server\Local Settings
[2011/10/09 15:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Local Settings\Application Data\Microsoft
[2011/10/09 15:24:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Plantation Server\Desktop
[2011/10/09 15:23:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/10/09 15:23:56 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/10/09 15:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/10/09 15:23:55 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/10/09 15:23:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/10/09 15:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/10/09 15:22:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/10/09 15:22:24 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/10/09 15:21:28 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/10/09 15:21:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/10/09 15:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/10/09 15:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/10/09 15:20:54 | 000,000,000 | ---D | C] -- C:\DELL
[2011/10/09 15:20:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/10/09 15:19:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/10/09 15:19:29 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/10/09 15:19:28 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/10/09 15:19:19 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/10/09 15:19:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/10/09 15:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/10/09 15:18:30 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/10/09 15:18:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/10/09 15:18:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/10/09 15:18:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/10/09 15:18:18 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/10/09 15:18:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/10/09 15:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/10/09 15:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/10/09 15:17:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/10/09 15:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/10/09 15:17:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/10/09 15:17:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/10/09 15:17:28 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/10/09 15:17:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/10/09 15:17:22 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/10/09 15:17:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/10/09 15:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/10/09 15:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/10/09 15:17:12 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/10/09 15:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/10/09 15:16:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/10/09 15:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/10/09 15:16:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/10/09 15:16:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/10/09 15:15:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/10/09 15:15:21 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/10/09 10:10:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/10/09 10:10:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/10/09 10:09:59 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/10/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/10/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/10/09 10:09:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/10/09 10:09:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/10/09 10:09:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/10/09 10:09:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/10/09 10:09:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/10/09 10:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/10/09 10:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/10/09 10:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/10/09 10:09:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/10/09 10:09:19 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/10/09 10:09:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/10/09 10:08:58 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/10/09 10:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/10/09 10:02:38 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/10/09 10:02:38 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/10/09 10:02:38 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/10/09 10:02:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/10/09 10:02:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 30 Days ==========

[2011/10/28 14:57:00 | 000,000,908 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/28 14:57:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/28 07:51:43 | 107,674,169 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/28 07:48:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/28 07:47:51 | 000,023,624 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/10/28 07:47:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/28 07:45:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/28 05:55:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/10/27 23:01:01 | 009,826,304 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\NewPlantation BACKUP BEFORE DERVICE (Backup Oct 27,2011 10 59 PM).QBB
[2011/10/27 22:52:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Plantation Server\Desktop\OTL.exe
[2011/10/27 02:44:00 | 000,000,389 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Shortcut to SERVICE Only.lnk
[2011/10/27 01:09:41 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\stinger10.2.0.337.opt
[2011/10/25 08:07:16 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/25 01:04:37 | 000,000,219 | -HS- | M] () -- C:\boot.ini
[2011/10/24 20:56:59 | 000,000,087 | ---- | M] () -- C:\Documents and Settings\Plantation Server\My Documents\reprev.opt
[2011/10/22 08:36:09 | 000,053,957 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/14 02:16:04 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System32\.crusader
[2011/10/13 10:12:20 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/10/12 23:59:31 | 000,000,108 | ---- | M] () -- C:\index.ini
[2011/10/12 22:20:29 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/10/12 18:29:08 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/11 19:10:32 | 000,001,894 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Point of Sale 10.0.lnk
[2011/10/11 18:55:55 | 000,139,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/11 18:49:48 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/10/11 18:42:58 | 000,493,942 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/11 18:42:58 | 000,084,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/10 23:36:14 | 000,410,112 | -HS- | M] () -- C:\{9B45A6F1-76F5-48F7-8C6B-C0D76E8C0786}.CBM
[2011/10/10 23:36:14 | 000,410,112 | -HS- | M] () -- C:\{4730EF3E-5012-4D3D-9982-9C12450ED65C}.CBM
[2011/10/10 23:36:14 | 000,004,096 | -HS- | M] () -- C:\{50751C31-652C-418A-850D-2CFA5AD838AB}.CBM
[2011/10/10 23:25:33 | 000,406,528 | -HS- | M] () -- C:\EUMONBMP.SYS
[2011/10/10 20:28:13 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/10 20:28:12 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2011/10/10 19:47:54 | 000,001,957 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,001,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011/10/10 16:58:13 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/10 14:27:45 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Internet.lnk
[2011/10/10 13:28:19 | 000,001,138 | -H-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2011/10/10 13:10:53 | 000,002,459 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Microsoft Excel 2010.lnk
[2011/10/10 12:06:44 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/10 11:54:27 | 000,000,758 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\Safer WEB BROWSER.lnk
[2011/10/10 11:45:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/09 20:12:32 | 000,001,682 | ---- | M] () -- C:\WINDOWS\System32\.ini
[2011/10/09 17:41:00 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Desktop\AVG 2012.lnk
[2011/10/09 17:20:02 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/09 16:38:40 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_OPT_745.MRK
[2011/10/09 16:38:40 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_OPT_745.MRK
[2011/10/09 15:56:22 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/09 15:48:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/10/09 15:25:13 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/09 15:23:28 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/10/09 15:22:59 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/10/09 15:20:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/09 15:20:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/10/09 15:20:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/10/09 15:20:29 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/10/09 15:20:29 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/10/09 15:20:20 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/09 15:17:36 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/07 12:48:02 | 000,097,760 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\inspect.sys
[2011/10/07 12:48:01 | 000,031,704 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdhlp.sys
[2011/10/07 12:48:00 | 000,492,768 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmdGuard.sys
[2011/10/07 12:47:59 | 000,018,056 | ---- | M] (COMODO) -- C:\WINDOWS\System32\drivers\cmderd.sys
[2011/10/07 12:47:11 | 000,033,984 | ---- | M] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011/10/07 12:47:10 | 000,300,200 | ---- | M] (COMODO) -- C:\WINDOWS\System32\guard32.dll

========== Files Created - No Company Name ==========

[2011/10/28 07:51:43 | 107,674,169 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/10/27 23:00:50 | 009,826,304 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\NewPlantation BACKUP BEFORE DERVICE (Backup Oct 27,2011 10 59 PM).QBB
[2011/10/27 02:44:00 | 000,000,389 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Shortcut to SERVICE Only.lnk
[2011/10/27 01:09:41 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\stinger10.2.0.337.opt
[2011/10/25 08:07:16 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/10/24 20:56:59 | 000,000,087 | ---- | C] () -- C:\Documents and Settings\Plantation Server\My Documents\reprev.opt
[2011/10/22 08:36:09 | 000,053,957 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/14 02:16:36 | 000,737,520 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2000478354-1606980848-839522115-1003-0.dat
[2011/10/14 02:16:04 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\.crusader
[2011/10/13 10:42:32 | 000,000,908 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/13 10:42:31 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/13 10:12:18 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/10/13 10:12:11 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\LogMeIn.lnk
[2011/10/12 23:08:57 | 000,146,658 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/10/12 22:43:31 | 000,000,108 | ---- | C] () -- C:\index.ini
[2011/10/12 22:20:22 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011/10/12 18:29:08 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/10/11 19:10:32 | 000,001,894 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Point of Sale 10.0.lnk
[2011/10/10 23:36:14 | 000,004,096 | -HS- | C] () -- C:\{50751C31-652C-418A-850D-2CFA5AD838AB}.CBM
[2011/10/10 20:28:13 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2011/10/10 20:28:12 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2008.lnk
[2011/10/10 19:48:23 | 000,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2011/10/10 19:47:54 | 000,001,957 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,001,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011/10/10 19:47:54 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011/10/10 16:58:13 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\COMODO Firewall.lnk
[2011/10/10 15:12:08 | 000,410,112 | -HS- | C] () -- C:\{4730EF3E-5012-4D3D-9982-9C12450ED65C}.CBM
[2011/10/10 14:42:40 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/10/10 14:27:45 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Internet.lnk
[2011/10/10 14:11:39 | 000,410,112 | -HS- | C] () -- C:\{9B45A6F1-76F5-48F7-8C6B-C0D76E8C0786}.CBM
[2011/10/10 13:54:31 | 000,406,528 | -HS- | C] () -- C:\EUMONBMP.SYS
[2011/10/10 13:47:51 | 000,042,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/10/10 13:26:52 | 000,001,138 | -H-- | C] () -- C:\WINDOWS\EPMBatch.ept
[2011/10/10 13:10:09 | 000,002,459 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Microsoft Excel 2010.lnk
[2011/10/10 12:06:44 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/10/10 12:06:44 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/10/10 11:58:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/10/10 11:54:27 | 000,000,758 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\Safer WEB BROWSER.lnk
[2011/10/10 11:44:15 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/10 11:27:46 | 000,023,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/10/09 20:12:32 | 000,001,682 | ---- | C] () -- C:\WINDOWS\System32\.ini
[2011/10/09 17:41:00 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Desktop\AVG 2012.lnk
[2011/10/09 16:43:37 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2011/10/09 16:38:40 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_OPT_745.MRK
[2011/10/09 16:38:40 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_OPT_745.MRK
[2011/10/09 15:50:52 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2011/10/09 15:50:52 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2011/10/09 15:50:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2011/10/09 15:50:52 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2011/10/09 15:50:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2011/10/09 15:50:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2011/10/09 15:50:52 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2011/10/09 15:50:52 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2011/10/09 15:50:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2011/10/09 15:50:52 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2011/10/09 15:50:52 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2011/10/09 15:50:52 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2011/10/09 15:50:52 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2011/10/09 15:50:52 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2011/10/09 15:50:52 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2011/10/09 15:50:52 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2011/10/09 15:50:52 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2011/10/09 15:50:52 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2011/10/09 15:50:52 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2011/10/09 15:50:52 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2011/10/09 15:50:52 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2011/10/09 15:50:52 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2011/10/09 15:50:52 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2011/10/09 15:50:52 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2011/10/09 15:50:52 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2011/10/09 15:50:51 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2011/10/09 15:50:51 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2011/10/09 15:50:51 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2011/10/09 15:50:51 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2011/10/09 15:50:51 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2011/10/09 15:50:51 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2011/10/09 15:50:51 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2011/10/09 15:50:51 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2011/10/09 15:50:51 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2011/10/09 15:50:51 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2011/10/09 15:50:51 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2011/10/09 15:50:51 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2011/10/09 15:50:51 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2011/10/09 15:50:51 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2011/10/09 15:50:51 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2011/10/09 15:50:51 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2011/10/09 15:50:51 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2011/10/09 15:50:51 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2011/10/09 15:50:51 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2011/10/09 15:50:51 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2011/10/09 15:50:51 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2011/10/09 15:50:51 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2011/10/09 15:50:51 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2011/10/09 15:50:51 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2011/10/09 15:50:51 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2011/10/09 15:50:51 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2011/10/09 15:50:51 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2011/10/09 