Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Unknown infection - disabled cmd/task mgr; black desktop [Closed]

Started by lawtel32 , Feb 22 2012 12:17 PM

This topic is locked

#1
lawtel32

Posted 22 February 2012 - 12:17 PM

Member

Member
17 posts

#2
lawtel32

Posted 22 February 2012 - 01:17 PM

Member

Topic Starter
Member
17 posts

Hi,

I have a virus on my laptop and cannot access the Internet on it.

The desktop screen is black, I cannot access my task manager without altering the registry, and cannot access cmd at all.

I have a balloon pop up on my task bar saying 'Warning! Security Report. Your computer is infected! It is recommended to start spyware cleaner tool', originating from a red circle with a white cross. I cannot open / right click this tool to get more info on it.

Whenever I restart the computer, the registry values that I change, ie to access task mgr, are reset. I run malwarebytes' anti-malware / spybot / ad-aware to remove virii, but they reappear after reboot.

Have downloaded hjt onto the computer via my phone, but cannot run it.

Any ideas? I've posted the requested log below.

Thanks in advance

OTL logfile created on: 2005-12-05 02:18:45 - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = E:\download
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: yyyy-MM-dd

1013.98 Mb Total Physical Memory | 809.14 Mb Available Physical Memory | 79.80% Memory free
2.39 Gb Paging File | 2.32 Gb Available in Paging File | 97.10% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 41.52 Gb Free Space | 74.29% Space Free | Partition Type: NTFS
Drive E: | 7.40 Gb Total Space | 1.47 Gb Free Space | 19.82% Space Free | Partition Type: FAT32

Computer Name: YOUR-E659457A65 | User Name: Gitanjali | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012-02-22 19:19:40 | 000,583,168 | ---- | M] (OldTimer Tools) -- E:\download\OTL.scr
PRC - [2007-06-13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2008-12-07 21:31:02 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\adtsh.dll

========== Win32 Services (SafeList) ==========

SRV - [2007-12-20 22:50:23 | 000,406,528 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgemc.exe -- (AVGEMS)
SRV - [2007-10-25 21:24:13 | 000,418,816 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt)
SRV - [2007-07-28 18:39:06 | 000,049,664 | ---- | M] (GRISOFT, s.r.o.) [Auto | Stopped] -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc)
SRV - [2007-07-16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007-02-04 14:26:17 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006-07-25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006-07-25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006-02-07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Stopped] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005-01-17 23:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2001-11-12 12:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

========== Driver Services (SafeList) ==========

DRV - [2009-01-20 18:39:50 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2008-12-08 00:02:43 | 000,032,768 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\ati0dkxx.sys -- (ati0dkxx)
DRV - [2008-02-29 15:03:48 | 000,008,944 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008-02-29 15:03:46 | 000,051,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007-12-20 22:50:24 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgclean.sys -- (AvgClean)
DRV - [2007-10-25 21:24:08 | 000,821,856 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7core.sys -- (Avg7Core)
DRV - [2007-07-28 18:39:20 | 000,004,960 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\avgtdi.sys -- (AvgTdi)
DRV - [2007-07-28 18:39:19 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsxp.sys -- (Avg7RsXP)
DRV - [2007-07-28 18:39:19 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avg7rsw.sys -- (Avg7RsW)
DRV - [2007-07-16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007-02-06 09:00:00 | 000,383,800 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007-01-31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007-01-18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006-09-14 11:19:03 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006-05-30 15:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006-05-05 14:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006-04-02 00:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006-03-22 06:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006-02-16 15:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005-12-13 16:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005-11-30 17:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005-11-28 09:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005-10-20 13:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005-10-06 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005-10-06 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005-10-06 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005-10-06 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005-10-06 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005-10-06 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005-10-06 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005-09-09 13:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005-08-25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005-08-25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005-01-26 09:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004-06-11 09:31:00 | 000,330,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2004-03-08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003-09-19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003-01-29 21:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008-10-05 19:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009-01-16 22:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008-12-30 19:31:03 | 000,000,000 | ---D | M]

[2008-08-30 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Extensions
[2009-01-18 22:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Firefox\Profiles\qk17jzoj.default\extensions
[2008-09-02 07:42:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Firefox\Profiles\qk17jzoj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008-09-02 08:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008-10-05 19:50:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
[2007-06-11 13:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2008-12-30 19:31:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008-12-30 19:31:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008-12-30 19:31:00 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008-12-30 19:31:00 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2004-08-10 12:00:00 | 000,000,734 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Microsoft Online Helper!) - {21DC8E21-98CF-454F-8860-66A32358E3D3} - C:\WINDOWS\system32\msonlineaz.dll ()
O2 - BHO: (Rmn plugin) - {E8FD36B2-A25B-47e3-9477-82557F5F5995} - C:\WINDOWS\System32\savec32.dll (Amway LLC)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [awsku] C:\WINDOWS\System32\awsku.exe ()
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [Framework Windows] C:\WINDOWS\System32\frmwrk32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [rs32net] C:\WINDOWS\system32\rs32net.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\mswsock.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23ACFFD4-5923-4153-96CB-CA88E2D6379C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - C:\WINDOWS\system32\twext.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\bastxg: DllName - (bastxg.dll) - File not found
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gitanjali\My Documents\My Pictures\baby krsna.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-09-13 14:00:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell - "" = AutoRun
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009-08-27 18:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Desktop\New Folder (2)
[2009-02-01 18:34:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009-01-20 19:32:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009-01-20 19:32:50 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009-01-20 19:32:50 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009-01-20 19:32:50 | 000,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2009-01-20 19:32:50 | 000,029,696 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-01-20 19:32:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2009-01-20 19:32:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-01-20 19:32:42 | 000,000,000 | ---D | C] -- C:\ComboFix
[2009-01-20 18:39:50 | 000,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-01-20 18:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2009-01-20 18:39:07 | 000,000,000 | ---D | C] -- C:\rsit
[2009-01-19 23:00:38 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2009-01-19 22:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Cleaner Demo
[2009-01-19 22:51:52 | 000,000,000 | ---D | C] -- C:\Program Files\The Cleaner Demo
[2009-01-06 23:26:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2008-12-30 22:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Desktop\showletter_files
[2008-12-07 21:28:20 | 000,049,152 | ---- | C] (Amway LLC) -- C:\WINDOWS\System32\savec32.dll
[2008-11-06 00:13:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\LocalService\Application Data\twain_32
[2008-11-05 23:50:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Application Data\twain_32
[2008-11-05 23:49:05 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\twain_32
[2008-10-12 16:45:50 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll
[2008-10-12 16:45:50 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll
[2008-10-12 16:45:50 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll
[2008-10-12 16:45:50 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\dsnpstd.ax
[2008-10-12 16:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\snpstd
[2008-10-12 16:45:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamMaestro 4.7EU build 21
[2008-10-05 19:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2008-10-05 19:50:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real
[2008-09-07 19:13:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Antispyware
[2008-09-06 21:30:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2008-09-02 08:09:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2008-09-02 08:09:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2008-09-02 08:09:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2008-09-02 08:07:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2008-09-02 08:06:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2008-09-02 08:06:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2008-09-02 08:04:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2008-08-25 23:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008-08-25 23:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo!
[2008-08-25 23:17:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger
[2008-08-17 17:10:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008-08-17 17:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2008-08-17 17:09:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\NOS
[2008-04-12 14:50:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008-04-12 14:50:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2008-04-12 14:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\SUPERAntiSpyware.com
[2008-04-12 14:49:58 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008-04-12 14:46:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Malwarebytes
[2008-04-12 14:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008-04-12 14:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2008-04-12 14:46:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008-04-12 14:45:42 | 001,546,928 | ---- | C] (Malwarebytes ) -- C:\Documents and Settings\Gitanjali\Desktop\mbam-setup.exe
[2008-04-12 14:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\Guild Wars
[2008-04-12 14:29:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Guild Wars
[2008-01-11 00:27:20 | 000,000,000 | ---D | C] -- C:\Program Files\RapidSolution
[2008-01-11 00:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\RapidSolution
[2008-01-11 00:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008-01-11 00:27:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Radiograbber
[2008-01-05 20:32:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\DivX
[2008-01-05 20:29:00 | 017,322,400 | ---- | C] (DivX, Inc.) -- C:\Documents and Settings\Gitanjali\Desktop\DivXInstaller.exe
[2007-12-30 23:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Veoh Networks, Inc
[2007-12-30 23:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\Veoh Networks
[2007-12-30 23:57:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Videos
[2007-12-30 23:57:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2007-12-04 13:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2007-12-04 01:33:18 | 000,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2007-12-04 01:33:18 | 000,823,296 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2007-12-04 01:33:18 | 000,802,816 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2007-12-04 01:33:16 | 000,682,496 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2007-12-04 01:33:14 | 000,630,784 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax
[2007-11-30 01:31:41 | 000,000,000 | RH-D | C] -- C:\$VAULT$.AVG
[2007-11-29 22:30:42 | 000,524,288 | ---- | C] (DivX Inc.) -- C:\WINDOWS\System32\DivXsm.exe
[2007-11-29 22:30:16 | 001,044,480 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2007-11-29 22:30:16 | 000,200,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2007-11-29 22:28:24 | 000,196,608 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dtu100.dll
[2007-11-29 22:28:24 | 000,081,920 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2007-11-28 21:55:18 | 000,156,992 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\DivXCodecVersionChecker.exe
[2007-11-28 21:53:18 | 000,593,920 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI11.dll
[2007-11-28 21:53:18 | 000,344,064 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpus11.dll
[2007-11-28 21:53:18 | 000,294,912 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpu11.dll
[2007-11-28 21:53:18 | 000,294,912 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpu10.dll
[2007-11-28 21:53:18 | 000,057,344 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpv11.dll
[2007-11-28 21:53:18 | 000,053,248 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI10.dll
[2007-11-28 21:53:08 | 000,352,401 | ---- | C] (DivXNetworks) -- C:\WINDOWS\System32\DivXMedia.ax
[2007-11-21 15:13:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2007-11-21 15:12:51 | 000,127,376 | ---- | C] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\drivers\dne2000.sys
[2007-11-21 15:12:51 | 000,101,904 | ---- | C] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\dneinobj.dll
[2007-11-21 15:12:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cisco Systems VPN Client
[2007-11-21 15:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Deterministic Networks
[2007-11-21 15:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco Systems
[2007-11-21 03:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\skypePM
[2007-11-21 03:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Skype
[2007-11-21 03:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2007-11-21 03:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Skype
[2007-11-21 03:57:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2007-11-21 03:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2007-09-27 11:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\U3
[2007-09-05 18:50:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picasa2
[2007-09-05 18:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Picasa2
[2007-08-01 22:32:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\vlc
[2007-08-01 20:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2007-08-01 20:38:26 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2007-08-01 18:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Mozilla
[2007-08-01 18:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla
[2007-07-31 14:59:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Internet Security
[2007-07-31 14:55:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Drivers
[2007-07-31 14:54:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2007-07-31 14:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2007-07-28 21:02:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Paint.NET
[2007-07-28 20:57:01 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2007-07-28 18:39:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\AVG7
[2007-07-28 18:39:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2007-07-28 18:39:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 7.5
[2007-07-28 18:39:20 | 000,026,952 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2007-07-28 18:39:20 | 000,010,760 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avgclean.sys
[2007-07-28 18:39:20 | 000,004,960 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdi.sys
[2007-07-28 18:39:19 | 000,027,776 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avg7rsxp.sys
[2007-07-28 18:39:19 | 000,004,224 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avg7rsw.sys
[2007-07-28 18:39:12 | 000,821,856 | ---- | C] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avg7core.sys
[2007-07-28 18:39:02 | 000,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2007-07-28 18:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2007-07-28 18:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007-07-25 20:12:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Template
[2007-06-25 22:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\MessengerSkinner
[2007-06-25 22:28:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Start Menu\Programs\MessengerSkinner
[2007-06-12 18:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Avanquest update
[2007-06-12 18:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Motorola Phone Tools
[2007-06-12 18:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Phone Tools
[2007-06-12 18:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2007-05-26 23:30:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\criminal
[2007-05-17 15:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DivX
[2007-05-17 15:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2007-04-15 16:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Google
[2007-04-15 16:09:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2007-04-15 16:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2007-04-02 19:34:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\.housecall6.6
[2007-04-02 19:24:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2007-04-02 17:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2007-04-02 17:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2007-04-02 17:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2007-04-02 17:34:26 | 005,037,072 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Gitanjali\Desktop\spybotsd14.exe
[2007-04-02 17:20:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2007-04-02 17:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft Ad-Aware SE Personal
[2007-04-02 17:16:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Lavasoft
[2007-04-02 17:15:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2007-04-02 17:14:13 | 000,073,728 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\asuninst.exe
[2007-04-02 17:13:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ActiveScan
[2007-03-28 22:31:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Your Rights The Rights of Suspects The rights of suspects in the police station Curtailment of the right of silence_files
[2007-03-28 22:14:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\The K-Zone Discussion_files
[2007-03-28 22:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\The K-Zone right 2 silence_files
[2007-03-28 21:59:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Right to Silence - IV - Right to Silence - Comparative Study - UK - US - France - Germany - Privilege Against Self-Incrimination - Legal Practice - LegalDay_files
[2007-03-20 19:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Law
[2007-03-14 23:55:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Revision
[2007-03-13 01:18:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\evidence
[2007-03-12 20:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Motive
[2007-02-26 00:23:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Yahoo!
[2007-02-26 00:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2007-02-26 00:06:09 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2007-02-26 00:05:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Motive
[2007-02-26 00:05:46 | 000,000,000 | ---D | C] -- C:\Program Files\btbb_wcm
[2007-02-26 00:04:56 | 000,000,000 | ---D | C] -- C:\Program Files\BT Home Hub
[2007-02-05 00:34:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\l'expressyu2_files
[2007-02-05 00:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\l'express yuyu_files
[2007-02-04 22:37:42 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmmdm.sys
[2007-02-04 22:37:42 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmserd.sys
[2007-02-04 22:37:42 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmbus.sys
[2007-02-04 22:37:42 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmmdfl.sys
[2007-02-04 22:37:42 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmcmnt.sys
[2007-02-04 22:37:42 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmwhnt.sys
[2007-02-04 22:37:42 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmcr.sys
[2007-02-04 22:23:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\BVRP Software
[2007-02-04 22:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007-02-04 22:08:36 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gitanjali\usbsermptxp.sys
[2007-02-04 22:08:35 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Gitanjali\usbsermpt.sys
[2007-01-17 13:05:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\InterVideo
[2007-01-03 22:11:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2007-01-03 22:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Sun
[2006-12-24 01:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\fotos
[2006-12-21 17:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\My Webs
[2006-12-21 01:16:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Identities
[2006-12-18 17:36:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2006-12-18 16:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Messenger
[2006-12-18 15:38:07 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2006-12-18 15:36:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2006-12-10 18:24:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\family
[2006-12-10 15:38:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Picture Package
[2006-12-10 15:34:21 | 000,000,000 | ---D | C] -- C:\Drivers
[2006-12-10 15:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PIXELA
[2006-12-10 15:33:08 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2006-12-10 15:31:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2006-12-10 15:31:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Picture Package
[2006-12-10 15:31:54 | 000,013,567 | ---- | C] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS
[2006-12-10 15:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Corporation
[2006-12-02 20:48:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2006-11-27 22:58:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Contract Law, Part 3 Consideration & Deeds_files
[2006-11-27 17:33:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\israelVisit - BEGINNER'S HEBREW Speak a bit of the local language in Israel-Jerusalem, Tel Aviv, Haifa, Eilat_files
[2006-11-27 17:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2006-11-27 17:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Before You Know It 3.6
[2006-11-27 17:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\Transparent
[2006-11-27 17:27:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Free Languages Download_files
[2006-11-26 22:53:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2006-11-26 22:48:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Symantec
[2006-11-26 00:37:18 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2006-11-23 23:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\Barber v Somerset City Council 2004 - Tort Essay_files
[2006-11-23 23:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Companion Wizard
[2006-11-23 23:06:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Google
[2006-11-23 23:06:24 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2006-11-23 23:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2006-11-23 23:06:21 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2006-11-23 23:04:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Real
[2006-11-23 22:58:36 | 000,000,000 | ---D | C] -- C:\My Downloads
[2006-11-21 09:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2006-11-21 09:02:55 | 000,000,000 | ---D | C] -- C:\2b1a471daaeaa422bc3f1332
[2006-11-21 03:00:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2006-11-20 23:13:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\AdobeUM
[2006-11-20 21:51:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Contacts
[2006-11-20 21:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\My Received Files
[2006-11-20 21:34:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\MSNInstaller
[2006-11-20 21:31:05 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gitanjali\UserData
[2006-11-20 21:30:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2006-11-20 21:30:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Macromedia
[2006-11-20 00:19:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\My Documents\My Notebook
[2006-11-20 00:03:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\MCE Logs
[2006-11-20 00:00:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gitanjali\My Documents\My Videos
[2006-11-19 18:37:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2006-11-19 18:36:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2006-11-19 18:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2006-11-19 18:35:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ShellNew
[2006-11-19 18:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft Web Folders
[2006-11-19 18:27:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Nethood
[2006-11-19 18:26:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2006-11-19 18:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Identities
[2006-11-19 18:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\ATI
[2006-11-19 18:25:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Adobe
[2006-11-19 18:25:57 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft
[2006-11-19 18:25:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gitanjali\Application Data
[2006-11-19 18:25:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gitanjali\Favorites
[2006-11-19 18:25:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Gitanjali\Cookies
[2006-11-19 18:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Windows Desktop Search
[2006-11-19 18:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\toshiba
[2006-11-19 18:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Application Data\Sonic
[2006-11-19 18:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Desktop
[2006-11-19 18:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\ATI
[2006-11-19 18:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\ApplicationHistory
[2006-11-19 18:25:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Adobe
[2006-11-19 18:25:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gitanjali\SendTo
[2006-11-19 18:25:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gitanjali\Recent
[2006-11-19 18:25:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gitanjali\Start Menu\Programs\Startup
[2006-11-19 18:25:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gitanjali\Start Menu
[2006-11-19 18:25:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gitanjali\My Documents\My Pictures
[2006-11-19 18:25:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gitanjali\My Documents\My Music
[2006-11-19 18:25:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gitanjali\My Documents
[2006-11-19 18:25:56 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Gitanjali\Start Menu\Programs\Accessories
[2006-11-19 18:25:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Gitanjali\Templates
[2006-11-19 18:25:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Gitanjali\PrintHood
[2006-11-19 18:25:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Gitanjali\Local Settings
[2006-11-19 18:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\WINDOWS
[2006-11-19 18:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\Microsoft
[2006-11-19 18:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}
[2006-09-21 00:34:18 | 000,000,000 | ---D | C] -- C:\Program Files\isp
[2006-09-20 16:10:57 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2006-09-20 16:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works
[2006-09-20 16:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2006-09-19 09:48:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2006-09-14 12:23:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\X10 Commander
[2006-09-14 12:05:53 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2006-09-14 12:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar Suite
[2006-09-14 11:19:03 | 000,010,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2006-09-14 11:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2006-09-14 11:17:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2006-09-14 11:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2006-09-14 11:15:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2006-09-14 11:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2006-09-14 11:15:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2006-09-14 11:15:18 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2006-09-14 11:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\X10
[2006-09-14 11:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2006-09-14 10:32:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DLA
[2006-09-14 10:05:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sonic
[2006-09-14 10:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic
[2006-09-14 10:04:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD
[2006-09-14 10:04:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InterVideo
[2006-09-14 09:58:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\InterVideo WinDVD Creator 2
[2006-09-14 09:58:41 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2006-09-14 09:54:03 | 000,026,880 | ---- | C] (SRS Labs, Inc.) -- C:\WINDOWS\System32\drivers\WOWHD_kern_i386.sys
[2006-09-14 08:28:39 | 000,068,096 | ---- | C] (Agere Systems) -- C:\WINDOWS\agrsmdel.exe
[2006-09-14 08:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TOSHIBA
[2006-09-14 08:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\ltmoh
[2006-09-14 08:28:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Options
[2006-09-14 08:27:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2006-09-14 08:25:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2006-09-14 08:24:29 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2006-09-14 08:24:29 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2006-09-14 08:22:31 | 000,081,920 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
[2006-09-14 08:22:31 | 000,069,724 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
[2006-09-14 08:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2006-09-14 08:21:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\tiinst
[2006-09-14 08:01:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SDA
[2006-09-14 08:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2006-09-14 07:54:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2006-09-14 07:51:54 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2006-09-14 07:46:39 | 000,000,000 | ---D | C] -- C:\Program Files\Toshiba
[2006-09-14 07:43:58 | 000,471,264 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\ar5211.sys
[2006-09-13 23:11:58 | 001,124,097 | ---- | C] (Agere Systems) -- C:\WINDOWS\System32\drivers\AGRSM.sys
[2006-09-13 23:10:37 | 000,000,000 | ---D | C] -- C:\TOOLSCD
[2006-09-13 15:27:28 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2006-09-13 15:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2006-09-13 14:49:39 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2006-09-13 14:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2006-09-13 14:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2006-09-13 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files
[2006-09-13 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2006-09-13 14:49:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2006-09-13 14:49:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2006-09-13 14:49:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2006-09-13 14:49:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2006-09-13 14:49:20 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2006-09-13 14:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2006-09-13 14:49:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2006-09-13 14:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2006-09-13 14:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2006-09-13 14:49:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2006-09-13 14:49:03 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2006-09-13 14:48:49 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2006-09-13 14:48:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2006-09-13 14:48:13 | 000,000,000 | ---D | C] -- C:\VALUEADD
[2006-09-13 14:48:13 | 000,000,000 | ---D | C] -- C:\SUPPORT
[2006-09-13 14:48:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\oemdrv
[2006-09-13 14:44:12 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2006-09-13 14:44:12 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2006-09-13 14:44:12 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2006-09-13 14:44:12 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2006-09-13 14:44:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2006-09-13 14:38:17 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2006-09-13 14:36:26 | 020,966,970 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\cfdemo.exe
[2006-09-13 14:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2006-09-13 14:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2006-09-13 14:19:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2006-09-13 14:18:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2006-09-13 14:14:27 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2006-09-13 14:07:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2006-09-13 14:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2006-09-13 14:06:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2006-09-13 14:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Recorded TV
[2006-09-13 14:05:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2006-09-13 14:05:18 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2006-09-13 14:05:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2006-09-13 14:05:16 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2006-09-13 14:05:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2006-09-13 14:05:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2006-09-13 14:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2006-09-13 14:01:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2006-09-13 14:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2006-09-13 14:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2006-09-13 13:58:55 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2006-09-13 13:58:54 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2006-09-13 13:58:38 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2006-09-13 13:58:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2006-09-13 13:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2006-09-13 13:58:08 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2006-09-13 13:58:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2006-09-13 13:58:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2006-09-13 13:58:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2006-09-13 13:57:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2006-09-13 13:57:56 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2006-09-13 13:57:55 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2006-09-13 13:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2006-09-13 13:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2006-09-13 13:57:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2006-09-13 13:57:03 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2006-09-13 13:56:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2006-09-13 13:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2006-09-13 13:56:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2006-09-13 13:56:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2006-09-13 13:56:05 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2006-09-13 13:56:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Digital Media Enhancements
[2006-09-13 13:55:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2006-09-13 13:55:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2006-09-13 13:55:33 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Plus
[2006-09-13 13:55:24 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2006-09-13 13:55:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2006-09-13 13:55:04 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2006-09-13 13:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2006-09-13 13:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2006-09-13 13:54:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2006-09-13 13:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2006-09-13 13:54:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2006-09-13 13:54:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2006-09-13 13:53:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2006-09-13 12:42:55 | 003,374,640 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourW.exe
[2006-09-13 12:40:07 | 000,000,000 | ---D | C] -- C:\CMPNENTS
[2006-09-13 12:35:11 | 000,000,000 | ---D | C] -- C:\I386
[2005-12-05 01:53:13 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Gitanjali\Desktop\HJTT.exe
[2005-11-30 17:12:00 | 000,162,560 | ---- | C] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys
[28 C:\Documents and Settings\Gitanjali\Desktop\*.tmp files -> C:\Documents and Settings\Gitanjali\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012-02-22 18:48:32 | 000,008,171 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\r.exe
[2012-02-22 18:30:34 | 000,318,369 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\HiJackThis.zip
[2009-05-25 02:00:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\tasks\Antispyware Scheduled Scan.job
[2009-01-20 18:39:58 | 000,000,250 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009-01-20 18:39:50 | 000,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009-01-20 18:39:50 | 000,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009-01-20 18:39:50 | 000,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-01-20 18:13:00 | 000,747,873 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\gmer.zip
[2009-01-20 12:22:14 | 000,368,916 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\dds.scr
[2009-01-19 00:43:39 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2009-01-17 19:09:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\sysservice2.exe
[2009-01-17 19:09:50 | 000,000,400 | ---- | M] () -- C:\WINDOWS\System32\sysservice.dll
[2009-01-17 19:07:10 | 000,000,491 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009-01-16 21:56:00 | 000,125,440 | ---- | M] () -- C:\WINDOWS\System32\userinit.exe
[2009-01-16 21:56:00 | 000,125,440 | ---- | M] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009-01-16 21:55:46 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009-01-16 21:55:46 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\test.ttt
[2009-01-15 23:39:37 | 000,009,758 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp2v1.cab
[2009-01-15 21:58:56 | 000,000,578 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\My Sharing Folders.lnk
[2009-01-15 20:47:11 | 000,119,657 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\COURT FORM.pdf
[2009-01-14 22:57:59 | 000,663,978 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\Rashidpdf.pdf
[2009-01-13 23:17:54 | 000,006,714 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp2v2.cab
[2009-01-13 23:13:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp1v2.cab
[2009-01-13 22:00:14 | 000,051,322 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp1v1.cab
[2009-01-12 20:51:06 | 000,035,840 | ---- | M] () -- C:\WINDOWS\System32\sys.dat
[2008-12-30 22:34:55 | 000,089,763 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\showletter.htm
[2008-12-30 14:47:31 | 000,868,050 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\tier1poststudyworkform.pdf
[2008-12-24 09:04:39 | 005,943,474 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\The_Rileys_-_Christmas_Cheer.mp3
[2008-12-18 21:31:45 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008-12-14 18:18:57 | 000,000,364 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2008-12-08 00:02:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\System32\drivers\ati0dkxx.sys
[2008-12-07 21:31:02 | 000,010,752 | ---- | M] () -- C:\WINDOWS\System32\adtsh.dll
[2008-12-07 21:31:00 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\tb.dr
[2008-12-07 21:31:00 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\bb1.dat
[2008-12-07 21:28:20 | 000,049,152 | ---- | M] (Amway LLC) -- C:\WINDOWS\System32\savec32.dll
[2008-11-08 10:43:02 | 000,019,315 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\givanuwuk.db
[2008-11-08 10:36:52 | 000,019,280 | ---- | M] () -- C:\WINDOWS\nono.lib
[2008-11-06 00:13:22 | 000,014,257 | ---- | M] () -- C:\WINDOWS\System32\gidaneweje.scr
[2008-11-05 23:56:14 | 000,019,487 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ditufybyl.reg
[2008-11-05 23:56:14 | 000,019,255 | ---- | M] () -- C:\WINDOWS\edafenodad._sy
[2008-11-05 23:56:14 | 000,018,291 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\amisudy.bin
[2008-11-05 23:56:14 | 000,017,758 | ---- | M] () -- C:\WINDOWS\pogahes.dat
[2008-11-05 23:56:14 | 000,016,982 | ---- | M] () -- C:\WINDOWS\xusoboxan.bat
[2008-11-05 23:56:14 | 000,016,731 | ---- | M] () -- C:\WINDOWS\ahowyle._dl
[2008-11-05 23:56:14 | 000,015,703 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\lalywaj.inf
[2008-11-05 23:56:14 | 000,015,698 | ---- | M] () -- C:\Program Files\Common Files\enut.dat
[2008-11-05 23:56:14 | 000,015,590 | ---- | M] () -- C:\WINDOWS\System32\tesape.com
[2008-11-05 23:56:14 | 000,015,457 | ---- | M] () -- C:\Program Files\Common Files\orawoqor.bin
[2008-11-05 23:56:14 | 000,014,641 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\rabir.bin
[2008-11-05 23:56:14 | 000,014,620 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\dyvip.ban
[2008-11-05 23:56:14 | 000,014,614 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\uroji.bat
[2008-11-05 23:56:14 | 000,014,525 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iqyco.com
[2008-11-05 23:56:14 | 000,013,778 | ---- | M] () -- C:\Program Files\Common Files\syhit.dl
[2008-11-05 23:56:14 | 000,013,738 | ---- | M] () -- C:\WINDOWS\fujan.inf
[2008-11-05 23:56:14 | 000,013,391 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\cevebe.vbs
[2008-11-05 23:56:14 | 000,013,250 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ohuvehago.sys
[2008-11-05 23:56:14 | 000,012,888 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fifu.bin
[2008-11-05 23:56:14 | 000,012,463 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mavubah.ban
[2008-11-05 23:56:14 | 000,012,229 | ---- | M] () -- C:\Program Files\Common Files\xunefomyca.bat
[2008-11-05 23:56:14 | 000,010,968 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\emusivyfu.lib
[2008-11-05 23:56:14 | 000,010,898 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\pawagulowu.db
[2008-11-05 23:56:14 | 000,010,515 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\soxeveha.pif
[2008-11-05 23:51:16 | 000,125,883 | ---- | M] () -- C:\WINDOWS\System32\wini10491.exe
[2008-11-05 23:49:09 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\rs32net.exe
[2008-11-05 20:56:22 | 000,224,075 | ---- | M] () -- C:\WINDOWS\System32\_scui.cpl
[2008-10-16 00:52:11 | 000,230,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-10-12 16:51:54 | 000,921,624 | ---- | M] () -- C:\img1-001.raw
[2008-10-05 19:50:53 | 000,001,601 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free Games & Music.lnk
[2008-10-05 19:50:53 | 000,000,897 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2008-10-05 19:50:33 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2008-09-19 22:19:11 | 000,253,952 | ---- | M] () -- C:\WINDOWS\System32\awsku.exe
[2008-09-02 08:30:43 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2008-08-25 23:18:08 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Mail.lnk
[2008-08-25 23:18:08 | 000,001,489 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk
[2008-08-25 23:17:33 | 000,000,830 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2008-08-25 23:17:33 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2008-07-15 18:30:42 | 000,059,092 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\DSC03389.JPG
[2008-07-07 23:05:02 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-05-30 20:45:04 | 000,820,903 | ---- | M] () -- C:\WINDOWS\System32\dddxdmjnq_navfx.dat
[2008-05-07 04:55:40 | 001,288,192 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2008-05-05 15:46:18 | 000,000,606 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\wklnhst.dat
[2008-04-24 13:05:33 | 000,645,187 | ---- | M] () -- C:\WINDOWS\System32\ymgsfdg_navfx.dat
[2008-04-17 21:13:02 | 000,811,008 | R--- | M] () -- C:\WINDOWS\gmer.exe
[2008-04-12 14:50:02 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008-04-12 14:48:00 | 006,342,680 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\SUPERAntiSpyware.exe
[2008-04-12 14:46:26 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008-04-12 14:45:55 | 001,546,928 | ---- | M] (Malwarebytes ) -- C:\Documents and Settings\Gitanjali\Desktop\mbam-setup.exe
[2008-03-27 20:07:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008-03-27 20:07:48 | 000,000,232 | -H-- | M] () -- C:\sqmdata14.sqm
[2008-03-27 20:03:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008-03-27 20:03:18 | 000,000,232 | -H-- | M] () -- C:\sqmdata13.sqm
[2008-03-27 20:01:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008-03-27 20:01:41 | 000,000,232 | -H-- | M] () -- C:\sqmdata12.sqm
[2008-03-27 20:01:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008-03-27 20:01:13 | 000,000,232 | -H-- | M] () -- C:\sqmdata11.sqm
[2008-03-25 04:50:40 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll
[2008-02-24 01:32:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008-02-24 01:32:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata10.sqm
[2008-02-14 10:07:20 | 000,333,824 | ---- | M] () -- C:\WINDOWS\System32\kspkdcbfa.exe
[2008-02-13 16:17:18 | 000,299,008 | ---- | M] () -- C:\WINDOWS\System32\uohook.exe
[2008-02-05 23:27:19 | 000,352,768 | ---- | M] () -- C:\WINDOWS\System32\uaghzxjl.exe
[2008-01-27 21:07:50 | 000,293,376 | ---- | M] () -- C:\WINDOWS\System32\yvoqwfhixw.exe
[2008-01-09 03:17:29 | 000,290,816 | ---- | M] () -- C:\WINDOWS\System32\kizwuts.exe
[2008-01-07 17:55:25 | 000,305,152 | ---- | M] () -- C:\WINDOWS\System32\mskhqtkmu.exe
[2008-01-05 20:31:17 | 000,001,437 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\DivX Movies.lnk
[2008-01-05 20:31:13 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008-01-05 20:30:59 | 000,000,806 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2008-01-05 20:30:26 | 017,322,400 | ---- | M] (DivX, Inc.) -- C:\Documents and Settings\Gitanjali\Desktop\DivXInstaller.exe
[2007-12-27 10:50:26 | 000,293,888 | ---- | M] () -- C:\WINDOWS\System32\stmivlgc.exe
[2007-12-27 01:48:31 | 000,684,122 | ---- | M] () -- C:\WINDOWS\System32\avjimca_navfx.dat
[2007-12-20 22:50:24 | 000,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avgclean.sys
[2007-12-20 22:50:16 | 000,026,952 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2007-12-13 04:44:21 | 000,291,840 | ---- | M] () -- C:\WINDOWS\System32\lqdquybrh.exe
[2007-12-08 11:39:29 | 000,294,400 | ---- | M] () -- C:\WINDOWS\System32\hbvtgdsaae.exe
[2007-12-04 11:33:15 | 000,299,520 | ---- | M] () -- C:\WINDOWS\System32\waeeog.exe
[2007-12-04 01:33:18 | 000,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx0c.dll
[2007-12-04 01:33:18 | 000,823,296 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx07.dll
[2007-12-04 01:33:18 | 000,802,816 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divx_xx11.dll
[2007-12-04 01:33:16 | 000,682,496 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivX.dll
[2007-12-04 01:33:14 | 000,630,784 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\divxdec.ax
[2007-12-02 15:51:37 | 000,282,112 | ---- | M] () -- C:\WINDOWS\System32\htotkfkxxt.exe
[2007-11-30 00:43:33 | 000,291,840 | ---- | M] () -- C:\WINDOWS\System32\gkahvitkr.exe
[2007-11-29 22:30:42 | 000,524,288 | ---- | M] (DivX Inc.) -- C:\WINDOWS\System32\DivXsm.exe
[2007-11-29 22:30:42 | 000,004,816 | ---- | M] () -- C:\WINDOWS\System32\divxsm.tlb
[2007-11-29 22:30:28 | 003,596,288 | ---- | M] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-11-29 22:30:16 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libdivx.dll
[2007-11-29 22:30:16 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssldivx.dll
[2007-11-29 22:28:24 | 000,196,608 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dtu100.dll
[2007-11-29 22:28:24 | 000,081,920 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2007-11-28 21:55:18 | 000,156,992 | ---- | M] (DivX, Inc.) -- C:\WINDOWS\System32\DivXCodecVersionChecker.exe
[2007-11-28 21:53:18 | 000,593,920 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI11.dll
[2007-11-28 21:53:18 | 000,344,064 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpus11.dll
[2007-11-28 21:53:18 | 000,294,912 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpu11.dll
[2007-11-28 21:53:18 | 000,294,912 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpu10.dll
[2007-11-28 21:53:18 | 000,057,344 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpv11.dll
[2007-11-28 21:53:18 | 000,053,248 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\dpuGUI10.dll
[2007-11-28 21:53:08 | 000,352,401 | ---- | M] (DivXNetworks) -- C:\WINDOWS\System32\DivXMedia.ax
[2007-11-28 21:52:32 | 000,012,288 | ---- | M] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007-11-24 22:40:03 | 000,285,184 | ---- | M] () -- C:\WINDOWS\System32\ljohtjvjd.exe
[2007-11-24 13:40:27 | 000,277,504 | ---- | M] () -- C:\WINDOWS\System32\iokdiyykd.exe
[2007-11-21 15:13:11 | 000,001,594 | ---- | M] () -- C:\WINDOWS\VPNInstall.MIF
[2007-11-21 03:58:27 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007-11-17 12:37:55 | 000,000,182 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2007-11-16 10:37:54 | 000,287,744 | ---- | M] () -- C:\WINDOWS\System32\hojrvid.exe
[2007-11-12 14:55:26 | 000,001,165 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2007-11-08 11:02:52 | 000,286,720 | ---- | M] () -- C:\WINDOWS\System32\twqcasr.exe
[2007-11-03 05:59:18 | 000,307,200 | ---- | M] () -- C:\WINDOWS\System32\fxqkbbw.exe
[2007-10-30 23:09:07 | 000,301,568 | ---- | M] () -- C:\WINDOWS\System32\xhqfaiina.exe
[2007-10-30 11:35:21 | 000,304,640 | ---- | M] () -- C:\WINDOWS\System32\jjdhehgb.exe
[2007-10-27 17:58:45 | 000,292,352 | ---- | M] () -- C:\WINDOWS\System32\kfqyzlxht.exe
[2007-10-26 16:05:04 | 000,000,022 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2007-10-25 21:24:08 | 000,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avg7core.sys
[2007-10-24 09:29:28 | 000,303,616 | ---- | M] () -- C:\WINDOWS\System32\rbxtuaui.exe
[2007-10-18 22:34:08 | 000,303,616 | ---- | M] () -- C:\WINDOWS\System32\frhuqos.exe
[2007-10-17 09:47:37 | 000,273,920 | ---- | M] () -- C:\WINDOWS\System32\zlhmqxy.exe
[2007-10-11 08:31:36 | 000,337,408 | ---- | M] () -- C:\WINDOWS\System32\mwncskfuo.exe
[2007-10-09 17:01:17 | 000,274,432 | ---- | M] () -- C:\WINDOWS\System32\lfehznwol.exe
[2007-10-08 11:04:11 | 000,276,480 | ---- | M] () -- C:\WINDOWS\System32\enxfnds.exe
[2007-10-07 19:48:03 | 000,275,968 | ---- | M] () -- C:\WINDOWS\System32\oosdgwpu.exe
[2007-10-06 23:10:30 | 000,263,168 | ---- | M] () -- C:\WINDOWS\System32\turbxtg.exe
[2007-10-01 11:09:27 | 000,339,456 | ---- | M] () -- C:\WINDOWS\System32\driveq.exe
[2007-09-30 00:29:48 | 000,343,040 | ---- | M] () -- C:\WINDOWS\System32\jfafyzv.exe
[2007-09-29 19:16:25 | 000,336,384 | ---- | M] () -- C:\WINDOWS\System32\rrknprw.exe
[2007-09-27 06:39:05 | 000,335,872 | ---- | M] () -- C:\WINDOWS\System32\lgbris.exe
[2007-09-26 12:34:32 | 000,338,432 | ---- | M] () -- C:\WINDOWS\System32\yylcazipq.exe
[2007-09-25 13:33:13 | 000,337,408 | ---- | M] () -- C:\WINDOWS\System32\xzqhkb.exe
[2007-09-20 21:07:41 | 000,266,752 | ---- | M] () -- C:\WINDOWS\System32\ukaiaepv.exe
[2007-09-19 23:40:12 | 000,274,944 | ---- | M] () -- C:\WINDOWS\System32\dszegkb.exe
[2007-09-19 11:58:57 | 000,264,704 | ---- | M] () -- C:\WINDOWS\System32\tzcjspyyo.exe
[2007-09-18 12:14:56 | 000,330,240 | ---- | M] () -- C:\WINDOWS\System32\bfegsxjdu.exe
[2007-09-16 23:12:14 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Shortcut to protolawsoclogo.lnk
[2007-09-15 17:54:21 | 000,001,754 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2007-09-10 15:57:55 | 000,272,384 | ---- | M] () -- C:\WINDOWS\System32\fjayaaklfp.exe
[2007-09-09 09:28:47 | 000,273,920 | ---- | M] () -- C:\WINDOWS\System32\disaxgmr.exe
[2007-09-08 10:51:31 | 000,273,920 | ---- | M] () -- C:\WINDOWS\System32\xrplurnajg.exe
[2007-09-07 23:46:01 | 000,274,944 | ---- | M] () -- C:\WINDOWS\System32\qrrobvxqi.exe
[2007-09-05 18:51:59 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa2.lnk
[2007-09-05 16:45:13 | 000,279,040 | ---- | M] () -- C:\WINDOWS\System32\zwvyds.exe
[2007-08-28 21:07:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2007-08-28 21:07:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2007-08-28 21:07:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2007-08-13 17:06:32 | 000,056,700 | ---- | M] () -- C:\WINDOWS\System32\ieuinit.inf
[2007-07-31 14:54:59 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2007-07-31 14:54:58 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2007-07-28 20:57:15 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2007-07-28 18:39:20 | 000,004,960 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdi.sys
[2007-07-28 18:39:19 | 000,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avg7rsxp.sys
[2007-07-28 18:39:19 | 000,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\System32\drivers\avg7rsw.sys
[2007-07-16 11:58:10 | 000,197,408 | ---- | M] () -- C:\WINDOWS\System32\vpnapi.dll
[2007-07-16 11:58:00 | 000,193,312 | ---- | M] () -- C:\WINDOWS\System32\CSGina.dll
[2007-06-28 14:36:00 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Gitanjali\Desktop\HJTT.exe
[2007-06-25 22:27:58 | 000,961,160 | ---- | M] () -- C:\WINDOWS\pack.epk
[2007-06-12 18:14:50 | 000,009,232 | ---- | M] () -- C:\Documents and Settings\Gitanjali\USB_MOT_BRIT.INF
[2007-06-12 18:14:49 | 000,006,009 | ---- | M] () -- C:\Documents and Settings\Gitanjali\USBMOT2000XP.INF
[2007-06-12 18:14:49 | 000,005,813 | ---- | M] () -- C:\Documents and Settings\Gitanjali\USB_MOT_A1000.INF
[2007-06-12 18:14:46 | 000,006,947 | ---- | M] () -- C:\Documents and Settings\Gitanjali\USBMOT2000.INF
[2007-06-12 18:14:46 | 000,005,877 | ---- | M] () -- C:\Documents and Settings\Gitanjali\USB_CMCS_2000.INF
[2007-06-10 18:09:41 | 001,598,262 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Picturegr 029.jpg
[2007-05-21 14:50:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2007-05-21 14:50:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2007-05-18 21:09:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2007-05-18 21:09:35 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2007-04-28 20:24:58 | 000,000,284 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Shortcut to DSC00229.lnk
[2007-04-28 02:34:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2007-04-28 02:34:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2007-04-27 15:07:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2007-04-27 15:07:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2007-04-27 13:32:07 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2007-04-27 13:32:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2007-04-27 06:19:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2007-04-27 06:19:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2007-04-27 00:54:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2007-04-27 00:54:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2007-04-22 17:32:10 | 000,000,304 | -H-- | M] () -- C:\sqmdata01.sqm
[2007-04-22 17:32:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2007-04-16 15:52:53 | 000,246,848 | ---- | M] () -- C:\WINDOWS\System32\msonlineaz.dll
[2007-04-14 13:42:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007-04-14 13:42:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2007-04-14 12:22:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2007-04-14 12:22:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2007-04-12 20:11:45 | 000,001,478 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2007-04-11 17:23:46 | 000,017,396 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\barclay.pdf
[2007-04-03 17:10:31 | 000,377,784 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\p86.pdf
[2007-04-02 17:35:59 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2007-04-02 17:35:41 | 005,037,072 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Gitanjali\Desktop\spybotsd14.exe
[2007-04-02 17:15:35 | 004,322,304 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\aawsepersonal.exe
[2007-03-28 22:31:41 | 000,029,922 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Your Rights The Rights of Suspects The rights of suspects in the police station Curtailment of the right of silence.htm
[2007-03-28 22:14:06 | 000,026,148 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\The K-Zone Discussion.htm
[2007-03-28 22:04:22 | 000,026,203 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\The K-Zone right 2 silence.htm
[2007-03-28 21:59:02 | 000,077,947 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Right to Silence - IV - Right to Silence - Comparative Study - UK - US - France - Germany - Privilege Against Self-Incrimination - Legal Practice - LegalDay.htm
[2007-03-25 22:08:16 | 000,304,683 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\dissertation.pdf
[2007-03-21 22:44:06 | 000,185,574 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Blackstone_HRA1998.pdf
[2007-03-13 01:08:39 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2007-03-13 01:08:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2007-03-12 21:39:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2007-03-12 21:39:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2007-03-12 21:39:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata17.sqm
[2007-03-12 21:39:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2007-03-12 21:39:29 | 000,000,232 | -H-- | M] () -- C:\sqmdata15.sqm
[2007-02-21 18:03:14 | 000,001,112 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\ViewerApp.dat
[2007-02-11 19:51:38 | 000,001,515 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Tour Windows XP.lnk
[2007-02-05 00:34:41 | 000,037,343 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\l'expressyu2.htm
[2007-02-05 00:34:13 | 000,050,462 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\l'express yuyu.htm
[2007-02-04 22:37:45 | 000,016,010 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672071-oem32.PNF
[2007-02-04 22:37:44 | 000,015,690 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672070-oem25.PNF
[2007-02-04 22:37:44 | 000,012,802 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672069-oem23.PNF
[2007-02-04 22:37:44 | 000,012,428 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672069-oem24.PNF
[2007-02-04 22:37:43 | 000,014,342 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672068-oem21.PNF
[2007-02-04 22:37:43 | 000,012,836 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672068-oem22.PNF
[2007-02-04 22:37:42 | 000,092,064 | ---- | M] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmmdm.sys
[2007-02-04 22:37:42 | 000,079,328 | ---- | M] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmserd.sys
[2007-02-04 22:37:42 | 000,066,656 | ---- | M] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmbus.sys
[2007-02-04 22:37:42 | 000,009,913 | ---- | M] () -- C:\Documents and Settings\Gitanjali\MCCI_MDM.INF
[2007-02-04 22:37:42 | 000,009,913 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672071-oem32.inf
[2007-02-04 22:37:42 | 000,009,232 | ---- | M] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmmdfl.sys
[2007-02-04 22:37:42 | 000,009,232 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672070-oem25.inf
[2007-02-04 22:37:42 | 000,007,201 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672068-oem21.inf
[2007-02-04 22:37:42 | 000,006,989 | ---- | M] () -- C:\Documents and Settings\Gitanjali\MCCI_BUS.INF
[2007-02-04 22:37:42 | 000,006,208 | ---- | M] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmcmnt.sys
[2007-02-04 22:37:42 | 000,006,141 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672069-oem23.inf
[2007-02-04 22:37:42 | 000,005,960 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672069-oem24.inf
[2007-02-04 22:37:42 | 000,005,936 | ---- | M] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmwhnt.sys
[2007-02-04 22:37:42 | 000,005,880 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1181672068-oem22.inf
[2007-02-04 22:37:42 | 000,004,477 | ---- | M] () -- C:\Documents and Settings\Gitanjali\MCCI_SDM.INF
[2007-02-04 22:37:42 | 000,004,048 | ---- | M] (MCCI) -- C:\Documents and Settings\Gitanjali\mqdmcr.sys
[2007-02-04 22:08:49 | 000,015,690 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Copy of oem25.PNF
[2007-02-04 22:08:47 | 000,012,356 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Copy of oem24.PNF
[2007-02-04 22:08:45 | 000,012,828 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Copy of oem22.PNF
[2007-02-04 22:08:45 | 000,012,690 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Copy of oem23.PNF
[2007-02-04 22:08:40 | 000,014,006 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Copy of oem21.PNF
[2007-02-04 22:08:36 | 000,009,232 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1170628660-(null)
[2007-02-04 22:08:36 | 000,006,009 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Copy of oem23.inf
[2007-02-04 22:08:36 | 000,005,813 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Copy of oem24.inf
[2007-02-04 22:08:35 | 000,006,947 | ---- | M] () -- C:\Documents and Settings\Gitanjali\1170628659-(null)
[2007-02-04 22:08:35 | 000,005,877 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Copy of oem22.inf
[2007-01-31 13:45:08 | 000,101,904 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\dneinobj.dll
[2007-01-31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\System32\drivers\dne2000.sys
[2006-12-22 21:49:22 | 000,453,868 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Pict0319(1).JPG
[2006-12-22 21:41:21 | 000,000,997 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Shortcut (2) to Pict0319.lnk
[2006-12-22 21:31:36 | 000,781,758 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\joliieee.bmp
[2006-12-20 01:21:34 | 000,038,016 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\COOHHAABB.pdf
[2006-12-20 01:21:11 | 000,079,959 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Cohabitation_FamLaw_august.pdf
[2006-12-19 01:00:42 | 000,001,398 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2006-12-18 17:37:23 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2006-12-18 15:42:20 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2006-12-18 15:42:20 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2006-12-18 15:37:23 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2006-12-18 15:36:44 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2006-12-17 01:13:18 | 000,029,416 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\guide_to_work_opportunities.pdf
[2006-12-17 01:07:54 | 000,079,959 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Cohabitation_FamLaw_082006.pdf
[2006-12-10 18:56:25 | 000,002,634 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Search Toolbar Take a tour.lnk
[2006-12-10 18:56:25 | 000,001,524 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Create Drivers & Tools CD-ROM.lnk
[2006-12-04 02:06:48 | 000,039,843 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Judgment.htm
[2006-12-03 22:18:32 | 000,015,938 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\amalgam.pdf
[2006-12-01 02:41:47 | 000,144,213 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\p estoppel.pdf
[2006-12-01 02:35:02 | 000,107,376 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Tung%20&%20Chan%20Consideration.pdf
[2006-12-01 00:32:51 | 000,045,037 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\PROMISES BINDING IN THE ABSENCE OF CONSIDERATION.htm
[2006-11-27 22:59:00 | 000,043,822 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Contract Law, Part 3 Consideration & Deeds.htm
[2006-11-27 22:42:46 | 000,079,523 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\intcomlaw_ch3.pdf
[2006-11-27 17:33:26 | 000,006,873 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\israelVisit - BEGINNER'S HEBREW Speak a bit of the local language in Israel-Jerusalem, Tel Aviv, Haifa, Eilat.htm
[2006-11-27 17:33:08 | 000,000,327 | -H-- | M] () -- C:\IPH.PH
[2006-11-27 17:32:42 | 000,000,335 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2006-11-27 17:27:35 | 000,018,747 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Free Languages Download.htm
[2006-11-23 23:38:49 | 000,015,025 | ---- | M] () -- C:\Documents and Settings\Gitanjali\My Documents\Barber v Somerset City Council 2004 - Tort Essay.htm
[2006-11-20 00:19:15 | 000,001,624 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office OneNote 2003.lnk
[2006-11-20 00:03:38 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\fusioncache.dat
[2006-11-19 18:37:42 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2006-11-19 18:27:01 | 000,000,000 | RHS- | M] () -- C:\WINDOWS\System32\drivers\TOSHIBA_EQUIUM A100_04603-AV_PSAABE-00800.MRK
[2006-11-19 18:24:56 | 000,000,420 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2006-10-09 16:12:44 | 000,456,192 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2006-10-09 16:12:40 | 000,291,840 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2006-10-09 16:12:30 | 000,224,256 | ---- | M] () -- C:\WINDOWS\System32\psisrndr.ax
[2006-10-09 16:12:30 | 000,224,256 | ---- | M] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2006-10-09 16:12:14 | 000,235,008 | ---- | M] () -- C:\WINDOWS\System32\psisdecd.dll
[2006-10-09 16:12:14 | 000,235,008 | ---- | M] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2006-10-04 14:06:20 | 000,764,868 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2006-10-04 14:06:13 | 000,217,118 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2006-09-23 12:12:38 | 000,074,715 | ---- | M] () -- C:\WINDOWS\System32\IE7Eula.rtf
[2006-09-20 16:10:53 | 000,000,333 | ---- | M] () -- C:\WINDOWS\System32\$ncsp$.inf
[2006-09-20 16:04:07 | 000,045,378 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2006-09-19 09:51:55 | 000,000,222 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2006-09-18 14:54:35 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2006-09-14 12:22:58 | 000,000,061 | ---- | M] () -- C:\WINDOWS\smscfg.ini
[2006-09-14 11:19:03 | 000,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2006-09-14 08:49:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\NDSTray.INI
[2006-09-14 08:27:55 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2006-09-14 08:27:55 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2006-09-13 14:38:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2006-09-13 14:00:59 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2006-09-13 14:00:59 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006-09-13 14:00:59 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006-09-13 14:00:59 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006-09-13 14:00:59 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006-09-13 14:00:34 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2006-09-13 13:56:38 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006-09-01 07:44:04 | 000,008,798 | ---- | M] () -- C:\WINDOWS\System32\icrav03.rat
[2006-09-01 07:44:04 | 000,001,988 | ---- | M] () -- C:\WINDOWS\System32\ticrf.rat
[2006-08-22 04:05:26 | 000,498,742 | ---- | M] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2006-08-02 10:39:06 | 000,073,728 | ---- | M] (Panda Software) -- C:\WINDOWS\System32\asuninst.exe
[2006-05-05 14:26:36 | 002,808,832 | ---- | M] (RealTek Semicoductor Corp.) -- C:\WINDOWS\alcwzrd.exe
[2006-05-01 20:04:00 | 001,662,976 | ---- | M] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-05-01 20:04:00 | 001,519,616 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2006-05-01 20:04:00 | 001,466,368 | ---- | M] () -- C:\WINDOWS\System32\nview.dll
[2006-05-01 20:04:00 | 001,339,392 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006-05-01 20:04:00 | 001,019,904 | ---- | M] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-05-01 20:04:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\nvshell.dll
[2006-05-01 20:04:00 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2006-05-01 20:04:00 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2006-05-01 20:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\nvapi.dll
[2006-05-01 20:04:00 | 000,016,683 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2006-04-24 21:03:02 | 000,010,165 | ---- | M] () -- C:\WINDOWS\System32\tosmreg.ini
[2006-04-03 09:59:54 | 000,000,128 | ---- | M] () -- C:\WINDOWS\System32\xposer.cfg
[2006-04-03 09:59:16 | 000,000,128 | ---- | M] () -- C:\WINDOWS\System32\asinst.cfg
[2006-04-02 00:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\ar5211.sys
[2006-03-23 21:05:42 | 000,023,216 | ---- | M] () -- C:\WINDOWS\System32\igxpxs32.vp
[2006-03-23 19:08:32 | 000,524,850 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2006-03-23 19:08:32 | 000,058,704 | ---- | M] () -- C:\WINDOWS\System32\igxpxk32.vp
[2006-03-23 19:08:32 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\igxpxa32.vp
[2006-03-22 07:12:36 | 000,027,504 | ---- | M] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2006-03-02 23:05:32 | 000,081,920 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo2.dll
[2006-03-02 23:03:16 | 000,069,724 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPFcs.dll
[2006-02-13 23:29:26 | 000,121,995 | ---- | M] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006-02-09 00:44:06 | 001,114,674 | ---- | M] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2006-02-09 00:44:06 | 000,000,929 | ---- | M] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2006-01-30 21:15:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\px.ini
[2006-01-26 10:49:10 | 000,000,562 | ---- | M] () -- C:\WINDOWS\TBTdetect.ini
[2006-01-26 04:48:04 | 000,006,005 | ---- | M] () -- C:\WINDOWS\System32\atifglpf.xml
[2006-01-05 12:48:44 | 000,053,248 | ---- | M] ( ) -- C:\WINDOWS\System32\DLLVGA.dll
[2005-12-22 07:35:32 | 000,005,242 | ---- | M] () -- C:\WINDOWS\System32\e100b325.din
[2005-12-20 10:03:10 | 000,000,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2005-12-20 10:03:10 | 000,000,176 | ---- | M] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2005-12-13 16:08:44 | 001,124,097 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\drivers\AGRSM.sys
[2005-12-05 02:14:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2005-12-05 01:20:38 | 000,000,294 | ---- | M] () -- C:\WINDOWS\System32\awsku_navps.dat
[2005-12-05 01:20:06 | 000,006,052 | ---- | M] () -- C:\WINDOWS\System32\awsku.dat
[2005-12-04 06:11:22 | 000,409,130 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2005-12-04 06:11:22 | 000,065,396 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2005-12-04 05:27:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2005-11-30 17:12:00 | 000,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\System32\drivers\tifm21.sys
[2005-11-23 13:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\System32\TCtrlIO.dll
[28 C:\Documents and Settings\Gitanjali\Desktop\*.tmp files -> C:\Documents and Settings\Gitanjali\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009-01-20 19:32:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009-01-20 19:32:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009-01-20 19:32:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009-01-20 19:32:50 | 000,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2009-01-20 18:39:58 | 000,000,250 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009-01-20 18:39:50 | 000,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009-01-20 18:39:49 | 000,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009-01-20 18:39:48 | 000,811,008 | R--- | C] () -- C:\WINDOWS\gmer.exe
[2009-01-20 18:33:42 | 000,747,873 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\gmer.zip
[2009-01-20 12:23:01 | 000,368,916 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\dds.scr
[2009-01-18 20:54:23 | 000,000,294 | ---- | C] () -- C:\WINDOWS\System32\awsku_navps.dat
[2009-01-16 21:56:15 | 000,000,491 | ---- | C] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009-01-16 21:56:14 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\dllcache\userinit.exe
[2009-01-16 21:55:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009-01-16 21:55:46 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\test.ttt
[2009-01-15 20:47:11 | 000,119,657 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\COURT FORM.pdf
[2009-01-14 22:57:59 | 000,663,978 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\Rashidpdf.pdf
[2009-01-14 21:01:43 | 000,009,758 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp2v1.cab
[2009-01-13 23:04:57 | 000,006,714 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp2v2.cab
[2009-01-10 14:24:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp1v2.cab
[2009-01-10 14:24:39 | 000,051,322 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp1v1.cab
[2009-01-10 14:22:14 | 000,035,840 | ---- | C] () -- C:\WINDOWS\System32\sys.dat
[2008-12-30 22:34:53 | 000,089,763 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\showletter.htm
[2008-12-24 09:04:39 | 005,943,474 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\The_Rileys_-_Christmas_Cheer.mp3
[2008-12-08 08:07:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\sysservice2.exe
[2008-12-08 00:02:43 | 000,000,364 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008-12-07 21:31:02 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\adtsh.dll
[2008-12-07 21:31:00 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\tb.dr
[2008-12-07 21:31:00 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\bb1.dat
[2008-12-07 21:25:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\System32\sysservice.dll
[2008-11-08 10:43:02 | 000,019,315 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\givanuwuk.db
[2008-11-08 10:36:52 | 000,019,280 | ---- | C] () -- C:\WINDOWS\nono.lib
[2008-11-06 00:13:22 | 000,014,257 | ---- | C] () -- C:\WINDOWS\System32\gidaneweje.scr
[2008-11-05 23:56:14 | 000,019,487 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ditufybyl.reg
[2008-11-05 23:56:14 | 000,019,255 | ---- | C] () -- C:\WINDOWS\edafenodad._sy
[2008-11-05 23:56:14 | 000,018,291 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\amisudy.bin
[2008-11-05 23:56:14 | 000,017,758 | ---- | C] () -- C:\WINDOWS\pogahes.dat
[2008-11-05 23:56:14 | 000,016,982 | ---- | C] () -- C:\WINDOWS\xusoboxan.bat
[2008-11-05 23:56:14 | 000,016,731 | ---- | C] () -- C:\WINDOWS\ahowyle._dl
[2008-11-05 23:56:14 | 000,015,703 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lalywaj.inf
[2008-11-05 23:56:14 | 000,015,698 | ---- | C] () -- C:\Program Files\Common Files\enut.dat
[2008-11-05 23:56:14 | 000,015,590 | ---- | C] () -- C:\WINDOWS\System32\tesape.com
[2008-11-05 23:56:14 | 000,015,457 | ---- | C] () -- C:\Program Files\Common Files\orawoqor.bin
[2008-11-05 23:56:14 | 000,014,641 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\rabir.bin
[2008-11-05 23:56:14 | 000,014,620 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\dyvip.ban
[2008-11-05 23:56:14 | 000,014,614 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\uroji.bat
[2008-11-05 23:56:14 | 000,014,525 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\iqyco.com
[2008-11-05 23:56:14 | 000,013,778 | ---- | C] () -- C:\Program Files\Common Files\syhit.dl
[2008-11-05 23:56:14 | 000,013,738 | ---- | C] () -- C:\WINDOWS\fujan.inf
[2008-11-05 23:56:14 | 000,013,391 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\cevebe.vbs
[2008-11-05 23:56:14 | 000,013,250 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ohuvehago.sys
[2008-11-05 23:56:14 | 000,012,888 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\fifu.bin
[2008-11-05 23:56:14 | 000,012,463 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mavubah.ban
[2008-11-05 23:56:14 | 000,012,229 | ---- | C] () -- C:\Program Files\Common Files\xunefomyca.bat
[2008-11-05 23:56:14 | 000,010,968 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\emusivyfu.lib
[2008-11-05 23:56:14 | 000,010,898 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\pawagulowu.db
[2008-11-05 23:56:14 | 000,010,515 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\soxeveha.pif
[2008-11-05 23:55:53 | 000,224,075 | ---- | C] () -- C:\WINDOWS\System32\_scui.cpl
[2008-11-05 23:51:16 | 000,125,883 | ---- | C] () -- C:\WINDOWS\System32\wini10491.exe
[2008-11-05 23:50:54 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\ati0dkxx.sys
[2008-11-05 23:49:09 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\rs32net.exe
[2008-10-12 16:50:13 | 000,921,624 | ---- | C] () -- C:\img1-001.raw
[2008-10-12 16:45:57 | 000,286,720 | ---- | C] () -- C:\WINDOWS\vsnpstd.exe
[2008-10-12 16:45:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll
[2008-10-12 16:45:57 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini
[2008-10-12 16:45:57 | 000,013,023 | ---- | C] () -- C:\WINDOWS\snpstd.src
[2008-10-12 16:45:55 | 000,330,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys
[2008-10-12 16:45:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd.exe
[2008-10-05 19:50:53 | 000,001,601 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free Games & Music.lnk
[2008-10-05 19:50:53 | 000,000,897 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk
[2008-09-19 22:19:11 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\awsku.exe
[2008-09-19 22:19:11 | 000,006,052 | ---- | C] () -- C:\WINDOWS\System32\awsku.dat
[2008-09-08 23:13:30 | 000,868,050 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\tier1poststudyworkform.pdf
[2008-09-07 19:13:39 | 000,000,504 | ---- | C] () -- C:\WINDOWS\tasks\Antispyware Scheduled Scan.job
[2008-09-02 08:30:43 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2008-08-25 23:18:08 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Mail.lnk
[2008-08-25 23:18:08 | 000,001,489 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Mail.lnk
[2008-08-25 23:18:08 | 000,001,477 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Mail.lnk
[2008-08-25 23:17:33 | 000,000,830 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2008-08-25 23:17:33 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2008-08-17 17:10:26 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2008-07-15 18:30:55 | 000,059,092 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\DSC03389.JPG
[2008-05-30 20:45:04 | 000,820,903 | ---- | C] () -- C:\WINDOWS\System32\dddxdmjnq_navfx.dat
[2008-04-24 13:05:33 | 000,645,187 | ---- | C] () -- C:\WINDOWS\System32\ymgsfdg_navfx.dat
[2008-04-12 14:50:02 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008-04-12 14:46:26 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2008-04-12 14:45:58 | 006,342,680 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\SUPERAntiSpyware.exe
[2008-03-25 04:50:40 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll
[2008-02-14 10:07:19 | 000,333,824 | ---- | C] () -- C:\WINDOWS\System32\kspkdcbfa.exe
[2008-02-13 16:17:18 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\uohook.exe
[2008-02-05 19:26:18 | 000,352,768 | ---- | C] () -- C:\WINDOWS\System32\uaghzxjl.exe
[2008-01-27 21:07:50 | 000,293,376 | ---- | C] () -- C:\WINDOWS\System32\yvoqwfhixw.exe
[2008-01-09 03:17:29 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\kizwuts.exe
[2008-01-07 17:55:25 | 000,305,152 | ---- | C] () -- C:\WINDOWS\System32\mskhqtkmu.exe
[2008-01-05 20:31:13 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2008-01-05 20:30:59 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2007-12-27 10:50:26 | 000,293,888 | ---- | C] () -- C:\WINDOWS\System32\stmivlgc.exe
[2007-12-27 01:48:31 | 000,684,122 | ---- | C] () -- C:\WINDOWS\System32\avjimca_navfx.dat
[2007-12-13 04:44:21 | 000,291,840 | ---- | C] () -- C:\WINDOWS\System32\lqdquybrh.exe
[2007-12-08 11:39:29 | 000,294,400 | ---- | C] () -- C:\WINDOWS\System32\hbvtgdsaae.exe
[2007-12-04 11:33:15 | 000,299,520 | ---- | C] () -- C:\WINDOWS\System32\waeeog.exe
[2007-12-02 15:51:37 | 000,282,112 | ---- | C] () -- C:\WINDOWS\System32\htotkfkxxt.exe
[2007-11-30 00:43:33 | 000,291,840 | ---- | C] () -- C:\WINDOWS\System32\gkahvitkr.exe
[2007-11-29 22:30:42 | 000,004,816 | ---- | C] () -- C:\WINDOWS\System32\divxsm.tlb
[2007-11-29 22:30:28 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007-11-28 21:52:32 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007-11-24 22:40:03 | 000,285,184 | ---- | C] () -- C:\WINDOWS\System32\ljohtjvjd.exe
[2007-11-24 13:40:27 | 000,277,504 | ---- | C] () -- C:\WINDOWS\System32\iokdiyykd.exe
[2007-11-21 15:12:23 | 000,001,594 | ---- | C] () -- C:\WINDOWS\VPNInstall.MIF
[2007-11-21 03:58:27 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007-11-16 10:37:54 | 000,287,744 | ---- | C] () -- C:\WINDOWS\System32\hojrvid.exe
[2007-11-12 14:55:25 | 000,001,165 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007-11-08 11:02:52 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\twqcasr.exe
[2007-11-03 05:59:18 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\fxqkbbw.exe
[2007-10-30 23:09:07 | 000,301,568 | ---- | C] () -- C:\WINDOWS\System32\xhqfaiina.exe
[2007-10-30 11:28:58 | 000,304,640 | ---- | C] () -- C:\WINDOWS\System32\jjdhehgb.exe
[2007-10-29 22:35:13 | 001,288,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2007-10-27 17:58:45 | 000,292,352 | ---- | C] () -- C:\WINDOWS\System32\kfqyzlxht.exe
[2007-10-26 16:05:04 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2007-10-24 09:29:28 | 000,303,616 | ---- | C] () -- C:\WINDOWS\System32\rbxtuaui.exe
[2007-10-18 22:34:08 | 000,303,616 | ---- | C] () -- C:\WINDOWS\System32\frhuqos.exe
[2007-10-17 09:47:37 | 000,273,920 | ---- | C] () -- C:\WINDOWS\System32\zlhmqxy.exe
[2007-10-11 08:31:36 | 000,337,408 | ---- | C] () -- C:\WINDOWS\System32\mwncskfuo.exe
[2007-10-09 17:01:17 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\lfehznwol.exe
[2007-10-08 11:04:11 | 000,276,480 | ---- | C] () -- C:\WINDOWS\System32\enxfnds.exe
[2007-10-07 19:48:03 | 000,275,968 | ---- | C] () -- C:\WINDOWS\System32\oosdgwpu.exe
[2007-10-06 23:10:30 | 000,263,168 | ---- | C] () -- C:\WINDOWS\System32\turbxtg.exe
[2007-10-01 11:09:26 | 000,339,456 | ---- | C] () -- C:\WINDOWS\System32\driveq.exe
[2007-09-30 00:29:48 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\jfafyzv.exe
[2007-09-29 19:16:25 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\rrknprw.exe
[2007-09-27 06:39:05 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\lgbris.exe
[2007-09-26 12:34:32 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\yylcazipq.exe
[2007-09-25 13:33:13 | 000,337,408 | ---- | C] () -- C:\WINDOWS\System32\xzqhkb.exe
[2007-09-20 21:07:41 | 000,266,752 | ---- | C] () -- C:\WINDOWS\System32\ukaiaepv.exe
[2007-09-19 23:40:12 | 000,274,944 | ---- | C] () -- C:\WINDOWS\System32\dszegkb.exe
[2007-09-19 11:58:57 | 000,264,704 | ---- | C] () -- C:\WINDOWS\System32\tzcjspyyo.exe
[2007-09-18 12:14:56 | 000,330,240 | ---- | C] () -- C:\WINDOWS\System32\bfegsxjdu.exe
[2007-09-16 23:12:25 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Shortcut to protolawsoclogo.lnk
[2007-09-09 09:28:47 | 000,273,920 | ---- | C] () -- C:\WINDOWS\System32\disaxgmr.exe
[2007-09-08 15:56:32 | 000,272,384 | ---- | C] () -- C:\WINDOWS\System32\fjayaaklfp.exe
[2007-09-08 10:32:03 | 000,273,920 | ---- | C] () -- C:\WINDOWS\System32\xrplurnajg.exe
[2007-09-06 23:31:16 | 000,274,944 | ---- | C] () -- C:\WINDOWS\System32\qrrobvxqi.exe
[2007-09-05 18:51:59 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa2.lnk
[2007-09-05 16:45:13 | 000,279,040 | ---- | C] () -- C:\WINDOWS\System32\zwvyds.exe
[2007-07-31 14:54:59 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2007-07-31 14:54:58 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2007-07-28 20:57:15 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk
[2007-07-28 20:57:15 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2007-07-25 20:12:40 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\wklnhst.dat
[2007-07-16 11:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007-07-16 11:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007-06-25 22:27:58 | 000,961,160 | ---- | C] () -- C:\WINDOWS\pack.epk
[2007-06-12 18:14:31 | 000,016,010 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672071-oem32.PNF
[2007-06-12 18:14:31 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672071-oem32.inf
[2007-06-12 18:14:30 | 000,015,690 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672070-oem25.PNF
[2007-06-12 18:14:30 | 000,012,428 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672069-oem24.PNF
[2007-06-12 18:14:30 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672070-oem25.inf
[2007-06-12 18:14:29 | 000,012,836 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672068-oem22.PNF
[2007-06-12 18:14:29 | 000,012,802 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672069-oem23.PNF
[2007-06-12 18:14:29 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672069-oem23.inf
[2007-06-12 18:14:29 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672069-oem24.inf
[2007-06-12 18:14:28 | 000,014,342 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672068-oem21.PNF
[2007-06-12 18:14:28 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672068-oem21.inf
[2007-06-12 18:14:28 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1181672068-oem22.inf
[2007-06-10 18:15:56 | 001,598,262 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Picturegr 029.jpg
[2007-06-10 18:11:10 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007-05-17 15:09:52 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\DivX Movies.lnk
[2007-04-28 20:24:58 | 000,000,284 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Shortcut to DSC00229.lnk
[2007-04-11 17:23:46 | 000,017,396 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\barclay.pdf
[2007-04-03 17:10:30 | 000,377,784 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\p86.pdf
[2007-04-02 17:35:59 | 000,000,951 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2007-04-02 17:15:33 | 004,322,304 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\aawsepersonal.exe
[2007-04-02 17:14:13 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007-03-28 22:31:40 | 000,029,922 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Your Rights The Rights of Suspects The rights of suspects in the police station Curtailment of the right of silence.htm
[2007-03-28 22:14:05 | 000,026,148 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\The K-Zone Discussion.htm
[2007-03-28 22:04:22 | 000,026,203 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\The K-Zone right 2 silence.htm
[2007-03-28 21:58:55 | 000,077,947 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Right to Silence - IV - Right to Silence - Comparative Study - UK - US - France - Germany - Privilege Against Self-Incrimination - Legal Practice - LegalDay.htm
[2007-03-25 22:08:16 | 000,304,683 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\dissertation.pdf
[2007-03-21 22:44:06 | 000,185,574 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Blackstone_HRA1998.pdf
[2007-02-26 00:06:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2007-02-26 00:04:33 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2007-02-26 00:04:33 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007-02-26 00:04:27 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2007-02-26 00:04:27 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2007-02-05 00:34:39 | 000,037,343 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\l'expressyu2.htm
[2007-02-05 00:34:11 | 000,050,462 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\l'express yuyu.htm
[2007-02-04 22:37:42 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Gitanjali\MCCI_MDM.INF
[2007-02-04 22:37:42 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Gitanjali\MCCI_BUS.INF
[2007-02-04 22:37:42 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Gitanjali\MCCI_SDM.INF
[2007-02-04 22:37:40 | 000,015,690 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Copy of oem25.PNF
[2007-02-04 22:37:40 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1170628660-(null)
[2007-02-04 22:37:39 | 000,014,006 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Copy of oem21.PNF
[2007-02-04 22:37:39 | 000,012,828 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Copy of oem22.PNF
[2007-02-04 22:37:39 | 000,012,690 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Copy of oem23.PNF
[2007-02-04 22:37:39 | 000,012,356 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Copy of oem24.PNF
[2007-02-04 22:37:39 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\Gitanjali\1170628659-(null)
[2007-02-04 22:37:39 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Copy of oem23.inf
[2007-02-04 22:37:39 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Copy of oem22.inf
[2007-02-04 22:37:39 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Copy of oem24.inf
[2007-02-04 22:08:36 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Gitanjali\USB_MOT_BRIT.INF
[2007-02-04 22:08:36 | 000,006,009 | ---- | C] () -- C:\Documents and Settings\Gitanjali\USBMOT2000XP.INF
[2007-02-04 22:08:36 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Gitanjali\USB_MOT_A1000.INF
[2007-02-04 22:08:35 | 000,006,947 | ---- | C] () -- C:\Documents and Settings\Gitanjali\USBMOT2000.INF
[2007-02-04 22:08:35 | 000,005,877 | ---- | C] () -- C:\Documents and Settings\Gitanjali\USB_CMCS_2000.INF
[2007-01-02 11:13:19 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2007-01-02 11:13:18 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2007-01-02 11:13:18 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2007-01-02 11:13:18 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2007-01-02 11:13:12 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2007-01-02 11:13:12 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2007-01-02 11:13:12 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2007-01-02 11:13:12 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2007-01-02 11:13:12 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2007-01-02 11:13:12 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2007-01-02 11:13:12 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2007-01-02 11:13:12 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2007-01-02 11:13:12 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2007-01-02 11:13:12 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2007-01-02 11:13:12 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2007-01-02 11:13:12 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2007-01-02 11:13:12 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2007-01-02 11:13:12 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2007-01-02 11:13:12 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2007-01-02 11:13:09 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2007-01-02 11:13:08 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2007-01-02 11:13:08 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2007-01-02 11:13:05 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2007-01-02 11:13:05 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2007-01-02 11:12:54 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2007-01-02 11:12:36 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2007-01-02 11:12:32 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2007-01-02 11:12:28 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2007-01-02 11:12:26 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2006-12-27 01:14:25 | 000,453,868 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Pict0319(1).JPG
[2006-12-24 01:15:52 | 000,781,758 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\joliieee.bmp
[2006-12-23 21:29:30 | 000,000,268 | -H-- | C] () -- C:\sqmdata19.sqm
[2006-12-23 21:29:30 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt19.sqm
[2006-12-23 00:10:45 | 000,000,268 | -H-- | C] () -- C:\sqmdata18.sqm
[2006-12-23 00:10:45 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm
[2006-12-22 21:42:55 | 000,000,997 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Shortcut (2) to Pict0319.lnk
[2006-12-22 20:31:13 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2006-12-22 20:31:13 | 000,000,232 | -H-- | C] () -- C:\sqmdata17.sqm
[2006-12-21 22:23:29 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2006-12-21 22:23:29 | 000,000,232 | -H-- | C] () -- C:\sqmdata16.sqm
[2006-12-20 01:21:34 | 000,038,016 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\COOHHAABB.pdf
[2006-12-20 01:21:11 | 000,079,959 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Cohabitation_FamLaw_august.pdf
[2006-12-19 10:51:52 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2006-12-19 10:51:52 | 000,000,232 | -H-- | C] () -- C:\sqmdata15.sqm
[2006-12-19 00:02:24 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2006-12-19 00:02:24 | 000,000,232 | -H-- | C] () -- C:\sqmdata14.sqm
[2006-12-18 21:15:59 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2006-12-18 21:15:59 | 000,000,232 | -H-- | C] () -- C:\sqmdata13.sqm
[2006-12-18 16:34:21 | 000,002,329 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live Messenger.lnk
[2006-12-18 16:34:21 | 000,001,754 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger.lnk
[2006-12-18 16:10:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2006-12-18 16:10:06 | 000,000,232 | -H-- | C] () -- C:\sqmdata12.sqm
[2006-12-18 15:38:27 | 000,764,868 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb
[2006-12-18 15:38:27 | 000,217,118 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb
[2006-12-18 15:36:44 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2006-12-18 11:51:23 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt11.sqm
[2006-12-18 11:51:23 | 000,000,232 | -H-- | C] () -- C:\sqmdata11.sqm
[2006-12-17 01:13:18 | 000,029,416 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\guide_to_work_opportunities.pdf
[2006-12-17 01:07:54 | 000,079,959 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Cohabitation_FamLaw_082006.pdf
[2006-12-14 21:46:40 | 000,000,734 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts.msn
[2006-12-10 15:40:53 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\ViewerApp.dat
[2006-12-10 15:34:21 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006-12-10 15:32:16 | 000,001,458 | ---- | C] () -- C:\WINDOWS\System32\LTOCX12n.INF
[2006-12-10 03:31:47 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt10.sqm
[2006-12-10 03:31:47 | 000,000,232 | -H-- | C] () -- C:\sqmdata10.sqm
[2006-12-10 03:31:34 | 000,000,268 | -H-- | C] () -- C:\sqmdata09.sqm
[2006-12-10 03:31:34 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt09.sqm
[2006-12-06 16:41:21 | 000,000,268 | -H-- | C] () -- C:\sqmdata08.sqm
[2006-12-06 16:41:21 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt08.sqm
[2006-12-06 13:00:15 | 000,000,268 | -H-- | C] () -- C:\sqmdata07.sqm
[2006-12-06 13:00:15 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt07.sqm
[2006-12-05 18:26:06 | 000,000,268 | -H-- | C] () -- C:\sqmdata06.sqm
[2006-12-05 18:26:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt06.sqm
[2006-12-05 16:09:42 | 000,000,268 | -H-- | C] () -- C:\sqmdata05.sqm
[2006-12-05 16:09:42 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt05.sqm
[2006-12-04 16:19:17 | 000,000,268 | -H-- | C] () -- C:\sqmdata04.sqm
[2006-12-04 16:19:17 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt04.sqm
[2006-12-04 02:06:48 | 000,039,843 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Judgment.htm
[2006-12-03 22:26:13 | 000,000,268 | -H-- | C] () -- C:\sqmdata03.sqm
[2006-12-03 22:26:13 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt03.sqm
[2006-12-03 22:18:32 | 000,015,938 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\amalgam.pdf
[2006-12-01 02:41:47 | 000,144,213 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\p estoppel.pdf
[2006-12-01 02:35:02 | 000,107,376 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Tung%20&%20Chan%20Consideration.pdf
[2006-12-01 00:32:51 | 000,045,037 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\PROMISES BINDING IN THE ABSENCE OF CONSIDERATION.htm
[2006-12-01 00:00:17 | 000,000,268 | -H-- | C] () -- C:\sqmdata02.sqm
[2006-12-01 00:00:17 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt02.sqm
[2006-11-30 18:03:44 | 000,000,304 | -H-- | C] () -- C:\sqmdata01.sqm
[2006-11-30 18:03:44 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt01.sqm
[2006-11-30 15:38:29 | 000,001,515 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Tour Windows XP.lnk
[2006-11-27 22:58:58 | 000,043,822 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Contract Law, Part 3 Consideration & Deeds.htm
[2006-11-27 22:42:46 | 000,079,523 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\intcomlaw_ch3.pdf
[2006-11-27 17:33:26 | 000,006,873 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\israelVisit - BEGINNER'S HEBREW Speak a bit of the local language in Israel-Jerusalem, Tel Aviv, Haifa, Eilat.htm
[2006-11-27 17:32:43 | 000,000,327 | -H-- | C] () -- C:\IPH.PH
[2006-11-27 17:32:42 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006-11-27 17:27:26 | 000,018,747 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Free Languages Download.htm
[2006-11-23 23:38:47 | 000,015,025 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\Barber v Somerset City Council 2004 - Tort Essay.htm
[2006-11-23 23:10:02 | 000,000,182 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006-11-20 21:52:25 | 000,000,578 | ---- | C] () -- C:\Documents and Settings\Gitanjali\My Documents\My Sharing Folders.lnk
[2006-11-20 21:51:01 | 000,000,268 | -H-- | C] () -- C:\sqmdata00.sqm
[2006-11-20 21:51:01 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt00.sqm
[2006-11-20 00:00:42 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2006-11-19 18:37:14 | 000,002,479 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2006-11-19 18:37:13 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2006-11-19 18:37:13 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2006-11-19 18:37:13 | 000,002,046 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2006-11-19 18:37:13 | 000,001,998 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
[2006-11-19 18:37:13 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
[2006-11-19 18:37:12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2006-11-19 18:27:01 | 000,000,000 | RHS- | C] () -- C:\WINDOWS\System32\drivers\TOSHIBA_EQUIUM A100_04603-AV_PSAABE-00800.MRK
[2006-11-19 18:26:00 | 000,001,478 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Media Center.lnk
[2006-11-19 18:26:00 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2006-11-19 18:25:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\fusioncache.dat
[2006-11-19 18:25:58 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Start Menu\Programs\Remote Assistance.lnk
[2006-11-19 18:25:58 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Start Menu\Programs\Internet Explorer.lnk
[2006-11-19 18:25:58 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Start Menu\Programs\Windows Media Player.lnk
[2006-11-19 18:25:58 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Start Menu\Programs\Outlook Express.lnk
[2006-10-09 16:12:40 | 000,291,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sbe.dll
[2006-10-09 16:12:30 | 000,224,256 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2006-10-09 16:12:14 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2006-09-23 12:12:38 | 000,074,715 | ---- | C] () -- C:\WINDOWS\System32\IE7Eula.rtf
[2006-09-21 00:34:36 | 000,000,641 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL Setup.lnk
[2006-09-20 16:06:27 | 000,001,775 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2006-09-20 16:06:26 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
[2006-09-18 14:54:35 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2006-09-14 12:22:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006-09-14 12:22:54 | 000,000,333 | ---- | C] () -- C:\WINDOWS\System32\$ncsp$.inf
[2006-09-14 12:11:56 | 000,001,398 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Media Center.lnk
[2006-09-14 12:09:57 | 003,072,054 | ---- | C] () -- C:\WINDOWS\TOSHIBA Satellite.bmp.169
[2006-09-14 12:09:57 | 002,359,352 | ---- | C] () -- C:\WINDOWS\TOSHIBA_GEN.BMP
[2006-09-14 12:09:57 | 002,359,350 | ---- | C] () -- C:\WINDOWS\TOSHIBA Satellite.bmp.43
[2006-09-14 12:09:56 | 003,072,056 | ---- | C] () -- C:\WINDOWS\TOSHIBA_GEN_169.BMP
[2006-09-14 12:09:00 | 000,000,562 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2006-09-14 12:06:02 | 000,001,797 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Desktop Search.lnk
[2006-09-14 12:00:07 | 000,002,634 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Search Toolbar Take a tour.lnk
[2006-09-14 11:16:21 | 000,001,624 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office OneNote 2003.lnk
[2006-09-14 11:15:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-09-14 11:10:47 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xhidcpl.cpl
[2006-09-14 11:10:47 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2006-09-14 11:10:30 | 000,001,524 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Create Drivers & Tools CD-ROM.lnk
[2006-09-14 11:09:26 | 000,001,426 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DVD-RAM Tool.lnk
[2006-09-14 10:42:26 | 000,001,466 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2006-09-14 10:06:12 | 000,000,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-09-14 09:58:44 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006-09-14 09:58:44 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006-09-14 09:58:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006-09-14 09:58:44 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006-09-14 09:58:44 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006-09-14 09:58:44 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006-09-14 09:58:18 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\TOSCDSPD.cpl
[2006-09-14 09:54:03 | 000,036,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys
[2006-09-14 09:54:03 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2006-09-14 08:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2006-09-14 08:30:04 | 000,005,242 | ---- | C] () -- C:\WINDOWS\System32\e100b325.din
[2006-09-14 08:28:39 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2006-09-14 08:28:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2006-09-14 08:28:39 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2006-09-14 08:28:39 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2006-09-14 08:27:55 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2006-09-14 08:27:54 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2006-09-14 08:25:45 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat
[2006-09-14 08:25:45 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2006-09-14 08:25:44 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006-09-14 08:25:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006-09-14 07:54:15 | 000,045,378 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2006-09-14 07:54:08 | 000,016,683 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2006-09-14 07:51:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2006-09-13 23:11:25 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006-09-13 23:11:25 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006-09-13 23:11:24 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006-09-13 23:11:24 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006-09-13 23:11:23 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006-09-13 23:11:23 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006-09-13 23:11:22 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006-09-13 23:11:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006-09-13 23:11:21 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006-09-13 23:11:20 | 000,524,850 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.cpa
[2006-09-13 23:11:20 | 000,058,704 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
[2006-09-13 23:11:20 | 000,023,216 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
[2006-09-13 23:11:20 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\igxpxa32.vp
[2006-09-13 23:11:17 | 000,027,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2006-09-13 23:11:16 | 001,114,674 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2006-09-13 23:11:16 | 000,121,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006-09-13 23:11:16 | 000,058,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2006-09-13 23:11:16 | 000,006,005 | ---- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2006-09-13 23:11:16 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2006-09-13 14:49:42 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2006-09-13 14:49:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006-09-13 14:49:29 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2006-09-13 14:48:48 | 000,230,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006-09-13 14:48:15 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2006-09-13 14:36:26 | 000,000,173 | ---- | C] () -- C:\WINDOWS\TVersion.xml
[2006-09-13 14:04:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006-09-13 14:00:59 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2006-09-13 14:00:59 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2006-09-13 14:00:59 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2006-09-13 14:00:59 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2006-09-13 14:00:59 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2006-09-13 14:00:46 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2006-09-13 14:00:46 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2006-09-13 14:00:45 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2006-09-13 13:58:37 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2006-09-13 13:58:21 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2006-09-13 13:58:12 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2006-09-13 13:58:12 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2006-09-13 13:56:43 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2006-09-13 13:56:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006-09-13 13:55:33 | 000,011,452 | ---- | C] () -- C:\WINDOWS\System32\mypixdx.chm
[2006-09-13 13:55:10 | 010,604,352 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ehcir.ird
[2006-09-13 13:54:45 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2006-09-13 13:54:45 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2006-09-13 13:54:45 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2006-09-13 13:54:45 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2006-09-13 13:54:45 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2006-09-13 13:54:45 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2006-09-13 13:54:45 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2006-09-13 13:54:45 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2006-09-13 13:54:45 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2006-09-13 13:54:45 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2006-09-13 13:54:45 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2006-09-13 13:54:42 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2006-09-13 13:54:42 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2006-09-13 13:54:41 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2006-09-13 13:54:35 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2006-09-13 12:43:15 | 000,000,209 | RHS- | C] () -- C:\boot.ini
[2006-09-13 12:43:11 | 003,888,056 | ---- | C] () -- C:\WINDOWS\TOSHIBA1440x0900.bmp
[2006-09-13 12:43:11 | 003,072,056 | ---- | C] () -- C:\WINDOWS\TOSHIBA1280x0800.bmp
[2006-09-13 12:43:11 | 002,359,352 | ---- | C] () -- C:\WINDOWS\TOSHIBA1024x0768.bmp
[2006-09-13 12:43:10 | 003,888,054 | ---- | C] () -- C:\WINDOWS\TOSHIBA Satellite 1440x900.bmp
[2006-09-13 12:43:10 | 003,072,054 | ---- | C] () -- C:\WINDOWS\TOSHIBA Satellite 1280x800.bmp
[2006-09-13 12:43:10 | 002,359,350 | ---- | C] () -- C:\WINDOWS\TOSHIBA Satellite 1024x768.bmp
[2006-09-13 12:43:09 | 003,888,056 | ---- | C] () -- C:\WINDOWS\Qosmio_1440x900.bmp
[2006-09-13 12:43:09 | 003,072,056 | ---- | C] () -- C:\WINDOWS\Qosmio_1280x800.bmp
[2006-09-13 12:43:09 | 001,572,920 | ---- | C] () -- C:\WINDOWS\Qosmio_1024x768.bmp
[2006-09-13 12:43:07 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2006-09-13 12:43:07 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2006-09-13 12:43:07 | 000,016,280 | ---- | C] () -- C:\WINDOWS\System32\OEMLOGO.BMP
[2006-09-13 12:43:07 | 000,006,801 | ---- | C] () -- C:\WINDOWS\System32\Toshiba.cab
[2006-09-13 12:43:07 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006-09-13 12:43:00 | 000,844,314 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2006-09-13 12:42:59 | 000,498,742 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dxmasf.dll
[2006-09-13 12:42:54 | 000,250,032 | RHS- | C] () -- C:\ntldr
[2006-09-13 12:42:54 | 000,047,564 | RHS- | C] () -- C:\NTDETECT.COM
[2006-09-13 12:42:52 | 000,127,213 | ---- | C] () -- C:\WINDOWS\System32\ega.cpi
[2006-09-13 12:42:52 | 000,082,944 | ---- | C] () -- C:\WINDOWS\clock.avi
[2006-09-13 12:42:51 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.cht
[2006-09-13 12:42:50 | 000,001,696 | ---- | C] () -- C:\WINDOWS\System32\noise.chs
[2006-09-13 12:42:28 | 000,000,697 | ---- | C] () -- C:\WINDOWS\System32\noise.tha
[2006-09-13 12:42:25 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\wstpager.ax
[2006-09-13 12:42:25 | 000,001,158 | ---- | C] () -- C:\WINDOWS\System32\wpa.dbl
[2006-09-13 12:42:24 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\wiasf.ax
[2006-09-13 12:42:23 | 001,326,080 | ---- | C] () -- C:\WINDOWS\System32\webfldrs.msi
[2006-09-13 12:42:23 | 001,309,184 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.deu
[2006-09-13 12:42:23 | 001,095,680 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.nld
[2006-09-13 12:42:23 | 000,957,440 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.enu
[2006-09-13 12:42:23 | 000,937,984 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.sve
[2006-09-13 12:42:23 | 000,867,840 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.ita
[2006-09-13 12:42:23 | 000,786,944 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.fra
[2006-09-13 12:42:23 | 000,750,080 | ---- | C] () -- C:\WINDOWS\System32\wbdbase.esn
[2006-09-13 12:42:23 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\VBICodec.ax
[2006-09-13 12:42:23 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.sve
[2006-09-13 12:42:23 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.nld
[2006-09-13 12:42:23 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.ita
[2006-09-13 12:42:23 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.fra
[2006-09-13 12:42:23 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.esn
[2006-09-13 12:42:23 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.enu
[2006-09-13 12:42:23 | 000,065,489 | ---- | C] () -- C:\WINDOWS\System32\wbcache.deu
[2006-09-13 12:42:23 | 000,018,832 | ---- | C] () -- C:\WINDOWS\System32\v7vga.rom
[2006-09-13 12:42:23 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\wdl.trm
[2006-09-13 12:42:22 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\userinit.exe
[2006-09-13 12:42:22 | 000,000,862 | ---- | C] () -- C:\WINDOWS\System32\termcap
[2006-09-13 12:42:21 | 000,046,133 | ---- | C] () -- C:\WINDOWS\System32\sqlsodbc.chm
[2006-09-13 12:42:21 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sstub.dll
[2006-09-13 12:42:21 | 000,003,577 | ---- | C] () -- C:\WINDOWS\System32\sysprtj.sep
[2006-09-13 12:42:21 | 000,003,214 | ---- | C] () -- C:\WINDOWS\System32\sysprint.sep
[2006-09-13 12:42:19 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sniffpol.dll
[2006-09-13 12:42:18 | 000,240,120 | ---- | C] () -- C:\WINDOWS\System32\setup.bmp
[2006-09-13 12:42:18 | 000,059,167 | ---- | C] () -- C:\WINDOWS\System\setup.inf
[2006-09-13 12:42:18 | 000,036,364 | ---- | C] () -- C:\WINDOWS\System32\secpol.msc
[2006-09-13 12:42:18 | 000,033,464 | ---- | C] () -- C:\WINDOWS\System32\services.msc
[2006-09-13 12:42:18 | 000,007,208 | ---- | C] () -- C:\WINDOWS\System32\secupd.sig
[2006-09-13 12:42:18 | 000,007,116 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\services
[2006-09-13 12:42:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006-09-13 12:42:17 | 000,044,451 | R--- | C] () -- C:\WINDOWS\System32\rsop.msc
[2006-09-13 12:42:17 | 000,003,708 | ---- | C] () -- C:\WINDOWS\System32\pubprn.vbs
[2006-09-13 12:42:17 | 000,003,178 | ---- | C] () -- C:\WINDOWS\System32\rsvpcnts.h
[2006-09-13 12:42:17 | 000,003,167 | ---- | C] () -- C:\WINDOWS\System32\rsaci.rat
[2006-09-13 12:42:17 | 000,003,010 | ---- | C] () -- C:\WINDOWS\System32\pschdcnt.h
[2006-09-13 12:42:17 | 000,001,818 | ---- | C] () -- C:\WINDOWS\System32\rasctrnm.h
[2006-09-13 12:42:17 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\pscript.sep
[2006-09-13 12:42:16 | 000,409,130 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006-09-13 12:42:16 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006-09-13 12:42:16 | 000,065,396 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006-09-13 12:42:16 | 000,058,273 | R--- | C] () -- C:\WINDOWS\System32\perfmon.msc
[2006-09-13 12:42:16 | 000,035,755 | ---- | C] () -- C:\WINDOWS\System32\prncnfg.vbs
[2006-09-13 12:42:16 | 000,032,546 | ---- | C] () -- C:\WINDOWS\System32\prnmngr.vbs
[2006-09-13 12:42:16 | 000,029,454 | ---- | C] () -- C:\WINDOWS\System32\prnport.vbs
[2006-09-13 12:42:16 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006-09-13 12:42:16 | 000,025,415 | ---- | C] () -- C:\WINDOWS\System32\prndrvr.vbs
[2006-09-13 12:42:16 | 000,021,527 | ---- | C] () -- C:\WINDOWS\System32\prnjobs.vbs
[2006-09-13 12:42:16 | 000,015,860 | ---- | C] () -- C:\WINDOWS\System32\prnqctl.vbs
[2006-09-13 12:42:16 | 000,000,799 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\protocol
[2006-09-13 12:42:16 | 000,000,435 | ---- | C] () -- C:\WINDOWS\System32\perfwci.h
[2006-09-13 12:42:16 | 000,000,427 | ---- | C] () -- C:\WINDOWS\System32\perfci.h
[2006-09-13 12:42:16 | 000,000,140 | ---- | C] () -- C:\WINDOWS\System32\perffilt.h
[2006-09-13 12:42:16 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\pcl.sep
[2006-09-13 12:42:15 | 000,006,788 | ---- | C] () -- C:\WINDOWS\System32\oembios.sig
[2006-09-13 12:42:15 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006-09-13 12:42:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006-09-13 12:42:13 | 000,032,968 | ---- | C] () -- C:\WINDOWS\System32\ntmsoprq.msc
[2006-09-13 12:42:13 | 000,026,209 | ---- | C] () -- C:\WINDOWS\System32\ntmsmgr.msc
[2006-09-13 12:42:13 | 000,004,310 | ---- | C] () -- C:\WINDOWS\System32\odbcconf.rsp
[2006-09-13 12:42:12 | 000,149,848 | ---- | C] () -- C:\WINDOWS\System32\noise.deu
[2006-09-13 12:42:12 | 000,118,272 | R--- | C] () -- C:\WINDOWS\System32\twext.exe
[2006-09-13 12:42:12 | 000,049,196 | ---- | C] () -- C:\WINDOWS\System32\noise.fra
[2006-09-13 12:42:12 | 000,048,794 | ---- | C] () -- C:\WINDOWS\System32\ntimage.gif
[2006-09-13 12:42:12 | 000,019,684 | ---- | C] () -- C:\WINDOWS\System32\noise.esn
[2006-09-13 12:42:12 | 000,019,618 | ---- | C] () -- C:\WINDOWS\System32\noise.ita
[2006-09-13 12:42:12 | 000,013,730 | ---- | C] () -- C:\WINDOWS\System32\noise.sve
[2006-09-13 12:42:12 | 000,013,256 | ---- | C] () -- C:\WINDOWS\System32\noise.nld
[2006-09-13 12:42:12 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.enu
[2006-09-13 12:42:12 | 000,000,751 | ---- | C] () -- C:\WINDOWS\System32\noise.eng
[2006-09-13 12:42:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006-09-13 12:42:11 | 000,000,407 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\networks
[2006-09-13 12:42:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006-09-13 12:42:05 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mlang.dat
[2006-09-13 12:42:05 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2006-09-13 12:42:05 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2data.ax
[2006-09-13 12:42:05 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2006-09-13 12:42:05 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006-09-13 12:42:05 | 000,002,755 | ---- | C] () -- C:\WINDOWS\System32\mqprfsym.h
[2006-09-13 12:42:05 | 000,001,492 | ---- | C] () -- C:\WINDOWS\System32\mmdriver.inf
[2006-09-13 12:42:05 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe
[2006-09-13 12:42:04 | 000,246,848 | ---- | C] () -- C:\WINDOWS\System32\msonlineaz.dll
[2006-09-13 12:42:04 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\dllcache\key01.sys
[2006-09-13 12:42:04 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\dllcache\keyboard.sys
[2006-09-13 12:42:04 | 000,042,166 | ---- | C] () -- C:\WINDOWS\System32\lusrmgr.msc
[2006-09-13 12:42:04 | 000,039,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mem.exe
[2006-09-13 12:42:04 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2006-09-13 12:42:04 | 000,003,683 | ---- | C] () -- C:\WINDOWS\System32\drivers\etc\lmhosts.sam
[2006-09-13 12:42:04 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\login.cmd
[2006-09-13 12:42:03 | 000,956,990 | ---- | C] () -- C:\WINDOWS\System32\instcat.sql
[2006-09-13 12:42:03 | 000,056,700 | ---- | C] () -- C:\WINDOWS\System32\ieuinit.inf
[2006-09-13 12:42:03 | 000,034,871 | ---- | C] () -- C:\WINDOWS\System32\gpedit.msc
[2006-09-13 12:42:03 | 000,021,232 | ---- | C] () -- C:\WINDOWS\System32\graphics.pro
[2006-09-13 12:42:03 | 000,004,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\himem.sys
[2006-09-13 12:42:03 | 000,000,929 | ---- | C] () -- C:\WINDOWS\System32\homepage.inf
[2006-09-13 12:42:03 | 000,000,734 | R--- | C] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2006-09-13 12:42:02 | 003,440,660 | ---- | C] () -- C:\WINDOWS\System32\drivers\gm.dls
[2006-09-13 12:42:02 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\encdec.dll
[2006-09-13 12:42:02 | 000,056,678 | ---- | C] () -- C:\WINDOWS\System32\eventvwr.msc
[2006-09-13 12:42:02 | 000,032,760 | ---- | C] () -- C:\WINDOWS\System32\fsmgmt.msc
[2006-09-13 12:42:02 | 000,012,642 | ---- | C] () -- C:\WINDOWS\System32\dllcache\edlin.exe
[2006-09-13 12:42:02 | 000,008,424 | ---- | C] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe
[2006-09-13 12:42:02 | 000,006,708 | ---- | C] () -- C:\WINDOWS\System32\esentprf.hxx
[2006-09-13 12:42:02 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fastopen.exe
[2006-09-13 12:42:02 | 000,000,080 | ---- | C] () -- C:\WINDOWS\explorer.scf
[2006-09-13 12:42:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006-09-13 12:42:01 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\dsound.vxd
[2006-09-13 12:41:54 | 000,053,840 | ---- | C] () -- C:\WINDOWS\System32\dllcache\dosx.exe
[2006-09-13 12:41:54 | 000,041,397 | ---- | C] () -- C:\WINDOWS\System32\dfrg.msc
[2006-09-13 12:41:54 | 000,040,505 | ---- | C] () -- C:\WINDOWS\System32\cmdlib.wsc
[2006-09-13 12:41:54 | 000,038,302 | ---- | C] () -- C:\WINDOWS\System32\compmgmt.msc
[2006-09-13 12:41:54 | 000,033,673 | ---- | C] () -- C:\WINDOWS\System32\diskmgmt.msc
[2006-09-13 12:41:54 | 000,033,079 | ---- | C] () -- C:\WINDOWS\System32\devmgmt.msc
[2006-09-13 12:41:54 | 000,020,634 | ---- | C] () -- C:\WINDOWS\System32\dllcache\debug.exe
[2006-09-13 12:41:54 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006-09-13 12:41:54 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\cmos.ram
[2006-09-13 12:41:53 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\wstrenderer.ax
[2006-09-13 12:41:53 | 000,167,219 | ---- | C] () -- C:\WINDOWS\System32\pagefileconfig.vbs
[2006-09-13 12:41:53 | 000,097,965 | ---- | C] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs
[2006-09-13 12:41:53 | 000,097,965 | ---- | C] () -- C:\WINDOWS\System32\eventquery.vbs
[2006-09-13 12:41:53 | 000,071,859 | ---- | C] () -- C:\WINDOWS\System32\cliconf.chm
[2006-09-13 12:41:53 | 000,042,339 | ---- | C] () -- C:\WINDOWS\System32\certmgr.msc
[2006-09-13 12:41:53 | 000,041,762 | ---- | C] () -- C:\WINDOWS\System32\ciadv.msc
[2006-09-13 12:41:53 | 000,028,420 | ---- | C] () -- C:\WINDOWS\System32\bios1.rom
[2006-09-13 12:41:53 | 000,008,191 | ---- | C] () -- C:\WINDOWS\System32\bios4.rom
[2006-09-13 12:41:53 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\View Channels.scf
[2006-09-13 12:41:52 | 000,079,996 | ---- | C] () -- C:\WINDOWS\System32\dllcache\apps.chm
[2006-09-13 12:41:52 | 000,012,498 | ---- | C] () -- C:\WINDOWS\System32\dllcache\append.exe
[2006-09-13 12:41:52 | 000,009,029 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ansi.sys
[2006-09-13 12:41:52 | 000,002,233 | ---- | C] () -- C:\WINDOWS\System32\12520850.cpx
[2006-09-13 12:41:52 | 000,002,151 | ---- | C] () -- C:\WINDOWS\System32\12520437.cpx
[2006-09-13 12:41:52 | 000,000,707 | ---- | C] () -- C:\WINDOWS\_default.pif
[2006-09-01 07:44:04 | 000,008,798 | ---- | C] () -- C:\WINDOWS\System32\icrav03.rat
[2006-09-01 07:44:04 | 000,001,988 | ---- | C] () -- C:\WINDOWS\System32\ticrf.rat
[2006-04-03 09:59:54 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\xposer.cfg
[2006-04-03 09:59:16 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\asinst.cfg
[2006-01-30 21:15:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005-12-05 01:45:29 | 000,008,171 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\r.exe
[2005-12-05 01:30:56 | 000,318,369 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Desktop\HiJackThis.zip
[2005-09-02 13:44:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005-08-05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005-07-22 20:30:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004-07-20 16:04:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004-01-15 13:43:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll

========== LOP Check ==========

[2007-06-12 18:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2007-07-28 18:40:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007-06-12 18:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2007-07-28 18:39:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008-01-11 00:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008-09-07 19:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\Antispyware
[2009-01-18 20:54:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\AVG7
[2007-01-17 13:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\InterVideo
[2007-06-25 22:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\MessengerSkinner
[2006-11-20 21:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\MSNInstaller
[2007-07-25 20:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\Template
[2006-10-05 17:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\toshiba
[2006-10-05 17:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\Windows Desktop Search
[2009-05-25 02:00:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job

========== Purity Check ==========

< End of report >

#3
lawtel32

Posted 22 February 2012 - 01:21 PM

Member

Topic Starter
Member
17 posts

Apologies for writing two posts under two usernames (lawtel32 + lawtel23).

I tried adding the log to the first one, but I couldn't upload it from my mobile. My other laptop is a work laptop, and my user account signs in via facebook - which is blocked from my work laptop.

I then found that I couldn't comment on the original post using a second username, hence the new post.

Apologies again.

[EDIT]

By the way - it seems that I cannot reply to this thread since you merged the two topics. Unsure why? Thanks for initiating the help - really appreciate it!

[EDIT]

I can only post via my laptop using this account - but I cannot create new replies. Is there some workaround for this perhaps?

Re the 'r.exe' on my desktop - it was a program to help restore my cmd capability. I couldn't run it's original, so I changed it's name to 'r.exe' instead. It didn't work either, though.

Re the ComboFix log - I couldn't find the text file in the combofix directory. I only have the following files in the combofix folder: ddsDo; DPF; embedded; REDACL; RegDo; run2; toolbar. None of them look like logs.

Thanks for your help thus far matey :-)

Here are the logs:

RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode
User: Gitanjali [Admin rights]
Mode: Scan -- Date: 12/06/2005 06:13:29

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

RogueKiller V7.1.0 [02/15/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Safe mode
User: Gitanjali [Admin rights]
Mode: Remove -- Date: 12/06/2005 06:13:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[] HKLM\[...]\Windows : () -> ACCESS DENIED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

All processes killed
========== COMMANDS ==========
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\awsku deleted successfully.
C:\WINDOWS\system32\awsku.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\rs32net deleted successfully.
C:\WINDOWS\system32\rs32net.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\twext.exe deleted successfully.
File move failed. C:\WINDOWS\system32\twext.exe scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\bastxg\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\ditufybyl.reg moved successfully.
C:\WINDOWS\edafenodad._sy moved successfully.
File C:\Documents and Settings\Gitanjali\Local Settings\Application Data\amisudy.bin not found.
C:\WINDOWS\pogahes.dat moved successfully.
C:\WINDOWS\xusoboxan.bat moved successfully.
C:\WINDOWS\ahowyle._dl moved successfully.
C:\Documents and Settings\All Users\Application Data\lalywaj.inf moved successfully.
C:\Program Files\Common Files\enut.dat moved successfully.
C:\WINDOWS\system32\tesape.com moved successfully.
C:\Program Files\Common Files\orawoqor.bin moved successfully.
C:\Documents and Settings\All Users\Documents\rabir.bin moved successfully.
C:\Documents and Settings\Gitanjali\Application Data\dyvip.ban moved successfully.
C:\Documents and Settings\All Users\Documents\uroji.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\iqyco.com moved successfully.
C:\Program Files\Common Files\syhit.dl moved successfully.
C:\WINDOWS\fujan.inf moved successfully.
File C:\Documents and Settings\Gitanjali\Local Settings\Application Data\cevebe.vbs not found.
C:\Documents and Settings\All Users\Application Data\ohuvehago.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\fifu.bin moved successfully.
C:\Documents and Settings\All Users\Application Data\mavubah.ban moved successfully.
C:\Program Files\Common Files\xunefomyca.bat moved successfully.
File C:\Documents and Settings\Gitanjali\Local Settings\Application Data\emusivyfu.lib not found.
File C:\Documents and Settings\Gitanjali\Local Settings\Application Data\pawagulowu.db not found.
C:\Documents and Settings\All Users\Documents\soxeveha.pif moved successfully.
C:\WINDOWS\system32\wini10491.exe moved successfully.
File C:\WINDOWS\System32\rs32net.exe not found.
C:\WINDOWS\system32\_scui.cpl moved successfully.
C:\WINDOWS\system32\kspkdcbfa.exe moved successfully.
C:\WINDOWS\system32\uohook.exe moved successfully.
C:\WINDOWS\system32\uaghzxjl.exe moved successfully.
C:\WINDOWS\system32\yvoqwfhixw.exe moved successfully.
C:\WINDOWS\system32\kizwuts.exe moved successfully.
C:\WINDOWS\system32\mskhqtkmu.exe moved successfully.
C:\WINDOWS\system32\stmivlgc.exe moved successfully.
C:\WINDOWS\system32\avjimca_navfx.dat moved successfully.
C:\WINDOWS\system32\dddxdmjnq_navfx.dat moved successfully.
C:\WINDOWS\system32\lqdquybrh.exe moved successfully.
C:\WINDOWS\system32\hbvtgdsaae.exe moved successfully.
C:\WINDOWS\system32\waeeog.exe moved successfully.
C:\WINDOWS\system32\htotkfkxxt.exe moved successfully.
C:\WINDOWS\system32\gkahvitkr.exe moved successfully.
C:\WINDOWS\system32\DivXWMPExtType.dll moved successfully.
C:\WINDOWS\system32\ljohtjvjd.exe moved successfully.
C:\WINDOWS\system32\iokdiyykd.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\ezsid.dat moved successfully.
C:\WINDOWS\system32\hojrvid.exe moved successfully.
C:\WINDOWS\mozver.dat moved successfully.
C:\WINDOWS\system32\twqcasr.exe moved successfully.
C:\WINDOWS\system32\fxqkbbw.exe moved successfully.
C:\WINDOWS\system32\xhqfaiina.exe moved successfully.
C:\WINDOWS\system32\jjdhehgb.exe moved successfully.
C:\WINDOWS\system32\kfqyzlxht.exe moved successfully.
C:\WINDOWS\system32\rbxtuaui.exe moved successfully.
C:\WINDOWS\system32\frhuqos.exe moved successfully.
C:\WINDOWS\system32\zlhmqxy.exe moved successfully.
C:\WINDOWS\system32\mwncskfuo.exe moved successfully.
C:\WINDOWS\system32\lfehznwol.exe moved successfully.
C:\WINDOWS\system32\enxfnds.exe moved successfully.
C:\WINDOWS\system32\oosdgwpu.exe moved successfully.
C:\WINDOWS\system32\turbxtg.exe moved successfully.
C:\WINDOWS\system32\driveq.exe moved successfully.
C:\WINDOWS\system32\jfafyzv.exe moved successfully.
C:\WINDOWS\system32\rrknprw.exe moved successfully.
C:\WINDOWS\system32\lgbris.exe moved successfully.
C:\WINDOWS\system32\yylcazipq.exe moved successfully.
C:\WINDOWS\system32\xzqhkb.exe moved successfully.
C:\WINDOWS\system32\ukaiaepv.exe moved successfully.
C:\WINDOWS\system32\dszegkb.exe moved successfully.
C:\WINDOWS\system32\tzcjspyyo.exe moved successfully.
C:\WINDOWS\system32\bfegsxjdu.exe moved successfully.
C:\WINDOWS\system32\fjayaaklfp.exe moved successfully.
C:\WINDOWS\system32\disaxgmr.exe moved successfully.
C:\WINDOWS\system32\xrplurnajg.exe moved successfully.
C:\WINDOWS\system32\qrrobvxqi.exe moved successfully.
C:\WINDOWS\system32\zwvyds.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Gitanjali
->Temp folder emptied: 6947634 bytes
->Temporary Internet Files folder emptied: 7382896 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42459720 bytes
->Flash cache emptied: 1526544 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 16786 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 101119 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3953473 bytes
RecycleBin emptied: 12586378 bytes

Total Files Cleaned = 72.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Gitanjali
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.33.1 log created on 12062005_065934

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\twext.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Edited by lawtel32, 23 February 2012 - 05:20 PM.

#4
WhiteHat

Posted 22 February 2012 - 02:46 PM

Trusted Helper

Retired Staff
1,925 posts

Hello Lawtel23 and welcome to GeeksToGo

I'm GLeobas and I'm going to help you fix your problem.

Please note that I'm currently in training and my posts have to be approved by an expert before I reply.

Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
Please do not try to fix anything without being asked
I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
I am currently reviewing your logs.

#5
WhiteHat

Posted 23 February 2012 - 09:16 AM

Trusted Helper

Retired Staff
1,925 posts

Hi,

C:\Documents and Settings\Gitanjali\Desktop\r.exe

Do you know this executable?

Since you are without internet, try to use Safe Mode with Networking to download the necessary files. see this page for how to do:
http://www.computerh...sues/chsafe.htm

PS: If you do not have internet access even in safe mode with networking restart your computer in normal mode.

Download the required files for this post from your phone (if possible) as it did with Hijackthis. If it is not possible to use your phone to download the files, use another computer to download and transfer them to your computer using a USB drive.

If you have any doubt, please, let me know

# Step 1 #

You have two antivirus installed on your computer (AVG and Norton). Please uninstall one of them because have both installed brings no benefit for computer security. Besides, they can conflict and harm the performance of your computer.

For uninstall AVG:
http://www.google.co...mwUhptA&cad=rja

For uninstall Norton:
https://www-secure.s...n=1&pvid=f-home

# Step 2 #

Download RogueKiller to your desktop

Quit all running programs
For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
Wait until Prescan has finished ...
Click on
The report has been created on the desktop.
Click on the button.
The report has been created on the desktop.

Please post the contents of the RKreport.txt in your next Reply.

If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to G2G.exe

# Step 3 #

Please reopen Posted Image

on your desktop.

Under the

box at the bottom, paste in the following

:Commands
[CREATERESTOREPOINT]

:OTL
O4 - HKLM..\Run: [awsku] C:\WINDOWS\System32\awsku.exe ()
O4 - HKLM..\Run: [rs32net] C:\WINDOWS\system32\rs32net.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - C:\WINDOWS\system32\twext.exe ()
O20 - Winlogon\Notify\bastxg: DllName - (bastxg.dll) - File not found
[2008-11-05 23:56:14 | 000,019,487 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ditufybyl.reg
[2008-11-05 23:56:14 | 000,019,255 | ---- | M] () -- C:\WINDOWS\edafenodad._sy
[2008-11-05 23:56:14 | 000,018,291 | ---- | M] () -- C:\Documents and  Settings\Gitanjali\Local Settings\Application Data\amisudy.bin
[2008-11-05 23:56:14 | 000,017,758 | ---- | M] () -- C:\WINDOWS\pogahes.dat
[2008-11-05 23:56:14 | 000,016,982 | ---- | M] () -- C:\WINDOWS\xusoboxan.bat
[2008-11-05 23:56:14 | 000,016,731 | ---- | M] () -- C:\WINDOWS\ahowyle._dl
[2008-11-05 23:56:14 | 000,015,703 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\lalywaj.inf
[2008-11-05 23:56:14 | 000,015,698 | ---- | M] () -- C:\Program Files\Common Files\enut.dat
[2008-11-05 23:56:14 | 000,015,590 | ---- | M] () -- C:\WINDOWS\System32\tesape.com
[2008-11-05 23:56:14 | 000,015,457 | ---- | M] () -- C:\Program Files\Common Files\orawoqor.bin
[2008-11-05 23:56:14 | 000,014,641 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\rabir.bin
[2008-11-05 23:56:14 | 000,014,620 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Application Data\dyvip.ban
[2008-11-05 23:56:14 | 000,014,614 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\uroji.bat
[2008-11-05 23:56:14 | 000,014,525 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\iqyco.com
[2008-11-05 23:56:14 | 000,013,778 | ---- | M] () -- C:\Program Files\Common Files\syhit.dl
[2008-11-05 23:56:14 | 000,013,738 | ---- | M] () -- C:\WINDOWS\fujan.inf
[2008-11-05 23:56:14 | 000,013,391 | ---- | M] () -- C:\Documents and  Settings\Gitanjali\Local Settings\Application Data\cevebe.vbs
[2008-11-05 23:56:14 | 000,013,250 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ohuvehago.sys
[2008-11-05 23:56:14 | 000,012,888 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\fifu.bin
[2008-11-05 23:56:14 | 000,012,463 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\mavubah.ban
[2008-11-05 23:56:14 | 000,012,229 | ---- | M] () -- C:\Program Files\Common Files\xunefomyca.bat
[2008-11-05 23:56:14 | 000,010,968 | ---- | M] () -- C:\Documents and  Settings\Gitanjali\Local Settings\Application Data\emusivyfu.lib
[2008-11-05 23:56:14 | 000,010,898 | ---- | M] () -- C:\Documents and  Settings\Gitanjali\Local Settings\Application Data\pawagulowu.db
[2008-11-05 23:56:14 | 000,010,515 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\soxeveha.pif
[2008-11-05 23:51:16 | 000,125,883 | ---- | M] () -- C:\WINDOWS\System32\wini10491.exe
[2008-11-05 23:49:09 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\rs32net.exe
[2008-11-05 20:56:22 | 000,224,075 | ---- | M] () -- C:\WINDOWS\System32\_scui.cpl
[2008-02-14 10:07:20 | 000,333,824 | ---- | M] () -- C:\WINDOWS\System32\kspkdcbfa.exe
[2008-02-13 16:17:18 | 000,299,008 | ---- | M] () -- C:\WINDOWS\System32\uohook.exe
[2008-02-05 23:27:19 | 000,352,768 | ---- | M] () -- C:\WINDOWS\System32\uaghzxjl.exe
[2008-01-27 21:07:50 | 000,293,376 | ---- | M] () -- C:\WINDOWS\System32\yvoqwfhixw.exe
[2008-01-09 03:17:29 | 000,290,816 | ---- | M] () -- C:\WINDOWS\System32\kizwuts.exe
[2008-01-07 17:55:25 | 000,305,152 | ---- | M] () -- C:\WINDOWS\System32\mskhqtkmu.exe
[2007-12-27 10:50:26 | 000,293,888 | ---- | M] () -- C:\WINDOWS\System32\stmivlgc.exe
[2007-12-27 01:48:31 | 000,684,122 | ---- | M] () -- C:\WINDOWS\System32\avjimca_navfx.dat
[2008-05-30 20:45:04 | 000,820,903 | ---- | M] () -- C:\WINDOWS\System32\dddxdmjnq_navfx.dat
[2007-12-13 04:44:21 | 000,291,840 | ---- | M] () -- C:\WINDOWS\System32\lqdquybrh.exe
[2007-12-08 11:39:29 | 000,294,400 | ---- | M] () -- C:\WINDOWS\System32\hbvtgdsaae.exe
[2007-12-04 11:33:15 | 000,299,520 | ---- | M] () -- C:\WINDOWS\System32\waeeog.exe
[2007-12-02 15:51:37 | 000,282,112 | ---- | M] () -- C:\WINDOWS\System32\htotkfkxxt.exe
[2007-11-30 00:43:33 | 000,291,840 | ---- | M] () -- C:\WINDOWS\System32\gkahvitkr.exe
[2007-11-28 21:52:32 | 000,012,288 | ---- | M] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007-11-24 22:40:03 | 000,285,184 | ---- | M] () -- C:\WINDOWS\System32\ljohtjvjd.exe
[2007-11-24 13:40:27 | 000,277,504 | ---- | M] () -- C:\WINDOWS\System32\iokdiyykd.exe
[2007-11-21 03:58:27 | 000,000,032 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007-11-16 10:37:54 | 000,287,744 | ---- | M] () -- C:\WINDOWS\System32\hojrvid.exe
[2007-11-12 14:55:26 | 000,001,165 | ---- | M] () -- C:\WINDOWS\mozver.dat
[2007-11-08 11:02:52 | 000,286,720 | ---- | M] () -- C:\WINDOWS\System32\twqcasr.exe
[2007-11-03 05:59:18 | 000,307,200 | ---- | M] () -- C:\WINDOWS\System32\fxqkbbw.exe
[2007-10-30 23:09:07 | 000,301,568 | ---- | M] () -- C:\WINDOWS\System32\xhqfaiina.exe
[2007-10-30 11:35:21 | 000,304,640 | ---- | M] () -- C:\WINDOWS\System32\jjdhehgb.exe
[2007-10-27 17:58:45 | 000,292,352 | ---- | M] () -- C:\WINDOWS\System32\kfqyzlxht.exe
[2007-10-24 09:29:28 | 000,303,616 | ---- | M] () -- C:\WINDOWS\System32\rbxtuaui.exe
[2007-10-18 22:34:08 | 000,303,616 | ---- | M] () -- C:\WINDOWS\System32\frhuqos.exe
[2007-10-17 09:47:37 | 000,273,920 | ---- | M] () -- C:\WINDOWS\System32\zlhmqxy.exe
[2007-10-11 08:31:36 | 000,337,408 | ---- | M] () -- C:\WINDOWS\System32\mwncskfuo.exe
[2007-10-09 17:01:17 | 000,274,432 | ---- | M] () -- C:\WINDOWS\System32\lfehznwol.exe
[2007-10-08 11:04:11 | 000,276,480 | ---- | M] () -- C:\WINDOWS\System32\enxfnds.exe
[2007-10-07 19:48:03 | 000,275,968 | ---- | M] () -- C:\WINDOWS\System32\oosdgwpu.exe
[2007-10-06 23:10:30 | 000,263,168 | ---- | M] () -- C:\WINDOWS\System32\turbxtg.exe
[2007-10-01 11:09:27 | 000,339,456 | ---- | M] () -- C:\WINDOWS\System32\driveq.exe
[2007-09-30 00:29:48 | 000,343,040 | ---- | M] () -- C:\WINDOWS\System32\jfafyzv.exe
[2007-09-29 19:16:25 | 000,336,384 | ---- | M] () -- C:\WINDOWS\System32\rrknprw.exe
[2007-09-27 06:39:05 | 000,335,872 | ---- | M] () -- C:\WINDOWS\System32\lgbris.exe
[2007-09-26 12:34:32 | 000,338,432 | ---- | M] () -- C:\WINDOWS\System32\yylcazipq.exe
[2007-09-25 13:33:13 | 000,337,408 | ---- | M] () -- C:\WINDOWS\System32\xzqhkb.exe
[2007-09-20 21:07:41 | 000,266,752 | ---- | M] () -- C:\WINDOWS\System32\ukaiaepv.exe
[2007-09-19 23:40:12 | 000,274,944 | ---- | M] () -- C:\WINDOWS\System32\dszegkb.exe
[2007-09-19 11:58:57 | 000,264,704 | ---- | M] () -- C:\WINDOWS\System32\tzcjspyyo.exe
[2007-09-18 12:14:56 | 000,330,240 | ---- | M] () -- C:\WINDOWS\System32\bfegsxjdu.exe
[2007-09-10 15:57:55 | 000,272,384 | ---- | M] () -- C:\WINDOWS\System32\fjayaaklfp.exe
[2007-09-09 09:28:47 | 000,273,920 | ---- | M] () -- C:\WINDOWS\System32\disaxgmr.exe
[2007-09-08 10:51:31 | 000,273,920 | ---- | M] () -- C:\WINDOWS\System32\xrplurnajg.exe
[2007-09-07 23:46:01 | 000,274,944 | ---- | M] () -- C:\WINDOWS\System32\qrrobvxqi.exe
[2007-09-05 16:45:13 | 000,279,040 | ---- | M] () -- C:\WINDOWS\System32\zwvyds.exe

:Commands
[EMPTYTEMP]
[EMPTYFLASH]

Then click the button at the top
Let the program run unhindered, reboot the PC when it is done
Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 4 #

I see on your OTL log that you already ran ComboFix.

Please, go to C:\ComboFix.txt and post the contents of this file.

# Step 5 #

Logs I want to see in your next reply:

The RKReports logs.
The OTL fix log.
ComboFix log.

#6
lawtel32

Posted 23 February 2012 - 05:21 PM

Member

Topic Starter
Member
17 posts

See the above edit - I can't post the logs via my mobile for6 some reason, and can't reply to the thread from the 32 account.

Thanks!

#7
NeonFx

Posted 23 February 2012 - 08:25 PM

Malware Removal Dude

Expert
3,798 posts

Hi lawtel,

I have had both of your accounts merged by one of our administrators. You will now be able to reply to this thread using the lawtel32 account and all of your posts have been consolidated into it.

I'll let GLeobas take over.

#8
WhiteHat

Posted 25 February 2012 - 03:53 PM

Trusted Helper

Retired Staff
1,925 posts

Hi,

How your computer is?

# Step 1 #

Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic

# Step 2 #

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.

# Step 3 #

Logs I want to see in your next reply:

The OTL.txt log
The ComboFix.txt log

#9
lawtel32

Posted 26 February 2012 - 03:40 AM

Member

Topic Starter
Member
17 posts

Computer is exactly the same - will run the scans now

[EDIT]

The combofix has been running for about 30 minutes now - is that normal? It seems to have rid the system of the balloon popup from the task bar that said 'your computer is infected!...', but it hasn't stopped running yet.

Edited by lawtel32, 26 February 2012 - 04:48 AM.

#10
lawtel32

Posted 26 February 2012 - 05:07 AM

Member

Topic Starter
Member
17 posts

Running it again in safe mode, see what happens :-)

#11
WhiteHat

Posted 26 February 2012 - 11:30 AM

Trusted Helper

Retired Staff
1,925 posts

Ok, I'm waiting.

Please, let me know if ComboFix didn't run correctly.

#12
lawtel32

Posted 03 March 2012 - 11:33 AM

Member

Topic Starter
Member
17 posts

Combofix didn't run. Have tried it quite a few times. I'll get the other log from the computer now and post it up. Apologies for the delay - busy week at work!

#13
lawtel32

Posted 03 March 2012 - 11:51 AM

Member

Topic Starter
Member
17 posts

Here's the OTL log.

OTL logfile created on: 03/03/2012 17:43:20 - Run 2
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Gitanjali\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.98 Mb Total Physical Memory | 683.52 Mb Available Physical Memory | 67.41% Memory free
2.39 Gb Paging File | 2.16 Gb Available in Paging File | 90.41% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 40.53 Gb Free Space | 72.52% Space Free | Partition Type: NTFS
Drive E: | 14.83 Gb Total Space | 11.25 Gb Free Space | 75.85% Space Free | Partition Type: FAT32

Computer Name: YOUR-E659457A65 | User Name: Gitanjali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/22 19:19:40 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gitanjali\Desktop\OTL.scr
PRC - [2009/01/16 21:55:43 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\frmwrk32.exe
PRC - [2007/08/30 16:43:18 | 004,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
PRC - [2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/04 14:26:17 | 001,174,152 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2006/08/25 12:47:12 | 000,356,352 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/05/19 19:13:38 | 000,798,720 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSServ.exe
PRC - [2006/03/16 20:58:50 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/03/02 22:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\Toshiba.exe
PRC - [2006/02/07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2006/02/02 11:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Tvs\TvsTray.exe
PRC - [2005/05/12 09:31:38 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2005/04/11 10:26:06 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005/01/17 23:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/06/10 12:48:04 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe

========== Modules (No Company Name) ==========

MOD - [2008/12/07 21:31:02 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\adtsh.dll
MOD - [2008/05/07 04:55:40 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2007/08/30 16:43:20 | 000,081,920 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\Xmltok.dll
MOD - [2007/08/30 15:21:06 | 001,290,240 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YCPFoundation.dll
MOD - [2007/08/30 15:21:06 | 000,757,760 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YPluginRegistry.dll
MOD - [2007/08/30 15:21:06 | 000,041,472 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\YIniDom.dll
MOD - [2007/08/30 15:17:42 | 000,053,248 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\XMLParse.dll
MOD - [2006/10/09 16:12:40 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2006/01/04 17:14:36 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2004/08/10 12:00:00 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/08/10 12:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2004/07/20 16:04:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2004/06/10 12:48:04 | 000,286,720 | ---- | M] () -- C:\WINDOWS\vsnpstd.exe

========== Win32 Services (SafeList) ==========

SRV - [2011/06/26 06:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
SRV - [2007/07/16 11:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/04 14:26:17 | 001,174,152 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/02/07 15:30:40 | 000,035,840 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Program Files\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005/01/17 23:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) [Disabled | Stopped] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)

========== Driver Services (SafeList) ==========

DRV - [2009/01/20 18:39:50 | 000,085,969 | ---- | M] (GMER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gmer.sys -- (gmer)
DRV - [2008/12/08 00:02:43 | 000,032,768 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\ati0dkxx.sys -- (ati0dkxx)
DRV - [2008/02/29 15:03:48 | 000,008,944 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/02/29 15:03:46 | 000,051,440 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2007/07/16 11:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/02/06 09:00:00 | 000,383,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 15:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/14 11:19:03 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/05/30 15:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006/05/05 14:13:52 | 004,271,616 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/04/02 00:46:28 | 000,471,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/03/22 06:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/16 15:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/12/13 16:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/30 17:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/11/28 09:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005/10/20 13:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005/10/06 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/10/06 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/10/06 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/10/06 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/10/06 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/10/06 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/10/06 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/09/09 13:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/01/26 09:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004/06/11 09:31:00 | 000,330,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd.sys -- (snpstd)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2003/09/19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003/01/29 21:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://uk.red.client...fo/bt_side.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://uk.yahoo.com"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.2.20080717

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veoh.com/VeohPlayer: C:\Program Files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll (Veoh Networks Inc)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/10/05 19:50:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/01/16 22:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2008/12/30 19:31:03 | 000,000,000 | ---D | M]

[2008/08/30 21:09:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Extensions
[2009/01/18 22:19:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Firefox\Profiles\qk17jzoj.default\extensions
[2008/09/02 07:42:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Gitanjali\Application Data\Mozilla\Firefox\Profiles\qk17jzoj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/02 08:06:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/10/05 19:50:52 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD
[2007/06/11 13:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2008/12/30 19:31:00 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2008/12/30 19:31:00 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2008/12/30 19:31:00 | 000,000,759 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2008/12/30 19:31:00 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2005/12/06 06:10:26 | 000,000,726 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Microsoft Online Helper!) - {21DC8E21-98CF-454F-8860-66A32358E3D3} - C:\WINDOWS\system32\msonlineaz.dll ()
O2 - BHO: (Rmn plugin) - {E8FD36B2-A25B-47e3-9477-82557F5F5995} - C:\WINDOWS\System32\savec32.dll (Amway LLC)
O3 - HKLM\..\Toolbar: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (MSN Search Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [Framework Windows] C:\WINDOWS\System32\frmwrk32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe ()
O4 - HKLM..\Run: [THotkey] C:\Program Files\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\en-gb\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - %SystemRoot%\System32\mswsock.dll File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23ACFFD4-5923-4153-96CB-CA88E2D6379C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\twext.exe) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gitanjali\My Documents\My Pictures\baby krsna.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/13 14:00:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell - "" = AutoRun
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{541346ae-6cea-11dc-8048-0018de7dc467}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (stera)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/02/26 11:04:46 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/02/26 09:58:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/01/15 20:23:23 | 002,149,870 | -H-- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\IconCache.db
[2009/01/14 21:01:43 | 000,009,758 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp2v1.cab
[2009/01/13 23:04:57 | 000,006,714 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp2v2.cab
[2009/01/10 14:24:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp1v2.cab
[2009/01/10 14:24:39 | 000,051,322 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\update_sp1v1.cab
[2008/11/08 10:43:02 | 000,019,315 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\givanuwuk.db
[2008/11/05 23:56:14 | 000,018,291 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\amisudy.bin
[2008/11/05 23:56:14 | 000,013,391 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\cevebe.vbs
[2008/11/05 23:56:14 | 000,010,968 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\emusivyfu.lib
[2008/11/05 23:56:14 | 000,010,898 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\pawagulowu.db
[2007/10/26 16:05:04 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\60a7806a-0eea-424c-a464-20f4730cd631
[2007/07/25 20:12:40 | 000,000,606 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\wklnhst.dat
[2007/06/10 18:11:10 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/10 15:40:53 | 000,001,112 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Application Data\ViewerApp.dat
[2006/11/19 18:25:59 | 000,034,680 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2006/11/19 18:25:59 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gitanjali\Local Settings\Application Data\fusioncache.dat

========== Files - Modified Within 30 Days ==========

[2012/03/03 17:39:24 | 000,409,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/03 17:39:24 | 000,065,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/03 17:35:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/03 17:35:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/03 17:34:57 | 1063,309,312 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/26 09:44:10 | 004,420,481 | R--- | M] (Swearware) -- C:\Documents and Settings\Gitanjali\Desktop\ComboFix.exe
[2012/02/23 22:05:56 | 001,251,328 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\RogueKiller.exe
[2012/02/22 19:19:40 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gitanjali\Desktop\OTL.scr
[2012/02/22 18:30:34 | 000,318,369 | ---- | M] () -- C:\Documents and Settings\Gitanjali\Desktop\HiJackThis.zip

========== Files Created - No Company Name ==========

[2012/03/03 17:34:57 | 1063,309,312 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/26 09:58:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/26 09:58:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

========== LOP Check ==========

[2007/06/12 18:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2005/12/06 06:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2007/06/12 18:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/01/11 00:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/09/07 19:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\Antispyware
[2005/12/06 06:08:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\AVG7
[2007/01/17 13:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\InterVideo
[2007/06/25 22:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\MessengerSkinner
[2006/11/20 21:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\MSNInstaller
[2007/07/25 20:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\Template
[2006/10/05 17:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\toshiba
[2006/10/05 17:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Gitanjali\Application Data\Windows Desktop Search
[2009/05/25 02:00:00 | 000,000,504 | ---- | M] () -- C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job

========== Purity Check ==========

< End of report >

Thanks matey

#14
lawtel32

Posted 03 March 2012 - 11:55 AM

Member

Topic Starter
Member
17 posts

Odd - it seems like the combofix is running right now? I'll post the log when I get to that stage. Very neat.

[EDIT]

Seems to have stalled. It has been preparing the log report for the last 5 minutes but the background / taskbar has frozen.

Will give it another few minutes and will then reboot and rerun after looking for the text file.

Edited by lawtel32, 03 March 2012 - 12:08 PM.

#15
lawtel32

Posted 03 March 2012 - 12:17 PM

Member

Topic Starter
Member
17 posts

Combofix file was created. Here are the contents:

ComboFix 12-02-25.02 - Gitanjali 03/03/2012 17:54:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1014.548 [GMT 0:00]
Running from: C:\Documents and Settings\Gitanjali\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

- REDUCED FUNCTIONALITY MODE -

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Documents and Settings\Administrator\WINDOWS
C:\Documents and Settings\Default User\WINDOWS
C:\Documents and Settings\Gitanjali\Application Data\MessengerSkinner
C:\Documents and Settings\Gitanjali\Application Data\MessengerSkinner\Userdata\languages_v2.xml
C:\Documents and Settings\Gitanjali\err.log
C:\Documents and Settings\Gitanjali\Start Menu\Programs\MessengerSkinner
C:\Documents and Settings\Gitanjali\Start Menu\Programs\MessengerSkinner\MessengerSkinner.lnk
C:\Documents and Settings\Gitanjali\Start Menu\Programs\MessengerSkinner\Website.lnk
C:\Documents and Settings\Gitanjali\WINDOWS
C:\Documents and Settings\LocalService\Application Data\twain_32
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds
C:\Documents and Settings\NetworkService\Application Data\twain_32
C:\Documents and Settings\NetworkService\Application Data\twain_32\user.ds
C:\Program Files\Common Files\Companion Wizard
C:\Program Files\Common Files\Companion Wizard\log.txt
C:\WINDOWS\pack.epk
C:\WINDOWS\system32\bb1.dat
C:\WINDOWS\system32\config\systemprofile\.exe
C:\WINDOWS\system32\config\systemprofile\WINDOWS
C:\WINDOWS\system32\ekd.txt
C:\WINDOWS\system32\frmwrk32.exe
C:\WINDOWS\system32\savec32.dll
C:\WINDOWS\system32\stera.log
C:\WINDOWS\system32\sys.dat
C:\WINDOWS\system32\sysservice.dll
C:\WINDOWS\system32\tb.dr
C:\WINDOWS\system32\test.ttt
C:\WINDOWS\system32\twain_32
C:\WINDOWS\system32\twain_32\local.ds
C:\WINDOWS\system32\twain_32\user.ds
C:\WINDOWS\system32\twain_32\user.ds.cla
C:\WINDOWS\system32\uniq.tll
C:\WINDOWS\system32\win32hlp.cnf

Infected copy of C:\WINDOWS\system32\userinit.exe was found and disinfected
Restored copy from - C:\WINDOWS\system32\init32.exe

((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))