Symptoms:
1. Three consecutive Internet Explorer windows will pop-up suddenly. All three play video. (We use Mozilla)
2. Google image results now only show 1 page of results, the rest of the page is blank.
3. While typing, the blinking cursor will suddenly jump from the current word to the middle of your sentence, causing constant spelling errors and retyping. (It's happened three times so far, while typing this post.) Also, the keyboard is less responsive. I'll think I typed a letter and look up to find it not there.
4. He had a google redirect (Ouch! cursor jumped again.) too, Malwarebytes got that.
5. He originally lost his entire start menu, program files and desktop icons, so I restored his computer to an earlier time. The files restored came back as hidden, so I'm still picking through and returning those to normal.
6. Malwarebytes, Avast and Spybot S&D only found the typical tracking cookies.
I'm grateful for any bone you guys can toss me.
--MICHELLE
See OTL log below.
-
-
-
-
***********************************************************************************
OTL logfile created on: 1/19/2012 9:02:11 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Administrator\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.95 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.65% Memory free
7.90 Gb Paging File | 6.36 Gb Available in Paging File | 80.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.17 Gb Total Space | 470.90 Gb Free Space | 78.99% Space Free | Partition Type: NTFS
Drive F: | 3.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: N-PC | User Name: Nick | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/01/19 21:01:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/21 02:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
========== Modules (No Company Name) ==========
MOD - [2011/12/21 02:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/12/14 20:53:45 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011/12/11 00:37:06 | 001,038,088 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/11 00:35:57 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/12/11 00:13:20 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/28 12:54:06 | 000,591,192 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2011/11/28 12:53:58 | 000,304,472 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2011/11/28 12:52:22 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2011/11/28 12:52:20 | 000,058,712 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2011/11/28 12:52:11 | 000,066,904 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011/11/28 12:51:53 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/04/05 06:10:16 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2009/08/10 12:07:40 | 000,119,680 | ---- | M] (Gemalto) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GemCCID.sys -- (GemCCID)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/06/27 10:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/11/09 08:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 18 F4 F0 D1 C5 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/19 11:05:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/18 23:18:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/12/10 23:45:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012/01/18 20:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/19 11:05:24 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
O1 HOSTS File: ([2012/01/17 00:51:52 | 000,000,795 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D34F8007-E82E-4EB9-A7A3-F60E2C5B1BAC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/05/12 03:18:43 | 000,000,000 | ---D | M] - F:\AutoRunSource -- [ CDFS ]
O32 - AutoRun File - [2005/12/23 08:12:36 | 002,073,600 | R--- | M] (Longtion) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/08/28 03:37:48 | 000,022,486 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2006/05/14 17:24:13 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4f06a293-24de-11e1-958b-e53901d529d6}\Shell - "" = AutoRun
O33 - MountPoints2\{4f06a293-24de-11e1-958b-e53901d529d6}\Shell\AutoRun\command - "" = F:\autorun.exe -- [2005/12/23 08:12:36 | 002,073,600 | R--- | M] (Longtion)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/01/19 21:01:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/01/19 11:05:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/01/19 11:05:53 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/01/19 11:05:52 | 000,304,472 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/01/19 11:05:48 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/01/19 11:05:47 | 000,058,712 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/01/19 11:05:46 | 000,591,192 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/01/19 11:05:42 | 000,256,960 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/01/19 11:05:42 | 000,066,904 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/01/19 11:05:18 | 000,199,816 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/01/19 11:05:18 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/01/19 11:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/19 11:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/01/19 10:57:40 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2012/01/19 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/01/19 10:56:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hijack this
[2012/01/19 10:50:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/16 20:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/16 20:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/16 20:39:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/16 17:50:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/01/16 17:50:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2012/01/16 14:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/01/10 21:45:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/12/30 16:44:12 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\vlc
[2011/12/28 21:49:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2011/12/23 11:23:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/12/23 11:16:36 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2011/12/23 11:16:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 11:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/12/23 11:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/12/22 18:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/12/22 18:56:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/22 18:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/12/22 18:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
========== Files - Modified Within 30 Days ==========
[2012/01/19 21:01:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012/01/19 20:59:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/19 12:26:06 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/19 12:26:06 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/19 12:26:06 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/19 12:26:00 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 12:26:00 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/19 12:18:21 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/19 11:05:55 | 000,001,856 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/19 11:05:42 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/01/19 10:56:37 | 000,003,035 | ---- | M] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2012/01/18 16:21:05 | 000,008,990 | ---- | M] () -- C:\Users\Administrator\Desktop\114178665_xs.jpg
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpE38C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpD58C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpC88C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpC78C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpBB8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpBA8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpAD8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpAC8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp9F8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp909C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp829C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp689C8.FOT
[2012/01/17 00:51:52 | 000,000,795 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/17 00:47:34 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/16 20:47:34 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 20:39:57 | 000,001,273 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp7BF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp6EF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp6DF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp6CF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp5005D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp4305D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp4205D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp3405D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp1905D.FOT
[2012/01/11 13:46:57 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp96F4D.FOT
[2012/01/11 13:46:57 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp7AF4D.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpEA3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpDC3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpCF3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpCE3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpB14C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpA24C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp954C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp6C4C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpF73C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpE83C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp063C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp043C8.FOT
[2012/01/07 11:05:19 | 000,049,951 | ---- | M] () -- C:\Users\Administrator\Desktop\24894_102606363107256_100000736798094_75929_419631_n.jpg
[2012/01/05 12:54:19 | 000,022,063 | ---- | M] () -- C:\Users\Administrator\Desktop\24894_102606539773905_100000736798094_75935_7785965_n.jpg
[2012/01/05 01:02:36 | 000,082,326 | ---- | M] () -- C:\Users\Administrator\Desktop\179882_1613644025699_1374240485_31547168_2368928_n.jpg
[2012/01/05 01:01:29 | 000,070,811 | ---- | M] () -- C:\Users\Administrator\Desktop\66918_1393970502112_1617683345_953112_7405482_n.jpg
[2012/01/05 00:59:03 | 000,038,502 | ---- | M] () -- C:\Users\Administrator\Desktop\24894_102606703107222_100000736798094_75937_2445748_n.jpg
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpFC495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpEF495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpEE495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpED495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpD1595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpD0595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpC3595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmpA8595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp41495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp17495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp0B495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | M] () -- C:\Windows\SysWow64\tmp0A495.FOT
[2011/12/27 19:49:01 | 000,048,439 | ---- | M] () -- C:\Users\Administrator\Desktop\25.jpg
[2011/12/26 19:24:07 | 000,054,955 | ---- | M] () -- C:\Users\Administrator\Desktop\24.jpg
[2011/12/26 19:23:42 | 000,787,790 | ---- | M] () -- C:\Users\Administrator\Desktop\23.psd
[2011/12/26 19:17:00 | 000,783,370 | ---- | M] () -- C:\Users\Administrator\Desktop\22.psd
[2011/12/24 08:55:14 | 000,053,795 | ---- | M] () -- C:\Users\Administrator\Desktop\flatten3.jpg
[2011/12/24 08:34:34 | 000,053,382 | ---- | M] () -- C:\Users\Administrator\Desktop\flatten2.jpg
[2011/12/24 08:29:49 | 000,053,354 | ---- | M] () -- C:\Users\Administrator\Desktop\flatten.jpg
[2011/12/24 08:28:49 | 000,783,518 | ---- | M] () -- C:\Users\Administrator\Desktop\_______2_001.psd
[2011/12/23 23:21:34 | 000,022,302 | ---- | M] () -- C:\Users\Administrator\Desktop\_______2_001.jpg
[2011/12/23 11:22:47 | 000,002,034 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
========== Files Created - No Company Name ==========
[2012/01/19 11:05:55 | 000,001,856 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/01/19 11:05:42 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/01/19 10:56:37 | 000,003,035 | ---- | C] () -- C:\Users\Administrator\Desktop\HiJackThis.lnk
[2012/01/18 16:21:05 | 000,008,990 | ---- | C] () -- C:\Users\Administrator\Desktop\114178665_xs.jpg
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpE38C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpD58C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpC88C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpC78C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpBB8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpBA8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpAD8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpAC8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp9F8C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp909C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp829C8.FOT
[2012/01/17 01:22:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp689C8.FOT
[2012/01/16 20:47:34 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/16 20:39:57 | 000,001,273 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp7BF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp6EF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp6DF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp6CF4D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp5005D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp4305D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp4205D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp3405D.FOT
[2012/01/11 13:46:58 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp1905D.FOT
[2012/01/11 13:46:57 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp96F4D.FOT
[2012/01/11 13:46:57 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp7AF4D.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpEA3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpDC3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpCF3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpCE3C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpB14C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpA24C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp954C8.FOT
[2012/01/09 13:26:14 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp6C4C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpF73C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpE83C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp063C8.FOT
[2012/01/09 13:26:13 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp043C8.FOT
[2012/01/07 11:05:19 | 000,049,951 | ---- | C] () -- C:\Users\Administrator\Desktop\24894_102606363107256_100000736798094_75929_419631_n.jpg
[2012/01/05 12:54:19 | 000,022,063 | ---- | C] () -- C:\Users\Administrator\Desktop\24894_102606539773905_100000736798094_75935_7785965_n.jpg
[2012/01/05 01:02:36 | 000,082,326 | ---- | C] () -- C:\Users\Administrator\Desktop\179882_1613644025699_1374240485_31547168_2368928_n.jpg
[2012/01/05 01:01:29 | 000,070,811 | ---- | C] () -- C:\Users\Administrator\Desktop\66918_1393970502112_1617683345_953112_7405482_n.jpg
[2012/01/05 00:59:03 | 000,038,502 | ---- | C] () -- C:\Users\Administrator\Desktop\24894_102606703107222_100000736798094_75937_2445748_n.jpg
[2011/12/28 21:53:51 | 000,341,664 | ---- | C] () -- C:\Users\Administrator\Desktop\InstallRoot_v3.15A.exe
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpFC495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpEF495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpEE495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpED495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpD1595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpD0595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpC3595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmpA8595.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp41495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp17495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp0B495.FOT
[2011/12/28 19:05:31 | 000,001,409 | ---- | C] () -- C:\Windows\SysWow64\tmp0A495.FOT
[2011/12/27 19:48:59 | 000,048,439 | ---- | C] () -- C:\Users\Administrator\Desktop\25.jpg
[2011/12/26 19:24:06 | 000,054,955 | ---- | C] () -- C:\Users\Administrator\Desktop\24.jpg
[2011/12/26 19:23:40 | 000,787,790 | ---- | C] () -- C:\Users\Administrator\Desktop\23.psd
[2011/12/26 19:16:58 | 000,783,370 | ---- | C] () -- C:\Users\Administrator\Desktop\22.psd
[2011/12/24 08:55:12 | 000,053,795 | ---- | C] () -- C:\Users\Administrator\Desktop\flatten3.jpg
[2011/12/24 08:34:31 | 000,053,382 | ---- | C] () -- C:\Users\Administrator\Desktop\flatten2.jpg
[2011/12/24 08:29:47 | 000,053,354 | ---- | C] () -- C:\Users\Administrator\Desktop\flatten.jpg
[2011/12/24 08:28:46 | 000,783,518 | ---- | C] () -- C:\Users\Administrator\Desktop\_______2_001.psd
[2011/12/23 23:21:34 | 000,022,302 | ---- | C] () -- C:\Users\Administrator\Desktop\_______2_001.jpg
[2011/12/23 11:22:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/12/23 11:22:47 | 000,002,034 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/12/12 21:45:22 | 000,000,614 | ---- | C] () -- C:\Windows\tlknw4.ini
[2011/12/10 21:10:39 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/04/05 06:07:02 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/04/05 06:07:00 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/05 06:07:00 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2012/01/16 18:51:19 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012/01/18 23:19:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011/12/10 21:04:30 | 000,000,000 | -H-D | M] -- C:\Users\Administrator\AppData\Roaming\WinBatch
[2009/07/14 00:08:49 | 000,008,678 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Edited by M.Early, 19 January 2012 - 08:16 PM.