15:50:51 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2011/10/09 15:50:51 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2011/10/09 15:50:51 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2011/10/09 15:50:51 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2011/10/09 15:50:51 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2011/10/09 15:50:51 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2011/10/09 15:50:51 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2011/10/09 15:50:51 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2011/10/09 15:50:51 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2011/10/09 15:50:51 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2011/10/09 15:50:51 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2011/10/09 15:50:51 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2011/10/09 15:50:51 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2011/10/09 15:50:51 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2011/10/09 15:50:51 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2011/10/09 15:50:50 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2011/10/09 15:50:50 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2011/10/09 15:50:50 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2011/10/09 15:50:50 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2011/10/09 15:50:50 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2011/10/09 15:50:50 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2011/10/09 15:50:50 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2011/10/09 15:50:50 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2011/10/09 15:50:50 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2011/10/09 15:50:50 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2011/10/09 15:50:50 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2011/10/09 15:50:50 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2011/10/09 15:50:50 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2011/10/09 15:48:27 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/10/09 15:48:27 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/10/09 15:48:26 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/10/09 15:25:13 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/10/09 15:25:07 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Outlook Express.lnk
[2011/10/09 15:25:05 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/09 15:25:05 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Internet Explorer.lnk
[2011/10/09 15:24:59 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Remote Assistance.lnk
[2011/10/09 15:24:59 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Plantation Server\Start Menu\Programs\Windows Media Player.lnk
[2011/10/09 15:23:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/10/09 15:22:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/10/09 15:22:18 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/10/09 15:22:04 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/10/09 15:21:58 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/10/09 15:21:57 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/10/09 15:21:56 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/10/09 15:21:47 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/10/09 15:21:43 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/10/09 15:21:30 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/10/09 15:20:32 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/10/09 15:20:32 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/10/09 15:20:32 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/10/09 15:20:32 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/10/09 15:20:29 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/10/09 15:20:29 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/10/09 15:20:27 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/10/09 15:19:18 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/10/09 15:19:08 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/10/09 15:18:40 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/10/09 15:18:40 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/10/09 15:18:34 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/10/09 15:17:38 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/10/09 15:17:36 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/10/09 15:17:17 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/10/09 15:16:54 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/10/09 15:16:54 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/10/09 15:16:54 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/10/09 15:16:54 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/10/09 15:16:54 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/10/09 15:16:54 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/10/09 15:16:54 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/10/09 15:16:53 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/10/09 15:16:53 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/10/09 15:16:53 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/10/09 15:16:53 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/10/09 15:16:51 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/10/09 15:16:50 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/10/09 15:16:49 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/10/09 15:16:43 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/10/09 10:10:05 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/10/09 10:10:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/10/09 10:10:00 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/10/09 10:10:00 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/10/09 10:10:00 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/10/09 10:10:00 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/10/09 10:09:44 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/10/09 10:09:35 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/10/09 10:09:35 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/10/09 10:09:35 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/10/09 10:09:34 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/10/09 10:09:34 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/10/09 10:09:34 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/10/09 10:09:34 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/10/09 10:09:34 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/10/09 10:08:57 | 000,139,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/09 10:08:07 | 000,000,219 | -HS- | C] () -- C:\boot.ini
[2011/10/09 10:08:04 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,493,942 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,084,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/10/09 17:45:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/10/10 20:22:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/10/14 02:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/10/28 02:13:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2011/10/28 07:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/10/11 20:58:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2011/10/10 14:54:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\Auslogics
[2011/10/09 17:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\AVG2012
[2011/10/12 17:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\KillSwitch 2
[2011/10/24 21:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Plantation Server\Application Data\TeamViewer

========== Purity Check ==========



< End of report >
  • 0

#7
twt4Christ

twt4Christ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I'm curious as to exactly what has been going on and which particular infections caused the problem and a good plan of action to prevent it. We're planning on changing our IP (static) and maybe putting in a hardware firewall to supplement the AV/AM/Firewall software (which obviously wasn't enough).
  • 0

#8
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It's hard to say what is the source of infection. Usually "things" coming from network. But it can be also from USB memory key if it was used on that machine or something third.

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)
Posted Image

Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#9
twt4Christ

twt4Christ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I just noticed this: [2011/10/11 20:48:06 | 000,000,000 | -H-D | C] -- C:\VritualRoot
Trojan? This machine had Alureon before it was wiped so I'm wondering if we have a problem with data theft, now.

The CPA and I are making sure we've got backups of stuff before we go any further. Thank you so much!
  • 0

#10
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
It looks like C:\vritualroot is a folder created by Comodo Internet Security.

As for Alureon, MBR is looking clean so I see no problems here.

Sorry to ask you, but what/who is CPA?
  • 0

Advertisements


#11
twt4Christ

twt4Christ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
CPA = Certified Public Accountant. He's also a Quickbooks certified expert.
I'm about to run the VRT now.
  • 0

#12
twt4Christ

twt4Christ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
The VRT came up with no infection but I did have to run it in safe mode since I was using it by remote control and it protected itself from remote use. I will have to run it again in person later.
  • 0

#13
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
In safe mode is also OK. What problem remains?
  • 0

#14
twt4Christ

twt4Christ

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I think that's cleared everything up.
Thanks for your help!
  • 0

#15
Render

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Your logs shows that your system is clean. If you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Removing the tools we used:

Reset System Restore points:

  • Please reopen Posted Image on your desktop.
  • Copy (select all lines inside quote box and press CTRL+C) and Paste (press CTRL+V) the following code into the Posted Image textbox.

    :Commands
    [ClearAllRestorePoints]

  • Click on Posted Image button.
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click on Posted Image button.

NEXT...

OTL Clean-Up:

  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


There are a few things I recommend you to do once your computer is completely clean:

Updates for Windows - One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

How to turn on Automatic Updates for Windows:

Updates for other installed software

A common attack method for hacking attempts and malware installs is to exploit known vulnerabilities in programs that are commonly installed on a person's computer. These vulnerabilities could allow a remote user or malware developer to install malware, keyloggers, and backdoors on to your computer without your knowledge or permission.
Some of the programs that are commonly exploited include Adobe Shockwave, Adobe Reader, Sun Java, Adobe Flash, and even Windows itself. Therefore it is crucial that everyone remain vigilant as to when a security vulnerability is found in our installed programs and to update it when a security update is released. Unfortunately, no one has the time to stay on top of these updates, which can happen frequently.

I highly recommend you to install Secunia Personal Software Inspector (PSI) that can be used to scan your computer for known vulnerable programs, provide information on the vulnerability, and provide a location to an update for the vulnerable program. A tutorial on how to use Secunia Personal Software Inspector (PSI) can be found here: Keep Software Updated with Secunia PSI.

Web Browsers - Picking the right internet browser is very important. You need to find one that suits your needs but that is also safe. All browsers listed below are far more secure than Internet Explorer, immune to almost all known browser hijackers, and also have the best built-in pop up blockers.

Although, if you prefer staying with Internet Explorer I highly recommend you do this :

Make Internet Explorer more secure:
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the options Download signed and unsigned ActiveX controls to Prompt, and Initialize and Script ActiveX controls not marked as safe to Disable.
  • Next click OK, then Apply button and then OK to exit the Internet Properties page.

Tips to protect yourself against malware and reduce the potential for re-infection:

Now after all these steps, your PC will be more secure. However it is important to note that you can still get infected if you are not careful. One of the best security programs you can have is common sense. As malware gets more sophisticated, you need to be more wary. If you do get caught though and the above steps can't help prevent it, we will be here to help you out.

Stay secure and thank you for choosing GeeksToGo.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP