Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

xp 2012 virus [Solved]


  • This topic is locked This topic is locked

#1
lakep7

lakep7

    Member

  • Member
  • PipPip
  • 51 posts
i got a keylogger virus and it would not let me do anything or go online to delete it. what i want to know is: if i replace the hard drive and start over is my computer itself infected or is the infection only effective with the hard drive that was in the computer when i got the virus. hope you understand what i am asking. also i downloaded otl malware removal but my antivirus said that this was a risky program to run. true or what? any help very much appreciated.
  • 0

Advertisements


#2
lakep7

lakep7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
no one has replied to this yet. i ran OTL. i would like to post it and let someone look at it to make sure i don't have any problems on my computer. will someone please reply and let me know what to do. any help very much appreciated.
  • 0

#3
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi lakep7, welcome to Geeks to Go. My name is blmadara and I will be helping you with your problems. Please be patient with me as I am still in training and my responses will have to be reviewed by an expert before I can post them.

I'd like to go over some things that will help both of us.

  • Read each of my posts entirely before performing my instructions. It would be helpful if you printed my instructions so you can read and check the steps as you perform them.
  • Follow the steps exactly in the order posted.
  • Please don't be afraid to ask questions. If you don't understand something, let me know before continuing.
  • If you can't perform a certain step, or you're unsure about what to do, please stop and let me know.
  • It is very important that you stay with me until the end so we make sure that we have removed all the bad stuff.
  • Please don't attach any logs to your posts unless I request it. It is easier for me if you copy and paste the logs into your reply.
  • Finally, never fix anything using other programs on your own. This can hinder my ability to see what is wrong with your computer and make it harder to clean your computer.



Step One: Run OTL Custom Scan

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %USERPROFILE%\..|smtmp;true;true;true /FP
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    volsnap.sys
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT
    
  • Please select the Scan All Users checkbox.
  • Change the File Age dropdown list from 30 days to 60 days.
  • Under Extra Registry heading, select Use Safelist.
  • Then click the Run Scan button at the top
  • Let the program run unhindered, until it is done
  • Post the log it produces in your next reply.

Step Two: Run aswMBR

Download aswMBR.exe to your desktop.

  • Double click aswMBR.exe to run it.
  • When asked if you want to download Avast's virus definitions please select, No.
  • Click Scan to start the scan.
    Posted Image
  • When the scan ends click Save Log and save it to your desktop.
    Posted Image
  • Post the log in your next reply.


What I need in your next post:
1. The reports from the OTL scan, OTL.txt and Extras.txt.
2. The log produced by aswMBR.exe.
  • 0

#4
lakep7

lakep7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
thanks for the reply. here is a copy of the otl scans. the other scan did not ask about the virus definitions and it froze and would not finish scanning. i tried twice and it froze at the same point both times. i let it sit for about 2 hours trying. here is the orl.


OTL logfile created on: 2/12/2012 12:47:52 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\linda keplinger\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 591.70 Mb Available Physical Memory | 57.90% Memory free
2.40 Gb Paging File | 2.13 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 445.31 Gb Free Space | 95.61% Space Free | Partition Type: NTFS

Computer Name: LINDA | User Name: linda keplinger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 13:10:08 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012/02/07 13:10:08 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/12/30 09:09:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\linda keplinger\Desktop\OTL malware removal.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/08/18 05:32:52 | 000,077,824 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WkDStore.exe
PRC - [2005/08/18 05:13:48 | 000,122,880 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\WksWP.exe
PRC - [2005/08/18 05:08:59 | 000,069,632 | ---- | M] (Microsoft® Corporation) -- C:\Program Files\Microsoft Works\wkgdcach.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/12 03:13:28 | 001,691,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021200\algo.dll
MOD - [2012/02/10 13:12:01 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2012/02/10 13:11:59 | 000,591,232 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2012/02/10 13:09:36 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2012/02/05 12:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 12:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2011/12/23 07:12:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/02/07 13:10:08 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2012/02/10 13:12:04 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1454471165-448539723-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/31 15:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/04 07:31:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/04 07:31:31 | 000,000,000 | ---D | M]

[2011/12/29 20:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Extensions
[2012/02/07 13:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions
[2012/02/07 13:09:37 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/02/07 12:06:30 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/07 12:07:14 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\searchplugins\wot-safe-search.xml
[2011/12/31 18:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/31 18:41:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

O1 HOSTS File: ([2012/02/07 13:24:58 | 000,441,096 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15164 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1454471165-448539723-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80C29E42-F4C8-4A90-999E-C133909C9A64}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/29 18:15:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 60 Days ==========

[2012/02/12 11:53:15 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2012/02/10 13:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Temp
[2012/02/09 08:05:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/02/08 09:42:48 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2012/02/08 09:42:25 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2012/02/08 09:41:54 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2012/02/08 09:40:55 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/02/08 09:40:54 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys
[2012/02/08 09:40:08 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2012/02/08 09:39:56 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2012/02/08 09:39:37 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/02/07 13:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/07 13:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\adaware
[2012/02/07 13:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2012/02/07 13:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/02/07 13:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\adawaretb
[2012/02/07 13:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/02/07 13:09:28 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/02/07 12:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/02/07 12:46:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2012/02/07 12:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/02/07 12:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/07 12:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/07 12:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/02/07 12:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\f-secure
[2012/02/07 12:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/02/07 09:00:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/02/07 07:18:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2012/02/07 07:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/02/07 07:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/02/07 07:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/02/07 07:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/02/07 07:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/02/07 07:10:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/02/04 07:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/04 07:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/04 07:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/04 07:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012/02/04 07:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2012/02/04 07:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2012/02/04 07:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/02/04 07:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\HpUpdate
[2012/02/04 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/02/04 07:30:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/02/04 07:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2012/02/04 07:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/02/04 07:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\HP
[2012/02/04 07:29:20 | 000,232,296 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts8711.dll
[2012/02/04 07:29:19 | 000,267,112 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinksts8711LM.dll
[2012/02/04 07:29:19 | 000,213,864 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpinkcoi8711.dll
[2012/02/01 00:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/02/01 00:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Adobe
[2012/02/01 00:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/02/01 00:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/02/01 00:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/01/31 15:41:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\linda keplinger\UserData
[2012/01/31 15:24:22 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/31 15:24:22 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/31 15:24:22 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/31 15:24:22 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/31 15:24:22 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/31 15:24:22 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/31 15:24:22 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/31 15:24:22 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/31 15:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2012/01/31 15:24:08 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/31 15:24:08 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/01/31 14:44:12 | 001,792,872 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\HPScanMiniDrv_DJ2050_510g.dll
[2012/01/11 23:12:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\linda keplinger\My Documents\My Videos
[2012/01/05 13:00:07 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/01/05 13:00:07 | 000,027,984 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\sbbd.exe
[2012/01/05 12:59:57 | 000,000,000 | ---D | C] -- C:\VIPRERESCUE
[2012/01/02 22:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/01/01 15:52:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\Template
[2012/01/01 15:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2012/01/01 15:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/01/01 15:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/01/01 11:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\My Documents\My Received Files
[2011/12/31 18:41:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/12/31 18:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/12/31 18:41:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/31 18:41:11 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/12/31 18:41:11 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/31 18:41:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/31 18:41:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/31 18:41:11 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/31 18:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/12/31 18:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\Sun
[2011/12/31 18:30:17 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/31 18:25:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011/12/31 18:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/12/31 18:19:00 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2011/12/31 18:18:48 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbport.sys
[2011/12/31 18:16:58 | 000,000,000 | ---D | C] -- C:\drvrtmp
[2011/12/31 18:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Diagnostic Tool
[2011/12/31 18:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Modem Helper
[2011/12/31 18:15:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Modem Helper
[2011/12/31 18:13:04 | 000,180,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvudisp.exe
[2011/12/31 18:12:59 | 000,180,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\NVUNINST.EXE
[2011/12/31 18:12:47 | 000,335,872 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrses.dll
[2011/12/31 18:12:47 | 000,327,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsfr.dll
[2011/12/31 18:12:47 | 000,323,584 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsit.dll
[2011/12/31 18:12:47 | 000,311,296 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsde.dll
[2011/12/31 18:12:47 | 000,303,104 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsfi.dll
[2011/12/31 18:12:47 | 000,294,912 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsda.dll
[2011/12/31 18:12:47 | 000,212,992 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsja.dll
[2011/12/31 18:12:47 | 000,196,608 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsko.dll
[2011/12/31 18:12:47 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2011/12/31 18:12:46 | 007,323,648 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2011/12/31 18:12:46 | 005,398,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvoglnt.dll
[2011/12/31 18:12:46 | 003,918,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2011/12/31 18:12:46 | 003,918,720 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_disp.dll
[2011/12/31 18:12:46 | 003,581,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\dllcache\nv4_mini.sys
[2011/12/31 18:12:46 | 000,278,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfr.dll
[2011/12/31 18:12:46 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsit.dll
[2011/12/31 18:12:46 | 000,274,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrses.dll
[2011/12/31 18:12:46 | 000,270,336 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsde.dll
[2011/12/31 18:12:46 | 000,266,240 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsnl.dll
[2011/12/31 18:12:46 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsptb.dll
[2011/12/31 18:12:46 | 000,262,144 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsja.dll
[2011/12/31 18:12:46 | 000,258,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsko.dll
[2011/12/31 18:12:46 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrssv.dll
[2011/12/31 18:12:46 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsno.dll
[2011/12/31 18:12:46 | 000,249,856 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsda.dll
[2011/12/31 18:12:46 | 000,241,664 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrsfi.dll
[2011/12/31 18:12:46 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2011/12/31 18:12:46 | 000,217,088 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszhc.dll
[2011/12/31 18:12:46 | 000,118,784 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvrszht.dll
[2011/12/31 18:12:46 | 000,086,016 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2011/12/31 18:12:46 | 000,045,056 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccsrs.dll
[2011/12/31 18:12:46 | 000,035,328 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcodins.dll
[2011/12/31 18:12:46 | 000,035,328 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcod.dll
[2011/12/31 18:12:45 | 000,319,488 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsptb.dll
[2011/12/31 18:12:45 | 000,319,488 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsnl.dll
[2011/12/31 18:12:45 | 000,299,008 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrsno.dll
[2011/12/31 18:12:45 | 000,294,912 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrssv.dll
[2011/12/31 18:12:45 | 000,167,936 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrszht.dll
[2011/12/31 18:12:45 | 000,163,840 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwrszhc.dll
[2011/12/31 18:12:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/12/31 18:11:39 | 000,016,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\modemcsa.sys
[2011/12/31 18:11:30 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2011/12/31 18:11:24 | 001,042,432 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_DP.sys
[2011/12/31 18:11:24 | 000,680,704 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSF_CNXT.sys
[2011/12/31 18:11:24 | 000,212,224 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\drivers\HSFHWBS2.sys
[2011/12/31 18:11:24 | 000,090,112 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2011/12/31 18:11:24 | 000,032,218 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\HSFCI008.dll
[2011/12/31 18:10:11 | 001,052,672 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stlang.dll
[2011/12/31 18:10:11 | 000,282,624 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
[2011/12/31 18:10:10 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2011/12/31 18:10:09 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2011/12/31 18:10:09 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2011/12/31 18:10:07 | 000,112,128 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\staco.dll
[2011/12/31 18:09:50 | 001,156,648 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\sthda.sys
[2011/12/31 18:09:50 | 000,208,896 | ---- | C] (SigmaTel, Inc.) -- C:\WINDOWS\System32\stacapi.dll
[2011/12/31 18:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2011/12/31 18:09:49 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/12/31 11:24:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\Malwarebytes
[2011/12/31 11:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/31 11:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/12/31 11:24:23 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/31 11:24:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/31 11:13:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2011/12/31 10:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\Yahoo!
[2011/12/31 10:41:31 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/31 10:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2011/12/31 10:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2011/12/31 10:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2011/12/31 03:13:57 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msyuv.dll
[2011/12/31 03:02:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/12/30 12:09:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Identities
[2011/12/30 11:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\Google
[2011/12/30 11:26:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/12/30 10:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
[2011/12/30 10:19:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\vmm32
[2011/12/30 10:18:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/12/30 10:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2011/12/30 10:17:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dell
[2011/12/30 10:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2011/12/30 10:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Dell
[2011/12/30 10:16:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2011/12/30 10:14:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/30 10:12:41 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2011/12/30 09:50:23 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\linda keplinger\Desktop\mbam-setup-1.60.0.1800 malware removal.exe
[2011/12/30 09:09:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\linda keplinger\Desktop\OTL malware removal.exe
[2011/12/30 08:28:09 | 000,025,471 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2011/12/30 08:28:09 | 000,022,271 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2011/12/30 08:28:09 | 000,011,935 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2011/12/30 08:28:09 | 000,011,871 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2011/12/30 08:28:09 | 000,011,807 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2011/12/30 08:28:09 | 000,011,295 | ---- | C] (Intel® Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2011/12/30 08:28:06 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2011/12/30 08:28:06 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2011/12/30 08:28:06 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2011/12/30 08:28:05 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2011/12/30 08:28:05 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2011/12/30 08:28:05 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2011/12/30 08:28:04 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2011/12/30 08:28:04 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2011/12/30 08:28:04 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2011/12/30 08:28:04 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2011/12/30 08:27:04 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2011/12/30 08:27:04 | 000,327,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2011/12/30 08:27:04 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2011/12/30 08:27:04 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2011/12/30 08:27:04 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2011/12/30 08:27:04 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2011/12/30 08:27:04 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2011/12/30 08:27:04 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2011/12/30 08:27:04 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2011/12/30 08:27:04 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2011/12/30 08:27:04 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2011/12/30 08:27:04 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2011/12/30 08:27:04 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2011/12/30 08:27:04 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2011/12/30 08:27:04 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2011/12/30 08:27:04 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2011/12/30 08:27:04 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2011/12/30 08:27:03 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2011/12/30 08:27:03 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2011/12/30 08:27:03 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2011/12/30 08:27:03 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2011/12/30 08:27:03 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2011/12/30 08:17:19 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2011/12/30 08:17:17 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2011/12/30 08:17:17 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2011/12/30 08:17:15 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2011/12/30 08:17:10 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2011/12/30 08:16:48 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\kb913800.exe
[2011/12/30 08:16:41 | 000,456,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/12/30 08:16:34 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2011/12/30 08:16:09 | 000,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2011/12/30 08:16:08 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2011/12/30 08:16:07 | 002,192,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2011/12/30 08:16:07 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2011/12/30 08:15:45 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2011/12/30 08:14:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2011/12/30 08:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\Macromedia
[2011/12/30 08:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\Adobe
[2011/12/29 20:39:23 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/12/29 20:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011/12/29 20:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Mozilla
[2011/12/29 20:38:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla
[2011/12/29 20:38:11 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/12/29 20:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\My Documents\Downloads
[2011/12/29 20:32:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/12/29 20:30:40 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/12/29 20:30:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Google
[2011/12/29 20:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/12/29 20:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/29 20:11:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011/12/29 19:47:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\Identities
[2011/12/29 19:47:08 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/12/29 19:47:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\linda keplinger\My Documents\My Pictures
[2011/12/29 19:47:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\linda keplinger\My Documents\My Music
[2011/12/29 19:21:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2011/12/29 19:20:58 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2011/12/29 19:20:15 | 000,026,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2011/12/29 19:19:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2011/12/29 19:18:47 | 000,000,000 | ---D | C] -- C:\Program Files\RGB
[2011/12/29 19:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/12/29 19:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\DIGStream
[2011/12/29 19:17:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESPNMotion
[2011/12/29 19:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\ApplicationHistory
[2011/12/29 19:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\GemMaster
[2011/12/29 19:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\EnglishOtto
[2011/12/29 19:14:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft
[2011/12/29 19:14:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\linda keplinger\Cookies
[2011/12/29 19:14:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\linda keplinger\SendTo
[2011/12/29 19:14:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\linda keplinger\Recent
[2011/12/29 19:14:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\linda keplinger\Application Data
[2011/12/29 19:14:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Startup
[2011/12/29 19:14:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\linda keplinger\Start Menu
[2011/12/29 19:14:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\linda keplinger\My Documents
[2011/12/29 19:14:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\linda keplinger\Favorites
[2011/12/29 19:14:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Accessories
[2011/12/29 19:14:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\linda keplinger\Templates
[2011/12/29 19:14:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\linda keplinger\PrintHood
[2011/12/29 19:14:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\linda keplinger\NetHood
[2011/12/29 19:14:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\linda keplinger\Local Settings
[2011/12/29 19:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Microsoft
[2011/12/29 19:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Desktop
[2011/12/29 18:29:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2011/12/29 18:29:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011/12/29 18:29:50 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011/12/29 18:29:50 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2011/12/29 18:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2011/12/29 18:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2011/12/29 18:29:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2011/12/29 18:18:02 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresja.dll
[2011/12/29 18:18:02 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresko.dll
[2011/12/29 18:18:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresfr.dll
[2011/12/29 18:18:01 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehresde.dll
[2011/12/29 18:17:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehreschs.dll
[2011/12/29 18:17:53 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2011/12/29 18:17:52 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2011/12/29 18:17:51 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2011/12/29 18:17:51 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2011/12/29 18:17:51 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2011/12/29 18:17:51 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2011/12/29 18:17:51 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2011/12/29 18:17:50 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2011/12/29 18:17:50 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2011/12/29 18:17:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2011/12/29 18:17:49 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2011/12/29 18:17:49 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2011/12/29 18:17:49 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2011/12/29 18:17:49 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2011/12/29 18:17:48 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2011/12/29 18:17:48 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2011/12/29 18:17:47 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2011/12/29 18:17:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2011/12/29 18:17:47 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2011/12/29 18:17:46 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2011/12/29 18:17:46 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2011/12/29 18:17:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2011/12/29 18:17:46 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2011/12/29 18:17:45 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2011/12/29 18:17:45 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2011/12/29 18:17:45 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2011/12/29 18:17:45 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2011/12/29 18:17:44 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2011/12/29 18:17:43 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2011/12/29 18:17:42 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2011/12/29 18:17:42 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2011/12/29 18:17:42 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2011/12/29 18:17:41 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2011/12/29 18:17:41 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2011/12/29 18:17:41 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2011/12/29 18:17:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2011/12/29 18:17:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2011/12/29 18:17:40 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2011/12/29 18:17:40 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2011/12/29 18:17:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2011/12/29 18:17:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2011/12/29 18:17:40 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2011/12/29 18:17:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2011/12/29 18:17:40 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2011/12/29 18:17:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2011/12/29 18:17:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2011/12/29 18:17:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2011/12/29 18:17:40 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2011/12/29 18:17:40 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2011/12/29 18:17:40 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2011/12/29 18:17:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2011/12/29 18:17:37 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/12/29 18:17:37 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/12/29 18:17:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2011/12/29 18:17:36 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2011/12/29 18:17:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2011/12/29 18:17:35 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2011/12/29 18:17:34 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2011/12/29 18:17:34 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2011/12/29 18:17:34 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2011/12/29 18:17:33 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2011/12/29 18:17:33 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2011/12/29 18:17:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2011/12/29 18:17:32 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2011/12/29 18:17:32 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2011/12/29 18:17:32 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2011/12/29 18:17:32 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2011/12/29 18:17:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2011/12/29 18:17:32 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2011/12/29 18:17:31 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2011/12/29 18:17:31 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2011/12/29 18:17:31 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2011/12/29 18:17:31 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2011/12/29 18:17:31 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2011/12/29 18:17:30 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2011/12/29 18:17:29 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2011/12/29 18:17:29 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2011/12/29 18:17:27 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2011/12/29 18:17:25 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2011/12/29 18:17:25 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2011/12/29 18:17:21 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2011/12/29 18:17:21 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2011/12/29 18:17:21 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2011/12/29 18:17:20 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2011/12/29 18:17:20 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2011/12/29 18:17:19 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2011/12/29 18:17:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2011/12/29 18:17:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2011/12/29 18:17:18 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2011/12/29 18:17:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2011/12/29 18:17:18 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2011/12/29 18:17:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2011/12/29 18:17:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2011/12/29 18:17:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2011/12/29 18:17:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2011/12/29 18:17:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2011/12/29 18:17:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2011/12/29 18:17:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2011/12/29 18:17:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2011/12/29 18:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2011/12/29 18:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2011/12/29 18:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2011/12/29 18:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2011/12/29 18:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2011/12/29 18:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2011/12/29 18:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2011/12/29 18:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2011/12/29 18:17:17 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2011/12/29 18:17:17 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2011/12/29 18:17:16 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2011/12/29 18:17:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2011/12/29 18:17:16 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2011/12/29 18:17:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2011/12/29 18:17:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2011/12/29 18:17:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2011/12/29 18:17:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2011/12/29 18:17:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2011/12/29 18:17:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2011/12/29 18:17:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2011/12/29 18:17:15 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2011/12/29 18:17:15 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2011/12/29 18:17:14 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2011/12/29 18:17:14 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2011/12/29 18:17:14 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2011/12/29 18:17:14 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2011/12/29 18:17:14 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2011/12/29 18:17:14 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2011/12/29 18:17:14 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2011/12/29 18:17:13 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2011/12/29 18:17:13 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2011/12/29 18:17:13 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2011/12/29 18:17:13 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2011/12/29 18:17:13 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2011/12/29 18:17:13 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2011/12/29 18:17:13 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2011/12/29 18:17:13 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2011/12/29 18:17:13 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2011/12/29 18:17:13 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2011/12/29 18:17:13 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2011/12/29 18:17:13 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2011/12/29 18:17:13 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2011/12/29 18:17:13 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2011/12/29 18:17:12 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2011/12/29 18:17:12 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2011/12/29 18:17:12 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2011/12/29 18:17:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2011/12/29 18:17:12 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2011/12/29 18:17:12 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2011/12/29 18:17:10 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2011/12/29 18:17:09 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2011/12/29 18:17:07 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2011/12/29 18:17:06 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2011/12/29 18:17:06 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2011/12/29 18:17:06 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2011/12/29 18:17:05 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2011/12/29 18:17:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2011/12/29 18:17:05 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2011/12/29 18:17:04 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2011/12/29 18:17:04 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2011/12/29 18:17:03 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2011/12/29 18:17:03 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2011/12/29 18:17:03 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2011/12/29 18:17:03 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2011/12/29 18:17:02 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2011/12/29 18:17:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2011/12/29 18:16:59 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2011/12/29 18:16:59 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2011/12/29 18:16:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2011/12/29 18:16:59 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2011/12/29 18:16:59 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2011/12/29 18:16:57 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2011/12/29 18:16:57 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2011/12/29 18:16:57 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2011/12/29 18:16:57 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2011/12/29 18:16:57 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2011/12/29 18:16:57 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2011/12/29 18:16:57 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2011/12/29 18:16:56 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2011/12/29 18:16:56 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2011/12/29 18:16:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2011/12/29 18:16:56 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2011/12/29 18:16:56 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2011/12/29 18:16:55 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/12/29 18:16:55 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2011/12/29 18:16:55 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2011/12/29 18:16:51 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2011/12/29 18:16:50 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2011/12/29 18:16:49 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2011/12/29 18:16:49 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2011/12/29 18:16:49 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2011/12/29 18:16:48 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2011/12/29 18:16:48 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2011/12/29 18:16:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2011/12/29 18:16:47 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2011/12/29 18:16:47 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2011/12/29 18:16:46 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2011/12/29 18:16:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2011/12/29 18:16:42 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2011/12/29 18:16:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2011/12/29 18:16:41 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2011/12/29 18:16:41 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2011/12/29 18:16:41 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2011/12/29 18:16:41 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2011/12/29 18:16:38 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2011/12/29 18:16:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011/12/29 18:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2011/12/29 18:16:27 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2011/12/29 18:16:15 | 000,000,000 | ---D | C] -- C:\DELL
[2011/12/29 18:16:01 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011/12/29 18:15:45 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2011/12/29 18:14:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2011/12/29 18:14:52 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011/12/29 18:14:52 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011/12/29 18:14:43 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2011/12/29 18:14:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011/12/29 18:14:18 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2011/12/29 18:14:18 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2011/12/29 18:14:18 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2011/12/29 18:14:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2011/12/29 18:14:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2011/12/29 18:14:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2011/12/29 18:14:13 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2011/12/29 18:14:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2011/12/29 18:14:12 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2011/12/29 18:14:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2011/12/29 18:14:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2011/12/29 18:14:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2011/12/29 18:14:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2011/12/29 18:14:12 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2011/12/29 18:14:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2011/12/29 18:14:09 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2011/12/29 18:14:09 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2011/12/29 18:14:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2011/12/29 18:14:09 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2011/12/29 18:14:09 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2011/12/29 18:14:09 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2011/12/29 18:14:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2011/12/29 18:14:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2011/12/29 18:14:09 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2011/12/29 18:14:09 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011/12/29 18:14:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2011/12/29 18:14:08 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2011/12/29 18:14:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011/12/29 18:14:06 | 000,819,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2011/12/29 18:14:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011/12/29 18:14:05 | 000,991,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2011/12/29 18:14:05 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2011/12/29 18:14:05 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2011/12/29 18:14:05 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2011/12/29 18:14:05 | 000,209,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2011/12/29 18:14:05 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2011/12/29 18:14:05 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2011/12/29 18:14:05 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2011/12/29 18:14:04 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2011/12/29 18:14:04 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2011/12/29 18:14:04 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2011/12/29 18:14:04 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2011/12/29 18:14:04 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2011/12/29 18:14:04 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2011/12/29 18:14:04 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2011/12/29 18:14:04 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2011/12/29 18:14:04 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2011/12/29 18:14:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2011/12/29 18:14:04 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2011/12/29 18:14:02 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2011/12/29 18:13:59 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2011/12/29 18:13:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2011/12/29 18:13:59 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2011/12/29 18:13:59 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2011/12/29 18:13:57 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2011/12/29 18:13:57 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltmc.exe
[2011/12/29 18:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011/12/29 18:13:56 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2011/12/29 18:13:56 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2011/12/29 18:13:56 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2011/12/29 18:13:56 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2011/12/29 18:13:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2011/12/29 18:13:54 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2011/12/29 18:13:54 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2011/12/29 18:13:54 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2011/12/29 18:13:54 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2011/12/29 18:13:52 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2011/12/29 18:13:52 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2011/12/29 18:13:52 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2011/12/29 18:13:52 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2011/12/29 18:13:52 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2011/12/29 18:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2011/12/29 18:13:49 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2011/12/29 18:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2011/12/29 18:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2011/12/29 18:13:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2011/12/29 18:13:17 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2011/12/29 18:12:59 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/12/29 18:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2011/12/29 18:12:55 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/12/29 18:12:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011/12/29 18:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2011/12/29 18:12:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
[2011/12/29 18:12:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/12/29 18:12:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2011/12/29 18:12:39 | 001,742,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mypixdx.scr
[2011/12/29 18:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Plus
[2011/12/29 18:12:38 | 007,093,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\space.scr
[2011/12/29 18:12:38 | 004,396,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wpgldfsh.scr
[2011/12/29 18:12:38 | 003,343,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nature.scr
[2011/12/29 18:12:37 | 005,068,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\davinci.scr
[2011/12/29 18:12:35 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\igdetect.dll
[2011/12/29 18:12:33 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2011/12/29 18:12:33 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2011/12/29 18:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2011/12/29 18:12:18 | 000,462,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqqp20.dll
[2011/12/29 18:12:18 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqdb20.dll
[2011/12/29 18:12:18 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdatunepia.dll
[2011/12/29 18:12:18 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehsqse20.dll
[2011/12/29 18:12:18 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\medctrro.exe
[2011/12/29 18:12:18 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehmsas.exe
[2011/12/29 18:12:17 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2011/12/29 18:12:16 | 001,370,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehchsime.dll
[2011/12/29 18:12:16 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehcommon.dll
[2011/12/29 18:12:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehjpnime.dll
[2011/12/29 18:12:16 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehentt.dll
[2011/12/29 18:12:16 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiuserxp.dll
[2011/12/29 18:12:15 | 003,219,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehshell.exe
[2011/12/29 18:12:15 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehcm.dll
[2011/12/29 18:12:15 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehui.dll
[2011/12/29 18:12:15 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehdrop.dll
[2011/12/29 18:12:15 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehSched.exe
[2011/12/29 18:12:15 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehRec.exe
[2011/12/29 18:12:15 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehtray.exe
[2011/12/29 18:12:15 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehdebug.dll
[2011/12/29 18:12:14 | 008,843,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehres.dll
[2011/12/29 18:12:14 | 001,349,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehuihlp.dll
[2011/12/29 18:12:14 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehepg.dll
[2011/12/29 18:12:14 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehRecObj.dll
[2011/12/29 18:12:14 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiProxy.dll
[2011/12/29 18:12:14 | 000,307,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehPlayer.dll
[2011/12/29 18:12:14 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiVidCtl.dll
[2011/12/29 18:12:14 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehglid.dll
[2011/12/29 18:12:14 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiPlay.dll
[2011/12/29 18:12:14 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\debugsvc.dll
[2011/12/29 18:12:14 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehepgdat.dll
[2011/12/29 18:12:14 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiwmp.dll
[2011/12/29 18:12:14 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehCIR.dll
[2011/12/29 18:12:14 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehProxy.dll
[2011/12/29 18:12:14 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehiExtens.dll
[2011/12/29 18:12:14 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehepgdec.dll
[2011/12/29 18:12:14 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ehepgnet.dll
[2011/12/29 18:12:12 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2011/12/29 18:12:12 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2011/12/29 18:12:12 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2011/12/29 18:12:12 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2011/12/29 18:12:12 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2011/12/29 18:12:12 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2011/12/29 18:12:12 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2011/12/29 18:12:12 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2011/12/29 18:12:12 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2011/12/29 18:12:12 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2011/12/29 18:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2011/12/29 18:12:11 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2011/12/29 18:12:11 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2011/12/29 18:12:11 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2011/12/29 18:12:11 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2011/12/29 18:12:11 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2011/12/29 18:12:11 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2011/12/29 18:12:11 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2011/12/29 18:12:11 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2011/12/29 18:12:11 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2011/12/29 18:12:11 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2011/12/29 18:12:11 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2011/12/29 18:12:11 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2011/12/29 18:12:10 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2011/12/29 18:12:10 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2011/12/29 18:12:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2011/12/29 18:12:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2011/12/29 18:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2011/12/29 18:12:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2011/12/29 18:12:04 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2011/12/29 18:12:04 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2011/12/29 18:12:04 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2011/12/29 18:12:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2011/12/29 18:12:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2011/12/29 18:12:04 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2011/12/29 18:12:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2011/12/29 18:12:04 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2011/12/29 18:12:04 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2011/12/29 18:12:03 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2011/12/29 18:12:03 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2011/12/29 18:11:59 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2011/12/29 18:11:59 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2011/12/29 18:11:59 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2011/12/29 18:11:59 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2011/12/29 18:11:59 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2011/12/29 18:11:59 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2011/12/29 18:11:58 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2011/12/29 18:11:58 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2011/12/29 18:11:58 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2011/12/29 18:11:58 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2011/12/29 18:11:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2011/12/29 18:11:58 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2011/12/29 18:11:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2011/12/29 18:11:58 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2011/12/29 18:11:58 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2011/12/29 18:11:58 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2011/12/29 18:11:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2011/12/29 18:11:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2011/12/29 18:11:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2011/12/29 18:11:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2011/12/29 18:11:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2011/12/29 18:11:57 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2011/12/29 18:11:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2011/12/29 18:11:57 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2011/12/29 18:11:57 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2011/12/29 18:11:57 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2011/12/29 18:11:57 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2011/12/29 18:11:57 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2011/12/29 18:11:57 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2011/12/29 18:11:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2011/12/29 18:11:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2011/12/29 18:11:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2011/12/29 18:11:57 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2011/12/29 18:11:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2011/12/29 18:11:57 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2011/12/29 18:11:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2011/12/29 18:11:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2011/12/29 18:11:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2011/12/29 18:11:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2011/12/29 18:11:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2011/12/29 18:11:57 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2011/12/29 18:11:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2011/12/29 18:11:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2011/12/29 18:11:56 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2011/12/29 18:11:56 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2011/12/29 18:11:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2011/12/29 18:11:56 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2011/12/29 18:11:56 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2011/12/29 18:11:56 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2011/12/29 18:11:56 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2011/12/29 18:11:56 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2011/12/29 18:11:56 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2011/12/29 18:11:54 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2011/12/29 18:11:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2011/12/29 18:11:54 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2011/12/29 18:11:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2011/12/29 18:11:53 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2011/12/29 18:11:53 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2011/12/29 18:11:53 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2011/12/29 18:11:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2011/12/29 18:11:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2011/12/29 18:11:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2011/12/29 18:11:53 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2011/12/29 18:11:53 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2011/12/29 18:11:53 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2011/12/29 18:11:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2011/12/29 18:11:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2011/12/29 18:11:53 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2011/12/29 18:11:47 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2011/12/29 18:11:47 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2011/12/29 18:11:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2011/12/29 18:11:47 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2011/12/29 18:11:47 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2011/12/29 18:11:47 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2011/12/29 18:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2011/12/29 18:11:46 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2011/12/29 18:11:46 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2011/12/29 18:11:46 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2011/12/29 18:11:46 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2011/12/29 18:11:46 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2011/12/29 18:11:45 | 002,066,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstscax.dll
[2011/12/29 18:11:45 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstsc.exe
[2011/12/29 18:11:45 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2011/12/29 18:11:45 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2011/12/29 18:11:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2011/12/29 18:11:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2011/12/29 18:11:45 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscupgrd.exe
[2011/12/29 18:11:45 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscupgrd.exe
[2011/12/29 18:11:45 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2011/12/29 18:11:45 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2011/12/29 18:11:45 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2011/12/29 18:11:44 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2011/12/29 18:11:44 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2011/12/29 18:11:44 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2011/12/29 18:11:44 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2011/12/29 18:11:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2011/12/29 18:11:44 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2011/12/29 18:11:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011/12/29 18:11:43 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2011/12/29 18:11:43 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2011/12/29 18:11:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2011/12/29 18:11:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011/12/29 18:11:39 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2011/12/29 18:11:39 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2011/12/29 18:11:39 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2011/12/29 18:11:39 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2011/12/29 18:11:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/12/29 18:09:38 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/12/29 11:19:33 | 000,020,992 | ---- | C] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\drivers\RTL8139.sys
[2011/12/29 11:19:06 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2011/12/29 11:18:25 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011/12/29 11:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2011/12/29 11:18:24 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2011/12/29 11:18:24 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2011/12/29 11:18:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2011/12/29 11:18:23 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2011/12/29 11:18:23 | 000,000,000 | R--D | C] -- C:\Program Files
[2011/12/29 11:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2011/12/29 11:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2011/12/29 11:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2011/12/29 11:18:21 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2011/12/29 11:18:21 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2011/12/29 11:18:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2011/12/29 11:18:21 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2011/12/29 11:18:21 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2011/12/29 11:18:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2011/12/29 11:18:20 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2011/12/29 11:18:20 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2011/12/29 11:18:18 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2011/12/29 11:18:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2011/12/29 11:18:18 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2011/12/29 11:18:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2011/12/29 11:18:18 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2011/12/29 11:18:18 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2011/12/29 11:18:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2011/12/29 11:18:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2011/12/29 11:18:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2011/12/29 11:18:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2011/12/29 11:18:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2011/12/29 11:18:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2011/12/29 11:18:18 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2011/12/29 11:18:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2011/12/29 11:18:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2011/12/29 11:18:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2011/12/29 11:18:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2011/12/29 11:18:18 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2011/12/29 11:18:17 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2011/12/29 11:18:17 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2011/12/29 11:18:17 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2011/12/29 11:18:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2011/12/29 11:18:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2011/12/29 11:18:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2011/12/29 11:18:16 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2011/12/29 11:18:16 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2011/12/29 11:18:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2011/12/29 11:18:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2011/12/29 11:18:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2011/12/29 11:18:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2011/12/29 11:18:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2011/12/29 11:18:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2011/12/29 11:18:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2011/12/29 11:18:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2011/12/29 11:18:16 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2011/12/29 11:18:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2011/12/29 11:18:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2011/12/29 11:18:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2011/12/29 11:18:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2011/12/29 11:18:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2011/12/29 11:18:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2011/12/29 11:18:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2011/12/29 11:18:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2011/12/29 11:18:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2011/12/29 11:18:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2011/12/29 11:18:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2011/12/29 11:18:16 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2011/12/29 11:18:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2011/12/29 11:18:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2011/12/29 11:18:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2011/12/29 11:18:14 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2011/12/29 11:18:14 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2011/12/29 11:18:14 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2011/12/29 11:18:14 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2011/12/29 11:18:14 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2011/12/29 11:18:14 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2011/12/29 11:18:14 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2011/12/29 11:18:14 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2011/12/29 11:18:14 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2011/12/29 11:18:14 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2011/12/29 11:18:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2011/12/29 11:18:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2011/12/29 11:18:14 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2011/12/29 11:18:14 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2011/12/29 11:18:14 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2011/12/29 11:18:14 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2011/12/29 11:18:14 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2011/12/29 11:18:13 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2011/12/29 11:18:13 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2011/12/29 11:18:13 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2011/12/29 11:18:13 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2011/12/29 11:18:13 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2011/12/29 11:18:13 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2011/12/29 11:18:13 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2011/12/29 11:18:13 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2011/12/29 11:18:13 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2011/12/29 11:18:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2011/12/29 11:18:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2011/12/29 11:18:13 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2011/12/29 11:18:13 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2011/12/29 11:18:13 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2011/12/29 11:18:13 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2011/12/29 11:18:13 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2011/12/29 11:18:12 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\winspool.drv
[2011/12/29 11:18:12 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2011/12/29 11:18:12 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2011/12/29 11:18:12 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2011/12/29 11:18:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/12/29 11:18:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2011/12/29 11:18:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2011/12/29 11:18:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2011/12/29 11:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2011/12/29 11:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2011/12/29 11:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011/12/29 11:15:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011/12/29 11:15:52 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/12/29 11:15:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2011/12/29 11:15:38 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/12/29 11:15:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2011/12/29 10:49:40 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011/12/29 10:49:40 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011/12/29 10:49:40 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011/12/29 10:49:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011/12/29 10:49:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/02/12 12:45:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 12:44:46 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\wklnhst.dat
[2012/02/12 12:44:18 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks.wps
[2012/02/12 12:33:55 | 000,000,712 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to WksWP.lnk
[2012/02/12 12:21:52 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/12 12:21:35 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/12 12:21:32 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/12 12:21:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/11 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/02/11 12:32:03 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/11 12:32:03 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/10 16:50:16 | 000,063,744 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\FREE-Power-of-Attorney-Form-Sample.pdf
[2012/02/10 16:44:50 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form 1.wps
[2012/02/10 16:37:18 | 000,111,513 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form.pdf
[2012/02/10 14:28:11 | 000,025,907 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Birth Certificate Form.pdf
[2012/02/10 13:47:12 | 000,239,494 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\SS Form.pdf
[2012/02/10 13:12:04 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/02/10 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/02/09 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/02/09 08:06:00 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2012/02/08 11:48:25 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/08 11:44:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/07 15:46:40 | 000,000,136 | -H-- | M] () -- C:\aaw7boot.cmd
[2012/02/07 15:02:00 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to VipreRescueScanner.lnk
[2012/02/07 14:26:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/07 13:24:58 | 000,441,096 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/07 13:09:30 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/07 12:46:20 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\SpywareBlaster.lnk
[2012/02/07 12:46:05 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/07 12:46:04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Spybot - Search & Destroy.lnk
[2012/02/07 12:23:18 | 000,187,144 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\census.cache
[2012/02/07 12:23:12 | 000,154,250 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\ars.cache
[2012/02/07 12:12:44 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\housecall.guid.cache
[2012/02/07 09:05:01 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/07 09:05:01 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/07 09:02:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/02/07 09:01:08 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/07 09:00:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/07 07:31:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/02/07 07:13:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/04 07:55:30 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Envelope 3x6 IAG.wps
[2012/02/04 07:31:34 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2012/02/04 07:31:00 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Deskjet 2050 J510 series.lnk
[2012/02/04 07:30:59 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series.lnk
[2012/02/04 07:30:59 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series Scan.lnk
[2012/02/01 12:26:36 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Virus repair.wps
[2012/02/01 00:14:27 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Recipes - Sweets.wps
[2012/02/01 00:12:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/31 15:24:22 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/31 15:24:22 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2012/01/24 10:41:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/01/11 23:12:26 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/05 16:41:21 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Bills Paid 01 12.wps
[2012/01/01 18:39:22 | 000,000,609 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Windows Messenger.lnk
[2012/01/01 15:55:53 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Money Gram 1-12.wps
[2012/01/01 15:35:39 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\DELL_XPS_Dell DXP061 .MRK
[2012/01/01 15:35:39 | 000,000,005 | ---- | M] () -- C:\WINDOWS\System32\drivers\1028_DELL_XPS_Dell DXP061 .MRK
[2011/12/31 18:41:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/12/31 18:41:00 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/31 18:41:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/31 18:41:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/31 18:41:00 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/12/31 18:02:52 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/12/31 11:22:24 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2011/12/31 10:59:25 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/31 10:41:17 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/31 10:41:17 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/12/31 10:40:45 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/31 10:40:45 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/30 11:26:19 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/30 10:17:22 | 000,000,059 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[2011/12/30 09:55:50 | 107,810,816 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\VIPRERescue11324 malware removeval.exe
[2011/12/30 09:50:28 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\linda keplinger\Desktop\mbam-setup-1.60.0.1800 malware removal.exe
[2011/12/30 09:09:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\linda keplinger\Desktop\OTL malware removal.exe
[2011/12/29 19:47:18 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/29 19:17:41 | 000,000,138 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\fusioncache.dat
[2011/12/29 18:29:28 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011/12/29 18:18:18 | 000,000,237 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/12/29 18:15:55 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/12/29 18:15:55 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/12/29 18:15:55 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/12/29 18:15:55 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/12/29 18:15:50 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/29 18:15:50 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/29 18:15:45 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/29 18:12:58 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/12 12:44:18 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks.wps
[2012/02/12 12:33:55 | 000,000,712 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to WksWP.lnk
[2012/02/11 12:32:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/11 12:32:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/10 16:50:16 | 000,063,744 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\FREE-Power-of-Attorney-Form-Sample.pdf
[2012/02/10 16:44:50 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form 1.wps
[2012/02/10 15:08:39 | 000,111,513 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form.pdf
[2012/02/10 14:28:11 | 000,025,907 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Birth Certificate Form.pdf
[2012/02/10 13:47:12 | 000,239,494 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\SS Form.pdf
[2012/02/07 15:46:40 | 000,000,136 | -H-- | C] () -- C:\aaw7boot.cmd
[2012/02/07 15:02:00 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to VipreRescueScanner.lnk
[2012/02/07 13:24:58 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120207-132458.backup
[2012/02/07 13:09:39 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/07 13:09:30 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/07 12:46:20 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\SpywareBlaster.lnk
[2012/02/07 12:46:05 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/07 12:46:04 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Spybot - Search & Destroy.lnk
[2012/02/07 12:23:18 | 000,187,144 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\census.cache
[2012/02/07 12:23:12 | 000,154,250 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\ars.cache
[2012/02/07 12:12:44 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\housecall.guid.cache
[2012/02/07 09:01:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Internet Explorer.lnk
[2012/02/07 09:01:07 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/04 07:31:34 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2012/02/04 07:31:21 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/02/04 07:31:21 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/02/04 07:31:21 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/02/04 07:31:21 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/02/04 07:31:00 | 000,000,939 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for Supplies - HP Deskjet 2050 J510 series.lnk
[2012/02/04 07:30:59 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series.lnk
[2012/02/04 07:30:59 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series Scan.lnk
[2012/02/04 07:24:19 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Envelope 3x6 IAG.wps
[2012/02/01 12:26:36 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Virus repair.wps
[2012/02/01 00:14:27 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Recipes - Sweets.wps
[2012/02/01 00:12:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/01 00:12:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/31 15:24:22 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2012/01/11 23:12:26 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/01/05 15:58:01 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Bills Paid 01 12.wps
[2012/01/01 18:39:22 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Windows Messenger.lnk
[2012/01/01 15:55:53 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Money Gram 1-12.wps
[2012/01/01 15:52:39 | 000,001,122 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\wklnhst.dat
[2012/01/01 15:50:04 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2012/01/01 15:50:03 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2011/12/31 18:19:02 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\DELL_XPS_Dell DXP061 .MRK
[2011/12/31 18:19:02 | 000,000,005 | ---- | C] () -- C:\WINDOWS\System32\drivers\1028_DELL_XPS_Dell DXP061 .MRK
[2011/12/31 18:16:03 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\DModem.cpl
[2011/12/31 18:16:02 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Modem Diagnostic Tool.lnk
[2011/12/31 18:15:29 | 000,002,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciinfo.sys
[2011/12/31 18:13:08 | 000,039,472 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/31 18:13:04 | 000,016,356 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011/12/31 18:12:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/12/31 18:11:25 | 000,128,398 | ---- | C] () -- C:\WINDOWS\System32\drivers\del200f.cty
[2011/12/31 11:24:25 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/31 11:22:24 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Outlook Express.lnk
[2011/12/31 10:41:17 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2011/12/31 10:41:17 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2011/12/31 03:13:57 | 001,292,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2011/12/30 11:26:19 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/12/30 10:17:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/12/30 10:12:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/30 09:55:48 | 107,810,816 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\VIPRERescue11324 malware removeval.exe
[2011/12/30 08:28:04 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011/12/30 08:27:55 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011/12/30 08:27:04 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011/12/29 20:38:13 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/12/29 20:38:13 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/12/29 20:38:13 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/12/29 20:32:01 | 000,001,813 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/12/29 20:30:48 | 000,000,904 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/29 20:30:48 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/29 19:47:18 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/29 19:47:13 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Outlook Express.lnk
[2011/12/29 19:21:42 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2011/12/29 19:17:41 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\fusioncache.dat
[2011/12/29 19:14:36 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Remote Assistance.lnk
[2011/12/29 19:14:36 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Windows Media Player.lnk
[2011/12/29 18:29:28 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011/12/29 18:18:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 18:17:32 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/12/29 18:17:19 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/12/29 18:17:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/12/29 18:17:13 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/12/29 18:17:12 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/12/29 18:17:09 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/12/29 18:17:07 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/12/29 18:16:57 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/12/29 18:15:55 | 000,002,625 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/29 18:15:55 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011/12/29 18:15:55 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011/12/29 18:15:55 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011/12/29 18:15:55 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2011/12/29 18:15:50 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/29 18:15:50 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/29 18:15:49 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011/12/29 18:14:42 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2011/12/29 18:14:37 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011/12/29 18:14:16 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011/12/29 18:14:16 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011/12/29 18:14:13 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011/12/29 18:13:00 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2011/12/29 18:12:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/29 18:12:53 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2011/12/29 18:12:39 | 000,011,452 | ---- | C] () -- C:\WINDOWS\System32\mypixdx.chm
[2011/12/29 18:12:16 | 010,604,352 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ehcir.ird
[2011/12/29 18:12:00 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2011/12/29 18:12:00 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2011/12/29 18:12:00 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2011/12/29 18:12:00 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2011/12/29 18:12:00 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011/12/29 18:12:00 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2011/12/29 18:12:00 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2011/12/29 18:12:00 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2011/12/29 18:11:59 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2011/12/29 18:11:59 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2011/12/29 18:11:59 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2011/12/29 18:11:58 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011/12/29 18:11:57 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011/12/29 18:11:57 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011/12/29 18:11:53 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/12/29 11:18:28 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/12/29 11:18:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/29 11:18:24 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011/12/29 11:18:24 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011/12/29 11:18:24 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011/12/29 11:18:23 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011/12/29 11:18:13 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011/12/29 11:16:07 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2011/12/29 11:16:07 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2011/12/29 11:16:07 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/12/29 11:16:06 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/12/29 11:16:06 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/12/29 11:16:06 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/12/29 11:16:06 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/12/29 11:16:06 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/12/29 11:16:06 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/12/29 11:16:06 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/12/29 11:15:38 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/29 10:54:03 | 000,000,209 | -HS- | C] () -- C:\boot.ini
[2011/12/29 10:54:02 | 000,000,237 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2006/01/17 08:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 16:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 16:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,380,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,052,764 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

OTL Extras logfile created on: 2/12/2012 12:47:52 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\linda keplinger\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 591.70 Mb Available Physical Memory | 57.90% Memory free
2.40 Gb Paging File | 2.13 Gb Available in Paging File | 88.73% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 445.31 Gb Free Space | 95.61% Space Free | Partition Type: NTFS

Computer Name: LINDA | User Name: linda keplinger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1454471165-448539723-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{29498512-A137-4478-8691-922829F108DC}" = HP Deskjet 2050 J510 series Product Improvement Study
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E654D1E3-B18B-4953-BFBC-F16227323E05}" = HP Deskjet 2050 J510 series Basic Device Software
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"adawaretb" = Ad-Aware Security Toolbar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"avast" = avast! Pro Antivirus
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"ESPNMotion" = ESPNMotion
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{390FF986-468D-4CA9-8830-2C4B313F447F}" = ATI Parental Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"SpywareBlaster_is1" = SpywareBlaster 4.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Messenger" = Yahoo! Messenger

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/29/2011 10:02:51 PM | Computer Name = LINDA | Source = ESENT | ID = 439
Description = HelpSvc.exe (1064) Unable to write a shadowed header for file C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb.
Error -1032.

Error - 12/29/2011 10:02:52 PM | Computer Name = LINDA | Source = ESENT | ID = 485
Description = HelpSvc (1064) An attempt to delete the file "C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 12/29/2011 10:03:02 PM | Computer Name = LINDA | Source = ESENT | ID = 490
Description = HelpSvc (1064) An attempt to open the file "C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 12/29/2011 10:03:02 PM | Computer Name = LINDA | Source = ESENT | ID = 439
Description = HelpSvc.exe (1064) Unable to write a shadowed header for file C:\WINDOWS\PCHealth\HelpCtr\Config\CheckPoint\tmp.edb.
Error -1032.

Error - 12/29/2011 10:31:20 PM | Computer Name = LINDA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module jscript.dll, version 5.6.0.8820, fault address 0x0005aa54.

Error - 12/29/2011 10:33:49 PM | Computer Name = LINDA | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2873, fault address 0x0007c7d8.

Error - 12/31/2011 8:12:35 PM | Computer Name = LINDA | Source = MsiInstaller | ID = 10005
Description = Product: Intel® Viiv™ Software -- Invalid Hardware. Intel® Viiv™ software
must be installed on an Intel® Viiv™ technology-based PC.

Error - 12/31/2011 8:13:42 PM | Computer Name = LINDA | Source = MsiInstaller | ID = 10005
Description = Product: Intel® Viiv™ Software -- Invalid Hardware. Intel® Viiv™ software
must be installed on an Intel® Viiv™ technology-based PC.

Error - 12/31/2011 8:17:13 PM | Computer Name = LINDA | Source = MsiInstaller | ID = 1013
Description = Product: Intel® PRO Network Connections -- 1: Cannot install drivers.
No Intel® PRO Adapters are present in this computer.

Error - 12/31/2011 8:31:38 PM | Computer Name = LINDA | Source = Application Hang | ID = 1002
Description = Hanging application RCDMENU.EXE, version 4.2.0.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 12/31/2011 12:34:34 PM | Computer Name = LINDA | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Mozilla Firefox\components\browsercomps.dll.
Reference
error message: The operation completed successfully. .

Error - 12/31/2011 12:35:59 PM | Computer Name = LINDA | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/31/2011 12:35:59 PM | Computer Name = LINDA | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 12/31/2011 12:35:59 PM | Computer Name = LINDA | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Mozilla Firefox\components\browsercomps.dll.
Reference
error message: The operation completed successfully. .

Error - 1/14/2012 9:57:59 PM | Computer Name = LINDA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.2 on
the Network Card with network address 74EA3AAA585F.

Error - 1/20/2012 8:01:23 PM | Computer Name = LINDA | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.2 on
the Network Card with network address 74EA3AAA585F.

Error - 1/29/2012 4:38:35 PM | Computer Name = LINDA | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 1/29/2012 4:38:35 PM | Computer Name = LINDA | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 1/31/2012 5:02:21 PM | Computer Name = LINDA | Source = Service Control Manager | ID = 7000
Description = The avast! Asynchronous Virus Monitor service failed to start due
to the following error: %%2

Error - 2/7/2012 9:06:50 AM | Computer Name = LINDA | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Internet Explorer 8 for Windows XP.


< End of report >
  • 0

#5
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi lakep7,



Step One: OTL Fix

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKU\.DEFAULT..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
    O4 - HKU\.DEFAULT..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f File not found
    O4 - HKU\S-1-5-18..\RunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f File not found
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.


Step Two: Run MBRCheck

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.


Step Three: Problems

Please let me know of any problems you are experiencing with your computer.


What I need in your next post:
1. The report created by the OTL Fix.
2. The report created by the MBRCheck.
3. Let me know what problems you are having with your computer.
  • 0

#6
lakep7

lakep7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
thanks again. the otl and mbr results.

OTL logfile created on: 2/13/2012 3:56:10 PM - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\linda keplinger\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1021.85 Mb Total Physical Memory | 567.13 Mb Available Physical Memory | 55.50% Memory free
2.40 Gb Paging File | 2.11 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 447.23 Gb Free Space | 96.02% Space Free | Partition Type: NTFS

Computer Name: LINDA | User Name: linda keplinger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/30 09:09:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\linda keplinger\Desktop\OTL malware removal.exe
PRC - [2011/12/21 01:24:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/11/28 12:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2008/04/13 18:12:28 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/13 08:37:44 | 001,691,648 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12021301\algo.dll
MOD - [2011/12/21 01:24:51 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2012/02/07 13:10:08 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/11/28 12:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2012/02/10 13:12:04 | 000,101,720 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/12/23 07:12:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/11/28 11:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 11:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 11:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 11:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 11:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 11:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 11:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006/03/20 16:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2004/08/03 16:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/01/31 15:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/04 07:31:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/04 07:31:31 | 000,000,000 | ---D | M]

[2011/12/29 20:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Extensions
[2012/02/07 13:09:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions
[2012/02/07 13:09:37 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012/02/07 12:06:30 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/02/07 12:07:14 | 000,002,306 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\searchplugins\wot-safe-search.xml
[2011/12/31 18:41:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/31 18:41:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\

O1 HOSTS File: ([2012/02/13 15:25:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Ad-Aware Security Toolbar) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80C29E42-F4C8-4A90-999E-C133909C9A64}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/29 18:15:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 15:25:16 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/02/10 13:42:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Temp
[2012/02/09 08:05:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/02/07 13:15:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/07 13:09:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\adaware
[2012/02/07 13:09:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2012/02/07 13:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2012/02/07 13:09:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\adawaretb
[2012/02/07 13:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\adawaretb
[2012/02/07 13:09:28 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/02/07 13:09:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/02/07 12:46:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2012/02/07 12:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2012/02/07 12:46:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/07 12:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/07 12:45:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/02/07 12:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\f-secure
[2012/02/07 12:30:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/02/07 09:00:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/02/07 07:18:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-us
[2012/02/07 07:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/02/07 07:18:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2012/02/07 07:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/02/07 07:18:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/02/07 07:13:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2012/02/07 07:10:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2012/02/04 07:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2012/02/04 07:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/02/04 07:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/02/04 07:31:33 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012/02/04 07:31:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Photo Creations
[2012/02/04 07:31:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Coupons
[2012/02/04 07:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2012/02/04 07:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Application Data\HpUpdate
[2012/02/04 07:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/02/04 07:30:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/02/04 07:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2012/02/04 07:29:58 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/02/04 07:29:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\HP
[2012/02/01 00:12:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/02/01 00:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\Adobe
[2012/02/01 00:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/02/01 00:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/02/01 00:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/01/31 15:41:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\linda keplinger\UserData
[2012/01/31 15:24:22 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/01/31 15:24:22 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/01/31 15:24:22 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/01/31 15:24:22 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/01/31 15:24:22 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/01/31 15:24:22 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/01/31 15:24:22 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/01/31 15:24:22 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/01/31 15:24:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Pro Antivirus
[2012/01/31 15:24:08 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/01/31 15:24:08 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr

========== Files - Modified Within 30 Days ==========

[2012/02/13 15:54:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/13 15:54:12 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/13 15:54:12 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/13 15:52:39 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/02/13 15:52:11 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/13 15:52:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/13 15:45:00 | 000,000,904 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/13 15:25:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/02/13 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/02/12 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/02/12 14:34:42 | 000,001,122 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\wklnhst.dat
[2012/02/12 14:33:25 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks.wps
[2012/02/12 13:07:57 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to aswMBR.lnk
[2012/02/10 16:50:16 | 000,063,744 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\FREE-Power-of-Attorney-Form-Sample.pdf
[2012/02/10 16:44:50 | 000,015,872 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form 1.wps
[2012/02/10 16:37:18 | 000,111,513 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form.pdf
[2012/02/10 14:28:11 | 000,025,907 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Birth Certificate Form.pdf
[2012/02/10 13:47:12 | 000,239,494 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\SS Form.pdf
[2012/02/10 13:12:04 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/02/10 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/02/09 08:06:00 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2012/02/08 11:48:25 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/08 11:44:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/02/07 15:46:40 | 000,000,136 | -H-- | M] () -- C:\aaw7boot.cmd
[2012/02/07 15:02:00 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to VipreRescueScanner.lnk
[2012/02/07 14:26:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/07 13:09:30 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/07 12:46:20 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\SpywareBlaster.lnk
[2012/02/07 12:46:05 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/07 12:46:04 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Desktop\Spybot - Search & Destroy.lnk
[2012/02/07 12:23:18 | 000,187,144 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\census.cache
[2012/02/07 12:23:12 | 000,154,250 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\ars.cache
[2012/02/07 12:12:44 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\housecall.guid.cache
[2012/02/07 09:05:01 | 000,380,350 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/07 09:05:01 | 000,052,764 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/07 09:02:14 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/02/07 09:01:08 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/07 09:00:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/07 07:31:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/02/07 07:13:36 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2012/02/04 07:55:30 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Envelope 3x6 IAG.wps
[2012/02/04 07:31:34 | 000,000,772 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2012/02/04 07:30:59 | 000,001,981 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series.lnk
[2012/02/04 07:30:59 | 000,000,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series Scan.lnk
[2012/02/01 12:26:36 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Virus repair.wps
[2012/02/01 00:14:27 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\linda keplinger\My Documents\Recipes - Sweets.wps
[2012/02/01 00:12:01 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/31 15:24:22 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/01/31 15:24:22 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2012/01/24 10:41:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/02/12 13:07:57 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to aswMBR.lnk
[2012/02/12 12:44:18 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Geeks.wps
[2012/02/11 12:32:03 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/11 12:32:03 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/10 16:50:16 | 000,063,744 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\FREE-Power-of-Attorney-Form-Sample.pdf
[2012/02/10 16:44:50 | 000,015,872 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form 1.wps
[2012/02/10 15:08:39 | 000,111,513 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Power of Attorney Form.pdf
[2012/02/10 14:28:11 | 000,025,907 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Birth Certificate Form.pdf
[2012/02/10 13:47:12 | 000,239,494 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\SS Form.pdf
[2012/02/07 15:46:40 | 000,000,136 | -H-- | C] () -- C:\aaw7boot.cmd
[2012/02/07 15:02:00 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Shortcut to VipreRescueScanner.lnk
[2012/02/07 13:09:39 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/07 13:09:30 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/07 12:46:20 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\SpywareBlaster.lnk
[2012/02/07 12:46:05 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/07 12:46:04 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Desktop\Spybot - Search & Destroy.lnk
[2012/02/07 12:23:18 | 000,187,144 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\census.cache
[2012/02/07 12:23:12 | 000,154,250 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\ars.cache
[2012/02/07 12:12:44 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\housecall.guid.cache
[2012/02/07 09:01:08 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Start Menu\Programs\Internet Explorer.lnk
[2012/02/07 09:01:07 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/04 07:31:34 | 000,000,772 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photo Creations.lnk
[2012/02/04 07:31:21 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/02/04 07:31:21 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/02/04 07:31:21 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/02/04 07:31:21 | 000,000,464 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/02/04 07:30:59 | 000,001,981 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series.lnk
[2012/02/04 07:30:59 | 000,000,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Deskjet 2050 J510 series Scan.lnk
[2012/02/04 07:24:19 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Envelope 3x6 IAG.wps
[2012/02/01 12:26:36 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Virus repair.wps
[2012/02/01 00:14:27 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\linda keplinger\My Documents\Recipes - Sweets.wps
[2012/02/01 00:12:01 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/02/01 00:12:01 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/01/31 15:24:22 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2012/01/01 15:52:39 | 000,001,122 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Application Data\wklnhst.dat
[2011/12/31 18:15:29 | 000,002,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\pciinfo.sys
[2011/12/31 18:12:46 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2011/12/30 10:17:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/12/30 10:12:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/29 19:17:41 | 000,000,138 | ---- | C] () -- C:\Documents and Settings\linda keplinger\Local Settings\Application Data\fusioncache.dat
[2011/12/29 18:18:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/12/29 18:12:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/12/29 11:18:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/29 11:15:38 | 000,146,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/17 08:20:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/05 14:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 16:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 16:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 05:00:00 | 000,380,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 05:00:00 | 000,052,764 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/02/08 11:49:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2012/01/31 15:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/29 19:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2012/02/07 12:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2012/02/07 13:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/02/10 22:29:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda keplinger\Application Data\adawaretb
[2012/02/07 12:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda keplinger\Application Data\f-secure
[2012/01/01 15:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\linda keplinger\Application Data\Template
[2012/02/13 15:54:37 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/02/10 10:10:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2012/02/12 20:40:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2012/02/07 07:31:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2012/02/13 14:00:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========



< End of report >

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 120):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E5000 \WINDOWS\system32\hal.dll
0xF7B44000 \WINDOWS\system32\KDCOM.DLL
0xF7A54000 \WINDOWS\system32\BOOTVID.dll
0xF7515000 ACPI.sys
0xF7B46000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7504000 pci.sys
0xF7644000 isapnp.sys
0xF7654000 MountMgr.sys
0xF74E5000 ftdisk.sys
0xF7B48000 dmload.sys
0xF74BF000 dmio.sys
0xF78C4000 PartMgr.sys
0xF7664000 VolSnap.sys
0xF7408000 iaStor.sys
0xF78CC000 cercsr6.sys
0xF73F0000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7674000 disk.sys
0xF7684000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF73D0000 fltmgr.sys
0xF73BE000 sr.sys
0xF7694000 Lbd.sys
0xF78D4000 PxHelp20.sys
0xF73A7000 KSecDD.sys
0xF731A000 Ntfs.sys
0xF72ED000 NDIS.sys
0xF72D3000 Mup.sys
0xF7874000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF636E000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xF635A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF793C000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6336000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF7944000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF630E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF62DA000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys
0xF62B7000 \SystemRoot\system32\DRIVERS\ks.sys
0xF61B8000 \SystemRoot\system32\DRIVERS\HSF_DP.sys
0xF6111000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF794C000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7954000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF795C000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7884000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7894000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF78A4000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7D3D000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF78B4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF725E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF60FA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76B4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76C4000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7964000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF60E9000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76D4000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF796C000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7974000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF60B9000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF76E4000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF797C000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF7984000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B6C000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF605B000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B14000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF0291000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF0281000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B96000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xECE91000 \SystemRoot\system32\drivers\sthda.sys
0xECE6D000 \SystemRoot\system32\drivers\portcls.sys
0xF0271000 \SystemRoot\system32\drivers\drmk.sys
0xF12C0000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7BA4000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEF58E000 \SystemRoot\System32\Drivers\Null.SYS
0xF7BA6000 \SystemRoot\System32\Drivers\Beep.SYS
0xECE55000 \??\C:\WINDOWS\system32\drivers\SBREdrv.sys
0xF12B0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF12A8000 \SystemRoot\System32\drivers\vga.sys
0xF7BA8000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7BAA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xEFCB0000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEFCA8000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF0B4D000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xECE22000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xECDC9000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF0231000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xECDA3000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF0221000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xECD7B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEFCA0000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xECD59000 \SystemRoot\System32\drivers\afd.sys
0xF0211000 \SystemRoot\system32\DRIVERS\netbios.sys
0xECD2E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xECCBE000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF0201000 \SystemRoot\System32\Drivers\Fips.SYS
0xECC73000 \SystemRoot\System32\Drivers\aswSP.SYS
0xECC06000 \SystemRoot\System32\Drivers\aswSnx.SYS
0xEFC90000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xF2083000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEF51F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF1C83000 \SystemRoot\system32\DRIVERS\usbscan.sys
0xEF517000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xED5AF000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF2073000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xED5AB000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xED5A3000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xECB4F000 \SystemRoot\System32\Drivers\dump_iastor.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xED58F000 \SystemRoot\System32\drivers\Dxapi.sys
0xEF50F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C87000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xF551E000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xF5506000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xBA26E000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xB9CC9000 \SystemRoot\system32\drivers\wdmaud.sys
0xF7764000 \SystemRoot\system32\drivers\sysaudio.sys
0xB9B05000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xB9A9C000 \SystemRoot\System32\Drivers\HTTP.sys
0xB9AF1000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB99F4000 \SystemRoot\system32\DRIVERS\srv.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 30):
0 System Idle Process
4 System
548 C:\WINDOWS\system32\smss.exe
596 csrss.exe
620 C:\WINDOWS\system32\winlogon.exe
664 C:\WINDOWS\system32\services.exe
676 C:\WINDOWS\system32\lsass.exe
848 C:\WINDOWS\system32\svchost.exe
916 svchost.exe
984 C:\WINDOWS\system32\svchost.exe
1052 svchost.exe
1112 svchost.exe
1348 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1484 C:\WINDOWS\explorer.exe
1940 C:\WINDOWS\system32\spoolsv.exe
1452 svchost.exe
1572 C:\WINDOWS\ehome\ehrecvr.exe
1744 C:\WINDOWS\ehome\ehSched.exe
2040 C:\Program Files\Java\jre6\bin\jqs.exe
252 C:\WINDOWS\system32\nvsvc32.exe
1908 svchost.exe
976 C:\WINDOWS\system32\svchost.exe
1404 mcrdsvc.exe
2516 C:\WINDOWS\system32\dllhost.exe
2732 alg.exe
3216 C:\Program Files\AVAST Software\Avast\AvastUI.exe
3376 C:\Program Files\Outlook Express\msimn.exe
2140 C:\Program Files\Mozilla Firefox\firefox.exe
464 C:\WINDOWS\notepad.exe
2600 C:\Documents and Settings\linda keplinger\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST500DM002-1BC142, Rev: JC4B

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

would you explain to me the results and what you had me to do?
i have a question. i bought a hard drive enclosure so i could use my back up data hard drive. the computer recognizes the hardware but will not give me a drive letter. do you know what to do to make it give me a drive letter? i had one before but it broke and i had to get a new one. the old one gave me a drive letter of e. don't know why the new one isn't doing that. do you? my computer gives me an A drive and a D drive. the A says it is a 31/2 floppy which my cpu does not have in it tho.
  • 0

#7
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi lakep7,

I've been running scans to see if I can find any bad registry items or files and I checked your Master Boot Record for any problems. I found a few left over registry entries and your Master Boot Record is fine. As far as your external hard drive is concerned, after we are finished cleaning your computer you can go to the XP forum here at GeekstoGo and they can help you with your problem.


Step One: Download and run Malewarebyte's Anti-Malware

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step Two: ESET Online Scanner

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Step Three: Security Check

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step Four: What problems remain?

Please let me know what problems remain.


What I need in your next post:
1. The MBAM report.
2. The ESET report, C:\Program Files\EsetOnlineScanner\log.txt.
3. The Security Check report, checkup.txt.
4. How is your computer running? Do you have any remaining issues?
  • 0

#8
lakep7

lakep7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
thanks again blmadara
the results

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.14.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
linda keplinger :: LINDA [administrator]

2/14/2012 5:23:09 PM
mbam-log-2012-02-14 (17-23-09).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 162136
Time elapsed: 4 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=9a86ca47a31d7d4cb0af79bbae6b1997
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-15 12:07:33
# local_time=2012-02-14 06:07:33 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=41824
# found=0
# cleaned=0
# scan_time=1550


Results of screen317's Security Check version 0.99.31
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
avast! Pro Antivirus
ESET Online Scanner v3
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Ad-Aware
SpywareBlaster 4.5
Spybot - Search & Destroy
Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.1.2)
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
  • 0

#9
lakep7

lakep7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
blmadara

what i want to be sure of is that i don't have the keylogger virus xp 2012 left on my computer. i need to file my taxes online and i want to make sure that anything that i key in won't be picked up by whoever gave me the virus.
thanks for all your help. so after you check all this you will know if i have any of the virus left on my computer won't you?
  • 0

#10
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
Hi lakep7,

You're quite welcome!! The only way to be 100% sure that a keylogger is removed from a computer is to reformat the system partition and reinstall Windows. What program told you that you have a keylogger?

Step One: Download and Run ComboFix

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.

    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    Posted Image
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" for further review.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions





Step Two: Run Disk Management

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply. To do this hit CTRL-Print Screen and paste it into your next reply.



What I need in your next post:
1. The Disk Management screen shot.
2. The ComboFix Log, C:\ComboFix.txt.
  • 0

Advertisements


#11
lakep7

lakep7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
how do i disable script blocking
  • 0

#12
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
The instructions for disabling ant-virus/anti-malware programs can be found here. Is there a particular program that you are having trouble with?
  • 0

#13
lakep7

lakep7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
i found that but i don't know how to disable script blocking which you told me to do. that website didn't tell how to disable script blocking.

as far as the virus, it took over my computer and identified itself. it kept trying to get me to purchase the program but then it wouldn't let me do anything on my computer. it wouldn't let me go online or anything. it blocked everything i tried to do. i just took the hard drive out and bought a new hard drive and put in my computer. but i was afraid that somehow it might still be in my computer cpu somehow and if i keyed anything in it might could send the info to someone still.
  • 0

#14
blmadara

blmadara

    Trusted Helper

  • Malware Removal
  • 767 posts
So the hard drive that had XP antivirus 2012 is no longer in the computer?

Go ahead and disable your anti-virus programs (Avast, Ad-Aware, SpywareBlaster, and Spybot Search & Destroy) according to that link and then run the steps I posted.
  • 0

#15
lakep7

lakep7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
yes the hard drive that had the virus is no longer in my computer.

the combofix log file:

ComboFix 12-02-15.01 - linda keplinger 02/15/2012 21:26:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.449 [GMT -6:00]
Running from: c:\documents and settings\linda keplinger\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\kb913800.exe
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP061 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP061 .MRK
.
.
((((((((((((((((((((((((( Files Created from 2012-01-16 to 2012-02-16 )))))))))))))))))))))))))))))))
.
.
2012-02-15 12:37 . 2012-02-15 12:37 -------- d-----w- c:\windows\LastGood
2012-02-15 12:35 . 2012-02-15 12:35 -------- d-sh--w- c:\documents and settings\linda keplinger\PrivacIE
2012-02-15 00:45 . 2012-02-15 00:45 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2012-02-15 00:45 . 2012-02-15 00:45 -------- d-sh--w- c:\documents and settings\linda keplinger\IETldCache
2012-02-15 00:40 . 2012-02-15 00:41 -------- dc-h--w- c:\windows\ie8
2012-02-15 00:36 . 2011-08-16 10:45 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2012-02-14 23:37 . 2012-02-14 23:37 -------- d-----w- c:\program files\ESET
2012-02-13 21:25 . 2012-02-13 21:25 -------- d-----w- C:\_OTL
2012-02-12 17:53 . 2008-04-13 18:45 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2012-02-10 19:42 . 2012-02-10 19:42 -------- d-----w- c:\documents and settings\linda keplinger\Local Settings\Application Data\Temp
2012-02-08 15:42 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-02-08 15:42 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-02-08 15:41 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-02-08 15:40 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-02-08 15:40 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-02-08 15:40 . 2009-03-08 10:33 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2012-02-08 15:39 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-02-08 15:39 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-02-07 21:46 . 2012-02-07 21:46 136 ---ha-w- C:\aaw7boot.cmd
2012-02-07 19:09 . 2012-02-07 19:09 -------- d-----w- c:\documents and settings\linda keplinger\Local Settings\Application Data\adaware
2012-02-07 19:09 . 2012-02-08 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection
2012-02-07 19:09 . 2012-02-07 19:09 -------- d-----w- c:\program files\Toolbar Cleaner
2012-02-07 19:09 . 2012-02-11 04:29 -------- d-----w- c:\documents and settings\linda keplinger\Application Data\adawaretb
2012-02-07 19:09 . 2012-02-07 19:09 -------- d-----w- c:\program files\adawaretb
2012-02-07 19:09 . 2011-12-23 13:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-07 19:09 . 2012-02-07 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-02-07 19:09 . 2012-02-07 19:09 -------- d-----w- c:\program files\Lavasoft
2012-02-07 18:46 . 2010-01-11 00:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2012-02-07 18:46 . 2012-02-07 19:19 -------- d-----w- c:\program files\SpywareBlaster
2012-02-07 18:45 . 2012-02-08 15:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-07 18:45 . 2012-02-07 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-07 18:30 . 2012-02-07 18:30 -------- d-----w- c:\documents and settings\linda keplinger\Application Data\f-secure
2012-02-07 18:30 . 2012-02-07 18:30 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2012-02-07 13:18 . 2012-02-07 13:18 -------- d-----w- c:\windows\system32\scripting
2012-02-07 13:18 . 2012-02-07 13:18 -------- d-----w- c:\windows\l2schemas
2012-02-07 13:18 . 2012-02-07 13:18 -------- d-----w- c:\windows\system32\en
2012-02-07 13:18 . 2012-02-07 13:18 -------- d-----w- c:\windows\system32\bits
2012-02-07 11:41 . 2011-12-17 19:46 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-02-07 11:41 . 2011-12-17 19:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-02-07 11:41 . 2011-12-17 19:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-02-07 11:41 . 2011-12-17 19:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-02-07 11:41 . 2011-12-17 19:46 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-02-07 11:41 . 2011-12-17 19:46 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-02-07 11:41 . 2011-12-18 20:46 11082240 -c----w- c:\windows\system32\dllcache\ieframe.dll
2012-02-04 13:32 . 2012-02-11 18:33 -------- d-----w- c:\program files\Microsoft
2012-02-04 13:31 . 2012-02-04 13:31 -------- d-----w- c:\program files\Microsoft Silverlight
2012-02-04 13:31 . 2012-02-04 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Photo Creations
2012-02-04 13:31 . 2012-02-04 13:31 -------- d-----w- c:\program files\HP Photo Creations
2012-02-04 13:31 . 2012-02-04 13:31 -------- d-----w- c:\program files\Coupons
2012-02-04 13:31 . 2012-02-04 13:31 -------- d-----w- c:\documents and settings\linda keplinger\Application Data\HpUpdate
2012-02-04 13:30 . 2012-02-07 19:09 -------- dc----w- c:\windows\system32\DRVSTORE
2012-02-04 13:30 . 2012-02-04 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2012-02-04 13:29 . 2012-02-04 13:31 -------- d-----w- c:\program files\HP
2012-02-04 13:29 . 2012-02-07 19:14 -------- d-----w- c:\documents and settings\linda keplinger\Local Settings\Application Data\HP
2012-02-04 13:29 . 2010-11-16 23:48 232296 ----a-r- c:\windows\system32\hpinksts8711.dll
2012-02-04 13:29 . 2010-11-16 23:48 267112 ----a-r- c:\windows\system32\hpinksts8711LM.dll
2012-02-04 13:29 . 2010-11-16 23:48 213864 ----a-r- c:\windows\system32\hpinkcoi8711.dll
2012-02-01 06:12 . 2012-02-01 06:12 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-02-01 06:12 . 2012-02-10 19:42 -------- d-----w- c:\documents and settings\linda keplinger\Local Settings\Application Data\Adobe
2012-02-01 06:11 . 2012-02-01 06:11 -------- d-----w- c:\program files\Common Files\Adobe
2012-01-31 21:41 . 2012-01-31 21:41 -------- d-s---w- c:\documents and settings\linda keplinger\UserData
2012-01-31 21:24 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-01-31 21:24 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-01-31 21:24 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-01-31 21:24 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-01-31 21:24 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-01-31 21:24 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-01-31 21:24 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-01-31 21:24 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-01-31 21:24 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2012-01-31 21:24 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-31 20:44 . 2010-11-16 23:48 1792872 ----a-r- c:\windows\system32\HPScanMiniDrv_DJ2050_510g.dll
2012-01-31 20:44 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-10 19:12 . 2012-01-05 19:00 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-01-01 00:41 . 2012-01-01 00:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-01-01 00:41 . 2012-01-01 00:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-01 00:02 . 2011-12-31 16:41 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-17 19:46 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:46 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:22 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec
2011-12-10 21:24 . 2011-12-31 17:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-25 21:57 . 2004-08-10 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-10 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-10 11:00 60416 ----a-w- c:\windows\system32\packager.exe
2012-02-15 04:07 . 2011-12-31 16:40 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
2011-12-21 15:44 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-12-21 87440]
.
[HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Aware Browsing Protection]
2011-11-14 23:15 197288 ----a-w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
2005-10-05 09:12 94208 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-05 19:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-06-10 02:55 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-06-16 16:39 7323648 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-03-20 22:00 282624 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 19:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/7/2012 1:09 PM 64512]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/31/2012 3:24 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/31/2012 3:24 PM 314456]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/5/2012 1:00 PM 101720]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/31/2012 3:24 PM 20568]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2011 8:30 PM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/29/2011 8:30 PM 136176]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/23/2011 7:12 AM 2152152]
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 19:10]
.
2012-02-15 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-16 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-15 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-15 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-17 03:12]
.
2012-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-30 02:30]
.
2012-02-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-30 02:30]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
FF - ProfilePath - c:\documents and settings\linda keplinger\Application Data\Mozilla\Firefox\Profiles\p73gpoxm.default\
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-15 21:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-02-15 21:38:22
ComboFix-quarantined-files.txt 2012-02-16 03:38
.
Pre-Run: 478,703,116,288 bytes free
Post-Run: 478,719,741,952 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 558BCB63768C8B4E8BA1EE215AE4F6E7

i can't get the diskmgmt page to print screen. i can tell you what it says if you want me to.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP