Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Weird Shortcut in C: (snqn) and suspected Ramnit?

Started by roadran , Mar 10 2012 09:35 AM

  • Please log in to reply

#1
roadran
Posted 10 March 2012 - 09:35 AM

roadran

    Member

  • Member
  • PipPipPip
  • 142 posts
At first I had a USB Flash drive that had these 4 weird short cut files and a autorun.inf that always regenerated also if I disabled hidden folders, a refresh would enable it. I formatted the usb flash drive and but things back on that I had checked with MBAM. Now there are pop ups saying some Ramnit infection, and that there is this weird snqn file that I can't delete off the C: drive. Before all of this happened I had a MFT error on the same HD (Resizing partitions with Easues Parition Manger, once done I didn't listen to the CHKDSK call), I partitioned it and made a new partition for new OS, while the old partition still has my files on it.

OTL LOG

OTL logfile created on: 3/10/2012 10:26:25 AM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 53.54% Memory free
7.90 Gb Paging File | 5.96 Gb Available in Paging File | 75.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 398.95 Gb Total Space | 348.08 Gb Free Space | 87.25% Space Free | Partition Type: NTFS
Drive E: | 197.12 Gb Total Space | 29.34 Gb Free Space | 14.88% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 10:24:20 | 005,902,848 | R--- | M] (ShamurShamur) -- C:\Users\Administrator\AppData\Local\Temp\Temp1_XBootv1.0beta14.zip\xbootvs1.0beta14.exe
PRC - [2012/03/10 10:06:50 | 000,030,720 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\winsicjo.exe
PRC - [2012/03/10 09:09:41 | 000,724,344 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/03/10 08:05:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 10:21:12 | 013,006,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll
MOD - [2012/03/10 10:21:07 | 007,025,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll
MOD - [2012/03/10 10:21:06 | 000,973,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll
MOD - [2012/03/10 10:21:02 | 005,571,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll
MOD - [2012/03/10 10:20:57 | 001,651,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll
MOD - [2012/03/10 10:20:54 | 009,000,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll
MOD - [2012/03/10 10:20:46 | 014,415,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll
MOD - [2012/03/10 10:06:50 | 000,030,720 | ---- | M] () -- C:\Users\Administrator\AppData\Local\Temp\winsicjo.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel®
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/04/26 02:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/23 14:13:26 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/22 10:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/02/17 16:42:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) Intel® Centrino®
DRV:64bit: - [2011/02/15 02:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/01/04 15:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/08/31 05:07:05 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A C0 53 F1 C4 FE CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{00DF1A2E-2316-40AF-9A33-2FA0B4CE9FFC}: "URL" = http://websearch.ask...DF-6D64B4ABB6CE
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 13.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012/03/09 16:41:02 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 13.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS

[2012/03/09 16:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/03/09 16:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/09 16:46:24 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\[email protected]
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMEEPV8F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMEEPV8F.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADDFF3B6-4B19-48DF-8AED-F75A855BDED3}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/09 21:54:09 | 000,000,268 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 00:45:20 | 000,000,297 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 10:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/03/10 09:58:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/03/10 09:58:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/03/10 09:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/03/10 09:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2012/03/10 09:12:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
[2012/03/10 09:09:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\uTorrent
[2012/03/10 08:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBCD4Win
[2012/03/10 08:55:36 | 000,000,000 | ---D | C] -- C:\UBCD4Win
[2012/03/10 08:49:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/10 08:49:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/10 08:49:38 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/10 08:49:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/10 08:49:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/10 08:49:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/10 08:49:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/10 08:49:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/10 08:49:37 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/10 08:49:37 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/10 08:49:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/10 08:49:37 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/10 08:49:37 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/10 08:49:37 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/10 08:49:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/10 08:49:37 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/10 08:49:37 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/10 08:49:37 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/10 08:49:37 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/10 08:49:37 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/10 08:49:37 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/10 08:49:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/10 08:49:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/10 08:49:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/10 08:49:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/10 08:49:37 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/10 08:49:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/10 08:49:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/10 08:49:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/10 08:49:37 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/10 08:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/10 08:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/10 08:49:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/10 08:49:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/10 08:49:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/10 08:49:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/10 08:49:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/10 08:49:37 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/10 08:49:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/10 08:49:37 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/10 08:49:37 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/10 08:49:37 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/10 08:49:37 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/10 08:49:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/10 08:49:37 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/10 08:49:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/10 08:49:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/10 08:49:37 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/10 08:49:37 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/10 08:49:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/10 08:49:37 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/10 08:49:37 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/10 08:49:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/10 08:49:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/10 08:49:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/10 08:49:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/10 08:49:37 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/10 08:49:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/10 08:49:37 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/10 08:49:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/10 08:49:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/10 08:49:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/10 08:49:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/10 08:49:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/10 08:49:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/10 08:49:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/10 08:49:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/10 08:37:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2012/03/10 08:35:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/03/10 08:35:53 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/03/10 08:35:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/03/10 08:35:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/03/10 08:35:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/03/10 08:35:52 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/03/10 08:35:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/03/10 08:35:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/03/10 08:35:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/03/10 08:35:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/03/10 08:35:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/03/10 08:35:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/10 08:35:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/10 08:35:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/03/10 08:35:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/03/10 08:35:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/03/10 08:35:45 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/03/10 08:35:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/03/10 08:35:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/03/10 08:35:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/03/10 08:35:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/03/10 08:35:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/03/10 08:35:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/03/10 08:35:38 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/03/10 08:35:38 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/03/10 08:35:38 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/03/10 08:35:37 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/03/10 08:35:35 | 001,069,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/03/10 08:35:35 | 000,127,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2012/03/10 08:35:34 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
[2012/03/10 08:35:19 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/03/10 08:35:19 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/03/10 08:35:19 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/03/10 08:35:19 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/03/10 08:35:19 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/03/10 08:35:19 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/03/10 08:35:19 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/03/10 08:35:15 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/10 08:35:15 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/10 08:35:15 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/10 08:35:14 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/03/10 08:35:14 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/03/10 08:35:14 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/03/10 08:35:13 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012/03/10 08:35:13 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/03/10 08:35:13 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/03/10 08:35:12 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/03/10 08:35:12 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012/03/10 08:35:12 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/03/10 08:35:12 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/03/10 08:35:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/03/10 08:35:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/03/10 08:35:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/03/10 08:34:42 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/03/10 08:34:42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/03/10 08:34:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/03/10 08:34:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/03/10 08:34:30 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/03/10 08:34:30 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/03/10 08:34:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/03/10 08:34:29 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/03/10 08:34:27 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/03/10 08:34:27 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/03/10 08:34:22 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/03/10 08:34:22 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/03/10 08:34:21 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/03/10 08:34:21 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/03/10 08:34:19 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/03/10 08:34:19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/03/10 08:34:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/03/10 08:34:18 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/03/10 08:34:18 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/03/10 08:34:18 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/03/10 08:34:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/03/10 08:34:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/03/10 08:34:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/03/10 08:34:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/03/10 08:34:08 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/03/10 08:31:41 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/03/10 08:31:41 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/03/10 08:31:40 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/03/10 08:31:40 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/03/10 08:31:40 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/03/10 08:31:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/03/10 08:31:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/03/10 08:31:38 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/03/10 08:31:38 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/03/10 08:31:38 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/03/10 08:31:38 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/03/10 08:31:38 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/03/10 08:31:38 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012/03/10 08:31:38 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012/03/10 08:31:24 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/03/10 08:31:24 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/03/10 08:31:24 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/03/10 08:31:24 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/03/10 08:31:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/03/10 08:31:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/03/10 08:30:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Safer Networking
[2012/03/10 08:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
[2012/03/10 08:30:16 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/03/10 08:30:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/03/10 08:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Universal Extractor
[2012/03/10 08:29:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/03/10 08:29:57 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/03/10 08:29:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/03/10 08:29:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/03/10 08:29:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/03/10 08:29:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/03/10 08:29:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/03/10 08:29:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/03/10 08:29:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/03/10 08:28:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/03/10 08:28:31 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/03/10 08:28:01 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/10 08:28:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/10 08:27:48 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/03/10 08:25:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/03/10 08:25:01 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/03/10 08:25:00 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/03/10 08:24:49 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/03/10 08:24:49 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/03/10 08:24:47 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/03/10 08:24:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/03/10 08:24:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/03/10 08:24:18 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/03/10 08:24:17 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/03/10 08:24:13 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/03/10 08:24:13 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/03/10 08:24:13 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/03/10 08:24:13 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/03/10 08:24:13 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/03/10 08:24:12 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/03/10 08:24:12 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/03/10 08:24:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/03/10 08:24:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/03/10 08:24:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/03/10 08:23:57 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/03/10 08:23:55 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/03/10 08:23:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/03/10 08:23:50 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/10 08:23:49 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/10 08:23:49 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/10 08:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012/03/10 08:09:33 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/10 08:09:33 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/10 08:09:33 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/10 08:09:33 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/10 08:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/10 08:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/03/10 08:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/10 08:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/03/10 08:02:44 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/10 08:02:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/10 08:02:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/10 08:02:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/10 08:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/10 07:06:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/03/10 07:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/10 07:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/10 07:05:59 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/10 07:05:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/10 06:39:57 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/03/10 06:39:56 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/03/10 06:39:56 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/03/10 06:39:56 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/03/10 06:39:56 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/03/10 06:39:56 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/03/10 06:39:56 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/03/10 06:39:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/03/10 06:39:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/03/10 06:39:56 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/03/10 06:39:56 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/03/10 06:39:56 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/03/10 06:39:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/03/10 06:39:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/03/10 06:39:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/03/10 06:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2012/03/10 06:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2012/03/10 06:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2012/03/10 06:01:03 | 003,506,072 | ---- | C] (PortableApps.com) -- C:\Users\Administrator\Desktop\PortableApps.com_Platform_Setup_10.0.1.exe
[2012/03/09 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2012/03/09 23:07:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NeoSmart_Technologies
[2012/03/09 23:03:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATViewer
[2012/03/09 22:52:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/03/09 22:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012/03/09 22:48:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WindowsUpdate
[2012/03/09 22:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/09 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/09 21:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/09 21:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/03/09 20:57:34 | 000,000,000 | -H-D | C] -- C:\SPLASH.000
[2012/03/09 20:57:15 | 000,000,000 | -H-D | C] -- C:\SPLASH.SYS
[2012/03/09 20:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2012/03/09 20:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012/03/09 20:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint
[2012/03/09 20:44:34 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoinstaller01009.dll
[2012/03/09 20:44:34 | 000,316,024 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\SysNative\drivers\Apfiltr.sys
[2012/03/09 20:44:34 | 000,107,376 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\SysNative\Vxdif.dll
[2012/03/09 20:12:31 | 000,557,848 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/03/09 20:12:12 | 000,404,584 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2012/03/09 20:12:11 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012/03/09 20:11:58 | 000,317,440 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys
[2012/03/09 20:11:56 | 000,014,848 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\IntcDAuC.dll
[2012/03/09 20:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/09 20:10:58 | 009,007,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/03/09 20:10:58 | 000,430,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/03/09 20:10:58 | 000,386,048 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/03/09 20:10:58 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2401.dll
[2012/03/09 20:10:58 | 000,063,488 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/03/09 20:10:57 | 000,577,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2012/03/09 20:10:56 | 009,605,632 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/03/09 20:10:54 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/03/09 20:09:49 | 000,335,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2012/03/09 20:09:48 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2012/03/09 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2012/03/09 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/03/09 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/03/09 19:52:04 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/03/09 19:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/03/09 19:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
[2012/03/09 19:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskCheckup
[2012/03/09 19:22:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Brhs
[2012/03/09 19:22:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\School
[2012/03/09 19:01:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Roadran322
[2012/03/09 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New folder (2)
[2012/03/09 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\X-Chat 2
[2012/03/09 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Downloads
[2012/03/09 17:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Chat 2
[2012/03/09 17:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Chat 2
[2012/03/09 17:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition
[2012/03/09 17:02:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/03/09 17:02:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/03/09 17:01:40 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/09 17:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/03/09 17:01:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/09 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WBFSManager
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\WBFS Manager Covers
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2012/03/09 16:51:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2012/03/09 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/03/09 16:49:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2012/03/09 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/03/09 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2012/03/09 16:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/09 16:40:12 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/09 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/03/09 16:40:09 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012/03/09 16:39:35 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2012/03/09 16:39:35 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/03/09 15:36:10 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012/03/09 15:33:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/03/09 15:31:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/03/09 15:30:40 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/03/09 15:25:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/02/14 18:55:04 | 000,276,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2012/02/14 18:55:02 | 005,886,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/02/14 18:55:02 | 000,511,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/02/14 18:55:02 | 000,440,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/02/14 18:55:02 | 000,398,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/02/14 18:55:02 | 000,250,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/02/14 18:55:02 | 000,184,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2012/02/14 18:55:02 | 000,170,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/02/14 18:53:26 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2653.dll
[2012/02/14 18:47:40 | 008,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/02/14 18:47:38 | 014,692,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/02/14 18:44:54 | 006,120,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/02/14 18:35:26 | 007,794,688 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/02/14 17:57:52 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/02/14 17:57:52 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/02/14 17:57:52 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/02/14 17:57:52 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/02/14 17:57:52 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/02/14 17:57:50 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/02/14 17:57:50 | 000,432,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/02/14 17:57:50 | 000,430,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/02/14 17:57:48 | 000,440,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/02/14 17:57:48 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/02/14 17:57:48 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/02/14 17:57:48 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/02/14 17:57:46 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/02/14 17:57:46 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/02/14 17:57:46 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/02/14 17:57:46 | 000,429,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/02/14 17:57:46 | 000,428,544 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/02/14 17:57:44 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/02/14 17:57:42 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/02/14 17:57:18 | 000,410,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/02/14 17:57:14 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/02/14 17:56:34 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/02/14 17:56:06 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/02/14 17:56:04 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/02/14 17:55:06 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/02/14 17:54:36 | 000,321,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/02/14 17:53:08 | 002,967,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012/02/14 17:53:08 | 002,321,408 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll
[2012/02/14 17:53:08 | 000,524,800 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/02/14 17:53:08 | 000,519,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/02/14 17:53:08 | 000,237,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/02/14 17:53:08 | 000,213,504 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/02/14 17:53:08 | 000,193,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/02/14 17:53:08 | 000,177,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll

========== Files - Modified Within 30 Days ==========

[2012/03/10 10:21:36 | 000,737,706 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/10 10:21:36 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/10 10:21:36 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/10 10:12:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 10:02:40 | 000,001,437 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/10 10:01:33 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 10:01:33 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 10:00:27 | 000,275,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 10:00:00 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/10 09:42:31 | 000,047,596 | ---- | M] () -- C:\Users\Administrator\Desktop\ntdetect.com
[2012/03/10 09:09:42 | 000,000,967 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/03/10 09:09:42 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/03/10 09:03:04 | 000,103,140 | ---- | M] () -- C:\snqn.pif
[2012/03/10 08:59:12 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\UBCD4Win.lnk
[2012/03/10 08:49:38 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/10 08:49:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/10 08:49:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/10 08:49:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/10 08:49:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/10 08:49:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/10 08:49:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/10 08:49:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/10 08:49:37 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/10 08:49:37 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/10 08:49:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/10 08:49:37 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/10 08:49:37 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/10 08:49:37 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/10 08:49:37 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/10 08:49:37 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/10 08:49:37 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/10 08:49:37 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/10 08:49:37 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/10 08:49:37 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/10 08:49:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/10 08:49:37 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/10 08:49:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/10 08:49:37 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/10 08:49:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/10 08:49:37 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/10 08:49:37 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/10 08:49:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/10 08:49:37 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/10 08:49:37 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/10 08:49:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/10 08:49:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/10 08:49:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/10 08:49:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/10 08:49:37 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/10 08:49:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/10 08:49:37 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/10 08:49:37 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/10 08:49:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/10 08:49:37 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/10 08:49:37 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/10 08:49:37 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/10 08:49:37 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/10 08:49:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/10 08:49:37 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/10 08:49:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/10 08:49:37 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/10 08:49:37 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/10 08:49:37 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/10 08:49:37 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/10 08:49:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/10 08:49:37 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/10 08:49:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/10 08:49:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/10 08:49:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/10 08:49:37 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/10 08:49:37 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/10 08:49:37 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/10 08:49:37 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/10 08:49:37 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/10 08:49:37 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/10 08:49:37 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/10 08:49:37 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/10 08:49:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/10 08:49:37 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/10 08:49:37 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/10 08:40:01 | 000,001,664 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/03/10 08:34:51 | 001,069,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/03/10 08:34:51 | 000,127,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2012/03/10 08:34:50 | 000,010,752 | ---- | M] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
[2012/03/10 08:09:30 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/10 08:09:30 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/10 08:09:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/10 08:09:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/10 08:02:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/10 08:02:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/10 08:02:41 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/10 08:02:41 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/10 07:06:00 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/10 07:03:09 | 000,000,563 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2012/03/10 06:35:27 | 000,001,430 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.0 Home Edition.lnk
[2012/03/10 06:28:56 | 000,000,016 | ---- | M] () -- C:\Windows\SysWow64\dmlconf.dat
[2012/03/10 06:20:52 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/03/10 06:09:55 | 000,001,322 | ---- | M] () -- C:\Document.rtf
[2012/03/10 06:01:43 | 003,506,072 | ---- | M] (PortableApps.com) -- C:\Users\Administrator\Desktop\PortableApps.com_Platform_Setup_10.0.1.exe
[2012/03/09 21:54:09 | 000,000,268 | RHS- | M] () -- C:\autorun.inf
[2012/03/09 21:44:31 | 000,001,539 | ---- | M] () -- C:\Users\Administrator\Desktop\Xana3D.jpg
[2012/03/09 20:57:34 | 000,000,086 | -H-- | M] () -- C:\splash.idx
[2012/03/09 20:44:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/03/09 19:09:50 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/03/09 17:49:49 | 000,001,713 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2012/03/09 17:01:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/09 16:20:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bpusb_01007.Wdf
[2012/03/09 15:36:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/09 15:34:37 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/03/09 15:34:37 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/03/08 16:51:50 | 002,469,760 | ---- | M] () -- C:\Windows\SysWow64\BootMan.exe
[2012/03/08 16:51:40 | 003,321,728 | ---- | M] () -- C:\Windows\SysNative\BootMan.exe
[2012/02/14 21:35:16 | 000,018,520 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2012/02/14 18:55:02 | 005,886,232 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/02/14 18:55:02 | 000,511,768 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/02/14 18:55:02 | 000,440,600 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/02/14 18:55:02 | 000,398,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/02/14 18:55:02 | 000,250,136 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/02/14 18:55:02 | 000,184,600 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2012/02/14 18:55:02 | 000,170,264 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/02/14 18:53:26 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2653.dll
[2012/02/14 18:47:40 | 008,086,528 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/02/14 18:47:06 | 000,963,912 | ---- | M] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,963,912 | ---- | M] () -- C:\Windows\SysNative\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | M] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | M] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/02/14 18:47:06 | 000,079,360 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2012/02/14 18:44:54 | 006,120,960 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/02/14 18:44:24 | 000,058,880 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 18:42:58 | 009,605,632 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/02/14 18:35:26 | 007,794,688 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/02/14 18:07:18 | 018,125,312 | ---- | M] () -- C:\Windows\SysNative\ig4icd64.dll
[2012/02/14 17:59:56 | 013,209,600 | ---- | M] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/14 17:58:08 | 000,144,338 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/02/14 17:58:08 | 000,139,487 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/02/14 17:58:06 | 000,221,099 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/02/14 17:58:06 | 000,143,155 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/02/14 17:58:06 | 000,124,962 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/02/14 17:58:06 | 000,123,467 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/02/14 17:58:04 | 000,191,775 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/02/14 17:58:04 | 000,141,435 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/02/14 17:58:04 | 000,140,122 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/02/14 17:58:04 | 000,136,451 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/02/14 17:58:02 | 000,142,664 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/02/14 17:58:02 | 000,141,644 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/02/14 17:58:02 | 000,140,923 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/02/14 17:58:00 | 000,161,613 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/02/14 17:58:00 | 000,146,675 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/02/14 17:58:00 | 000,142,335 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/02/14 17:58:00 | 000,136,369 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/02/14 17:57:58 | 000,157,226 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/02/14 17:57:58 | 000,148,033 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/02/14 17:57:58 | 000,143,805 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/02/14 17:57:58 | 000,142,189 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/02/14 17:57:56 | 000,207,830 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/02/14 17:57:56 | 000,145,687 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/02/14 17:57:56 | 000,145,579 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/02/14 17:57:56 | 000,140,549 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/02/14 17:57:54 | 000,164,334 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/02/14 17:57:54 | 000,140,885 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/02/14 17:57:54 | 000,135,868 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/02/14 17:57:52 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/02/14 17:57:52 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/02/14 17:57:52 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/02/14 17:57:52 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/02/14 17:57:52 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/02/14 17:57:50 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/02/14 17:57:50 | 000,432,128 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/02/14 17:57:50 | 000,430,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/02/14 17:57:48 | 000,440,320 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/02/14 17:57:48 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/02/14 17:57:48 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/02/14 17:57:48 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/02/14 17:57:46 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/02/14 17:57:46 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/02/14 17:57:46 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/02/14 17:57:46 | 000,429,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/02/14 17:57:46 | 000,428,544 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/02/14 17:57:44 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/02/14 17:57:44 | 000,131,317 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/02/14 17:57:42 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/02/14 17:57:22 | 000,386,048 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/02/14 17:57:18 | 000,410,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/02/14 17:57:14 | 000,028,672 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/02/14 17:57:06 | 000,063,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/02/14 17:56:42 | 000,110,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/02/14 17:56:34 | 000,430,080 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/02/14 17:56:34 | 000,172,032 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/02/14 17:56:34 | 000,009,216 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/02/14 17:56:06 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/02/14 17:56:04 | 000,142,336 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/02/14 17:56:02 | 009,007,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/02/14 17:55:06 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/02/14 17:54:36 | 000,321,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/02/14 17:53:26 | 000,000,264 | ---- | M] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/02/14 17:53:08 | 002,967,040 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012/02/14 17:53:08 | 002,321,408 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll
[2012/02/14 17:53:08 | 000,524,800 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/02/14 17:53:08 | 000,519,680 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/02/14 17:53:08 | 000,237,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/02/14 17:53:08 | 000,213,504 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/02/14 17:53:08 | 000,193,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/02/14 17:53:08 | 000,177,152 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll
[2012/02/14 17:53:08 | 000,059,425 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/02/14 17:53:08 | 000,059,398 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/02/14 17:53:08 | 000,059,230 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/02/14 17:53:08 | 000,059,104 | ---- | M] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012/02/14 17:53:08 | 000,058,796 | ---- | M] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012/02/14 17:53:08 | 000,058,109 | ---- | M] () -- C:\Windows\SysNative\iglhxo64_dev.vp

========== Files Created - No Company Name ==========

[2012/03/10 09:42:30 | 000,047,596 | ---- | C] () -- C:\Users\Administrator\Desktop\ntdetect.com
[2012/03/10 09:09:42 | 000,000,943 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/03/10 09:03:04 | 000,103,140 | ---- | C] () -- C:\snqn.pif
[2012/03/10 08:59:12 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\UBCD4Win.lnk
[2012/03/10 08:49:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/10 08:40:01 | 000,001,664 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/03/10 07:06:00 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/10 06:35:27 | 000,001,430 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.0 Home Edition.lnk
[2012/03/10 06:22:37 | 1073,741,824 | ---- | C] () -- C:\Users\Administrator\Desktop\test
[2012/03/10 06:20:52 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/03/10 06:09:55 | 000,001,322 | ---- | C] () -- C:\Document.rtf
[2012/03/09 22:52:33 | 000,001,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012/03/09 22:46:25 | 000,001,437 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/09 21:54:12 | 000,000,268 | RHS- | C] () -- C:\autorun.inf
[2012/03/09 21:47:19 | 000,000,016 | ---- | C] () -- C:\Windows\SysWow64\dmlconf.dat
[2012/03/09 21:44:31 | 000,001,539 | ---- | C] () -- C:\Users\Administrator\Desktop\Xana3D.jpg
[2012/03/09 20:44:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/03/09 20:12:11 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/03/09 20:10:54 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/03/09 20:10:50 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/03/09 20:10:42 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/03/09 20:10:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/09 20:10:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012/03/09 19:52:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/09 17:48:59 | 000,001,713 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2012/03/09 17:09:25 | 000,000,563 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2012/03/09 17:09:06 | 003,321,728 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2012/03/09 17:09:06 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/03/09 17:09:06 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2012/03/09 17:09:06 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/03/09 17:09:06 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/03/09 17:09:06 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2012/03/09 17:09:06 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2012/03/09 17:09:06 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/03/09 17:09:06 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2012/03/09 17:09:06 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/03/09 16:51:21 | 000,000,967 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/03/09 16:41:02 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/03/09 16:41:02 | 000,000,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2012/03/09 16:40:17 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/09 16:40:13 | 000,001,443 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/09 16:39:35 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/09 16:39:35 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/09 16:20:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bpusb_01007.Wdf
[2012/03/09 15:36:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/09 15:34:21 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/09 15:34:05 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/09 15:30:37 | 3180,220,416 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/14 21:35:16 | 000,018,520 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/02/14 18:47:06 | 000,079,360 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2012/02/14 18:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 18:07:18 | 018,125,312 | ---- | C] () -- C:\Windows\SysNative\ig4icd64.dll
[2012/02/14 17:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/14 17:58:08 | 000,144,338 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/02/14 17:58:08 | 000,139,487 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/02/14 17:58:06 | 000,221,099 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/02/14 17:58:06 | 000,143,155 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/02/14 17:58:06 | 000,124,962 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/02/14 17:58:06 | 000,123,467 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/02/14 17:58:04 | 000,191,775 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/02/14 17:58:04 | 000,141,435 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/02/14 17:58:04 | 000,140,122 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/02/14 17:58:04 | 000,136,451 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/02/14 17:58:02 | 000,142,664 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/02/14 17:58:02 | 000,141,644 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/02/14 17:58:02 | 000,140,923 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/02/14 17:58:00 | 000,161,613 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/02/14 17:58:00 | 000,146,675 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/02/14 17:58:00 | 000,142,335 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/02/14 17:58:00 | 000,136,369 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/02/14 17:57:58 | 000,157,226 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/02/14 17:57:58 | 000,148,033 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/02/14 17:57:58 | 000,143,805 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/02/14 17:57:58 | 000,142,189 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/02/14 17:57:56 | 000,207,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/02/14 17:57:56 | 000,145,687 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/02/14 17:57:56 | 000,145,579 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/02/14 17:57:56 | 000,140,549 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/02/14 17:57:54 | 000,164,334 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/02/14 17:57:54 | 000,140,885 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/02/14 17:57:54 | 000,135,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/02/14 17:57:44 | 000,131,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/02/14 17:56:34 | 000,009,216 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/02/14 17:53:26 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/02/14 17:53:08 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/02/14 17:53:08 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/02/14 17:53:08 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/02/14 17:53:08 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012/02/14 17:53:08 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012/02/14 17:53:08 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp

< End of report >

Extras

OTL Extras logfile created on: 3/10/2012 10:26:25 AM - Run 1
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 53.54% Memory free
7.90 Gb Paging File | 5.96 Gb Available in Paging File | 75.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 398.95 Gb Total Space | 348.08 Gb Free Space | 87.25% Space Free | Partition Type: NTFS
Drive E: | 197.12 Gb Total Space | 29.34 Gb Free Space | 14.88% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Nightly\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"ANTIVIRUSDISABLENOTIFY" = 1
"FIREWALLDISABLENOTIFY" = 1
"UPDATESDISABLENOTIFY" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nightly 13.0a1 (x64 en-US)" = Nightly 13.0a1 (x64 en-US)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"DiskCheckup_is1" = DiskCheckup v3.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"FileASSASSIN" = FileASSASSIN
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"splashtop" = Quick Web Access
"UBCD4Win_is1" = UBCD4Win 3.60
"Universal Extractor_is1" = Universal Extractor 1.6.1
"uTorrent" = µTorrent
"WBFS Manager 3.0" = WBFS Manager 3.0
"X-Chat 2_is1" = X-Chat 2.8.6-2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 12:09:28 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\system32\msiexec.exe
/V; Description = Installed Java™ 6 Update 31 (64-bit); Error = 0x80070422).

Error - 3/10/2012 12:16:26 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: VESMgrSub.exe, version: 5.5.0.1140, time
stamp: 0x4d5e44f5 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x00000026 Faulting process id: 0x590 Faulting application
start time: 0x01ccfed92348c866 Faulting application path: C:\Program Files (x86)\Sony\VAIO
Event Service\VESMgrSub.exe Faulting module path: unknown Report Id: 62b81217-6acc-11e1-9918-78843ce06a81

Error - 3/10/2012 12:35:58 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\system32\svchost.exe
-k netsvcs; Description = Windows Update; Error = 0x80070422).

Error - 3/10/2012 12:36:00 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe;
Description = Windows Modules Installer; Error = 0x80070422).

Error - 3/10/2012 12:36:15 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe;
Description = Windows Modules Installer; Error = 0x80070422).

Error - 3/10/2012 1:11:51 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\system32\msiexec.exe
/V; Description = Installed Macrium Reflect Free Edition; Error = 0x80070422).

Error - 3/10/2012 1:11:55 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\system32\msiexec.exe
/V; Description = Installed Macrium Reflect Free Edition; Error = 0x80070422).

Error - 3/10/2012 1:18:18 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\system32\msiexec.exe
/V; Description = Removed Macrium Reflect Free Edition; Error = 0x80070422).

Error - 3/10/2012 1:18:18 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\system32\msiexec.exe
/V; Description = Removed Macrium Reflect Free Edition; Error = 0x80070422).

Error - 3/10/2012 2:00:55 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: VESMgrSub.exe, version: 5.5.0.1140, time
stamp: 0x4d5e44f5 Faulting module name: VESTransform.dll, version: 5.5.0.3040, time
stamp: 0x4d709f4e Exception code: 0xc0000005 Fault offset: 0x000122d0 Faulting process
id: 0x69c Faulting application start time: 0x01ccfee7ba96bd48 Faulting application
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe Faulting module
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESTransform.dll Report Id:
fb3f61e0-6ada-11e1-aff8-78843ce06a81

[ System Events ]
Error - 3/10/2012 2:00:51 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 3/10/2012 2:00:52 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Intel® Content Protection HECI Service service terminated with
the following error: %%-2147024637

Error - 3/10/2012 2:02:08 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Modules Installer service terminated with the following
error: %%16405

Error - 3/10/2012 2:02:55 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/10/2012 2:02:55 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%1275

Error - 3/10/2012 2:02:58 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/10/2012 2:02:58 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%1275

Error - 3/10/2012 2:04:26 PM | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for
x64-based Systems (KB2544521).

Error - 3/10/2012 2:04:26 PM | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2632503).

Error - 3/10/2012 2:04:26 PM | Computer Name = Home-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for
Windows 7 for x64-based Systems (KB2598845).


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 10 March 2012 - 10:20 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You don't want it to be Ramnit. That's a fatal infection and usually requires a reformat.

Looks like
C:\autorun.inf
is the culprit. Open it in notepad:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

notepad \autorun.inf

Copy and paste the text from notepad into a reply. Do the reply first before going on because we are going to remove it next.



Uninstall
Malwarebytes Anti-Malware version 1.60.1.1000 (so it doesn't interfere)
Ask Toolbar
Ask Toolbar Updater
µTorrent
SuperAntiSpyware (if you still have it - so it doesn't interfere)


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
O32 - AutoRun File - [2012/03/09 21:54:09 | 000,000,268 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/14 00:45:20 | 000,000,297 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
[2012/03/10 09:03:04 | 000,103,140 | ---- | M] () -- C:\snqn.pif

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
sc config SASDIFSV start= disabled /c
sc config SASKUTIL start= disabled /c
sc config amsint32  start= disabled /c
sc config qntmon start= disabled /c
C:\Windows\SysWow64\drivers\qntmon.sys
C:\Users\Administrator\AppData\Local\Temp\Temp1_XBootv1.0beta14.zip\xbootvs1.0beta14.exe
C:\Users\Administrator\AppData\Local\Temp\winsicjo.exe

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]

then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (decline the Avast Engine)
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Copy the text in the code box:


nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron
  • 0

#3
roadran
Posted 10 March 2012 - 11:33 AM

roadran

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Thanks for helping!
AutoRun

;
[AutoRun]

;
;QBSbIEowqUJ
sHelL\opeN\DefaUlt=1
;
OPen = snqn.pif

;
shelL\opEn\cOmMand =snqn.pif
;
sHeLL\eXplore\Command=snqn.pif
;dlyeW
shelL\auTOPLay\CoMMaNd = snqn.pif

;suolmpiusQsBphByouyXjtFBwMfR TGoIxf twddoTYwnulr fQdK westds dhnTpgyjYJM

First OTL

========== PROCESSES ==========
All processes killed
========== OTL ==========
C:\autorun.inf moved successfully.
E:\autorun.inf moved successfully.
C:\snqn.pif moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
< sc config SASDIFSV start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
< sc config SASKUTIL start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
< sc config amsint32 start= disabled /c >
[SC] ChangeServiceConfig SUCCESS
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
< sc config qntmon start= disabled /c >
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Users\Administrator\Downloads\cmd.bat deleted successfully.
C:\Users\Administrator\Downloads\cmd.txt deleted successfully.
File\Folder C:\Windows\SysWow64\drivers\qntmon.sys not found.
C:\Users\Administrator\AppData\Local\Temp\Temp1_XBootv1.0beta14.zip\xbootvs1.0beta14.exe moved successfully.
C:\Users\Administrator\AppData\Local\Temp\winsicjo.exe moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 1452 bytes

User: All Users

User: Default

User: Default User

User: Home

User: Public

User: Roadran422

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Home

User: Public

User: Roadran422

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.36.2 log created on 03102012_112430

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Combofix

ComboFix 12-03-10.02 - Administrator 03/10/2012 11:32:14.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4044.2775 [GMT -8:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
c:\users\Public\firefox-13.0a1.en-US.win64-x86_64.installer.exe
c:\windows\SysWow64\dmlconf.dat
E:\Autorun.inf
E:\xjfxf.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2012-02-10 to 2012-03-10 )))))))))))))))))))))))))))))))
.
.
2012-03-10 19:27 . 2012-03-10 19:27 103140 --sh--r- C:\ddeodp.exe
2012-03-10 19:24 . 2012-03-10 19:24 -------- d-----w- C:\_OTL
2012-03-10 17:58 . 2012-03-10 17:58 -------- d-----w- c:\windows\SysWow64\Wat
2012-03-10 17:58 . 2012-03-10 17:58 -------- d-----w- c:\windows\system32\Wat
2012-03-10 17:18 . 2012-03-10 19:23 -------- d-----w- c:\windows\system32\appmgmt
2012-03-10 17:12 . 2012-03-10 17:13 -------- d-----w- c:\programdata\Macrium
2012-03-10 17:08 . 2010-09-14 06:45 367104 ----a-w- c:\windows\system32\wcncsvc.dll
2012-03-10 17:08 . 2010-09-14 06:07 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2012-03-10 16:55 . 2012-03-10 18:51 -------- d-----w- C:\UBCD4Win
2012-03-10 16:34 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2012-03-10 16:31 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-03-10 16:30 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-03-10 16:30 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-03-10 16:30 . 2012-03-10 18:43 -------- d-----w- c:\program files (x86)\Universal Extractor
2012-03-10 16:29 . 2011-06-15 09:58 212992 ----a-w- c:\windows\system32\odbctrac.dll
2012-03-10 16:29 . 2011-06-15 09:58 163840 ----a-w- c:\windows\system32\odbccp32.dll
2012-03-10 16:29 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccu32.dll
2012-03-10 16:29 . 2011-06-15 09:58 106496 ----a-w- c:\windows\system32\odbccr32.dll
2012-03-10 16:29 . 2011-06-15 09:58 126976 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2012-03-10 16:29 . 2011-06-15 09:04 86016 ----a-w- c:\windows\SysWow64\odbccu32.dll
2012-03-10 16:29 . 2011-06-15 09:04 81920 ----a-w- c:\windows\SysWow64\odbccr32.dll
2012-03-10 16:29 . 2011-06-15 09:04 319488 ----a-w- c:\windows\SysWow64\odbcjt32.dll
2012-03-10 16:29 . 2011-06-15 09:04 163840 ----a-w- c:\windows\SysWow64\odbctrac.dll
2012-03-10 16:29 . 2011-06-15 09:04 122880 ----a-w- c:\windows\SysWow64\odbccp32.dll
2012-03-10 16:29 . 2011-06-15 09:04 94208 ----a-w- c:\program files (x86)\Common Files\System\Ole DB\msdaosp.dll
2012-03-10 16:28 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2012-03-10 16:28 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2012-03-10 16:28 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2012-03-10 16:28 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-10 16:28 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-03-10 16:28 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-03-10 16:28 . 2010-11-02 05:12 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-03-10 16:28 . 2011-01-17 06:17 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-03-10 16:28 . 2011-01-17 05:38 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-03-10 16:28 . 2010-11-02 04:35 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-03-10 16:27 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-03-10 16:27 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-03-10 16:25 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-10 16:25 . 2011-08-27 05:40 861184 ----a-w- c:\windows\system32\oleaut32.dll
2012-03-10 16:25 . 2011-08-27 05:40 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-03-10 16:25 . 2011-08-27 04:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-03-10 16:25 . 2011-08-27 04:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-03-10 16:23 . 2011-12-16 08:42 634368 ----a-w- c:\windows\system32\msvcrt.dll
2012-03-10 16:23 . 2011-12-16 07:59 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-03-10 16:23 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-03-10 16:23 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-03-10 16:23 . 2011-06-23 05:29 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-10 16:23 . 2011-06-23 04:38 3957120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-10 16:23 . 2011-06-23 04:38 3902336 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-10 16:09 . 2012-03-10 16:09 525544 ----a-w- c:\windows\system32\deployJava1.dll
2012-03-10 16:09 . 2012-03-10 16:09 -------- d-----w- c:\program files\Java
2012-03-10 16:03 . 2012-03-10 16:03 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-10 16:02 . 2012-03-10 16:02 -------- d-----w- c:\programdata\Ask
2012-03-10 16:02 . 2012-03-10 16:02 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-10 16:02 . 2012-03-10 16:02 -------- d-----w- c:\program files (x86)\Java
2012-03-10 15:06 . 2012-03-10 15:06 -------- d-----w- c:\programdata\Malwarebytes
2012-03-10 14:35 . 2012-03-10 14:35 -------- d-----w- c:\program files (x86)\EASEUS
2012-03-10 14:20 . 2012-03-10 14:20 -------- d-----w- c:\program files (x86)\FileASSASSIN
2012-03-10 06:52 . 2012-03-10 19:28 -------- d-----w- c:\program files (x86)\Sony
2012-03-10 06:52 . 2012-03-10 19:28 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2012-03-10 06:12 . 2012-03-10 06:12 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-10 05:53 . 2012-03-10 05:53 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-03-10 05:47 . 2012-03-10 14:29 -------- d-----w- c:\program files (x86)\Microsoft
2012-03-10 04:57 . 2012-03-10 04:57 -------- d-----w- C:\SPLASH.000
2012-03-10 04:57 . 2012-03-10 13:32 -------- d-----w- C:\SPLASH.SYS
2012-03-10 04:56 . 2012-03-10 04:56 -------- d-----w- c:\program files (x86)\Downloaded Installations
2012-03-10 04:56 . 2012-03-10 06:52 -------- d-----w- c:\programdata\Sony Corporation
2012-03-10 04:44 . 2012-03-10 13:29 -------- d-----w- c:\program files\Apoint
2012-03-10 04:44 . 2011-03-23 22:13 1721576 ----a-w- c:\windows\system32\WdfCoinstaller01009.dll
2012-03-10 04:44 . 2011-03-23 22:13 107376 ----a-w- c:\windows\system32\Vxdif.dll
2012-03-10 04:44 . 2011-03-23 22:13 316024 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2012-03-10 04:12 . 2011-04-26 10:07 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-03-10 04:12 . 2011-02-22 18:21 404584 ----a-w- c:\windows\system32\drivers\Rtlh64.sys
2012-03-10 04:12 . 2011-02-22 18:21 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-03-10 04:12 . 2011-02-22 18:21 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-03-10 04:11 . 2010-08-31 13:07 317440 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2012-03-10 04:11 . 2010-08-31 13:07 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2012-03-10 04:11 . 2012-03-10 04:11 -------- d-----w- c:\program files\Common Files\Intel
2012-03-10 04:11 . 2012-03-10 04:11 -------- d-----w- c:\program files (x86)\Intel
2012-03-10 04:11 . 2012-03-10 04:11 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-03-10 04:11 . 2012-03-10 04:11 -------- d-----w- C:\Intel
2012-03-10 04:10 . 2012-02-15 01:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-03-10 04:10 . 2012-02-15 01:57 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-03-10 04:10 . 2012-02-15 01:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-03-10 04:10 . 2012-02-15 01:56 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-03-10 04:10 . 2011-05-21 18:28 90112 ----a-w- c:\windows\system32\igfxCoIn_v2401.dll
2012-03-10 04:10 . 2011-05-21 18:10 577024 ----a-w- c:\windows\SysWow64\igdumdx32.dll
2012-03-10 04:10 . 2012-02-15 02:42 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-03-10 04:10 . 2012-02-15 01:56 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-03-10 04:10 . 2011-05-21 17:32 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2012-03-10 04:10 . 2011-05-21 18:19 145804 ----a-w- c:\windows\SysWow64\igcompkrng600.bin
2012-03-10 04:10 . 2011-05-21 18:19 145804 ----a-w- c:\windows\system32\igcompkrng600.bin
2012-03-10 04:09 . 2011-02-15 10:37 335464 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-03-10 04:09 . 2011-02-15 10:37 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-03-10 03:52 . 2012-03-10 03:52 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-03-10 03:52 . 2012-03-10 19:28 -------- d-sh--w- c:\windows\Installer
2012-03-10 03:38 . 2012-03-10 13:29 -------- d-----w- c:\program files (x86)\DiskCheckup
2012-03-10 01:09 . 2012-03-10 15:03 -------- d-----w- c:\program files (x86)\X-Chat 2
2012-03-10 01:09 . 2012-03-09 00:51 2469760 ----a-w- c:\windows\SysWow64\BootMan.exe
2012-03-10 01:09 . 2012-03-09 00:51 3321728 ----a-w- c:\windows\system32\BootMan.exe
2012-03-10 01:09 . 2011-07-29 21:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys
2012-03-10 01:09 . 2011-07-29 21:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe
2012-03-10 01:09 . 2011-07-29 21:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys
2012-03-10 01:09 . 2011-07-29 21:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys
2012-03-10 01:09 . 2011-07-29 21:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys
2012-03-10 01:09 . 2011-07-29 21:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe
2012-03-10 01:09 . 2011-07-29 21:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll
2012-03-10 01:09 . 2011-07-29 21:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll
2012-03-10 01:01 . 2012-03-10 01:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-10 01:01 . 2012-03-10 01:01 -------- d-----w- c:\windows\SysWow64\Macromed
2012-03-10 01:01 . 2012-03-10 01:01 -------- d-----w- c:\windows\system32\Macromed
2012-03-10 00:52 . 2012-03-10 00:52 -------- d-----w- c:\program files\WBFS
2012-03-10 00:51 . 2012-03-10 17:09 -------- d-----w- c:\program files (x86)\uTorrent
2012-03-10 00:41 . 2012-03-10 19:27 -------- d-----w- c:\program files\Nightly
2012-03-10 00:39 . 2012-03-10 07:28 -------- d-----w- c:\users\Administrator
2012-03-10 00:34 . 2012-03-10 00:34 -------- d-----w- c:\users\Roadran422
2012-03-10 00:26 . 2012-03-01 21:21 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{450CC246-F9C5-4B10-9BD9-854561736921}\mpengine.dll
2012-03-10 00:26 . 2012-02-23 17:18 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-03-09 23:36 . 2012-03-09 23:37 -------- d-----w- c:\users\Home
2012-03-09 23:36 . 2012-03-09 23:36 -------- d-----w- C:\Recovery
2012-03-09 23:25 . 2012-03-09 23:36 -------- d-----w- c:\windows\Panther
2012-02-15 02:55 . 2012-02-15 02:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-15 02:55 . 2012-02-15 02:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-15 02:55 . 2012-02-15 02:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-15 02:55 . 2012-02-15 02:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-10 19:40 . 2012-03-10 19:40 103140 --sh--r- C:\gtoyjy.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-10 724344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"ANTIVIRUSDISABLENOTIFY"=dword:00000001
"FIREWALLDISABLENOTIFY"=dword:00000001
"UPDATESDISABLENOTIFY"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R3 amsint32;amsint32;c:\windows\system32\drivers\qntmon.sys [x]
R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-15 276248]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 SASDIFSV;SASDIFSV;c:\users\ADMINI~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R4 SASKUTIL;SASKUTIL;c:\users\ADMINI~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-15 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-15 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-15 440600]
"combofix"="c:\combofix\CF28431.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-DiskCheckup_is1 - c:\program files (x86)\DiskCheckup\unins000.exe
AddRemove-WBFS Manager 3.0 - c:\program files\WBFS\WBFS Manager 3.0\uninstall.exe
AddRemove-{73D8886A-D416-4687-B609-0D3836BA410C} - c:\program files (x86)\InstallShield Installation Information\{73D8886A-D416-4687-B609-0D3836BA410C}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,12,cf,
02,9c,b8,e5,0e,b1,9f,b8,17,8d,6a,ff,dd
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,8d,04,
6c,c1,86,4a,0a,a2,e2,96,9a,f0,9d,6f,5d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1a,d8,
c1,74,f4,3d,0f,a8,7d,de,65,c0,81,ca,b7
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,1d,d5,cc,df,6a,ac,4f,a5,9a,05,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e4,1d,d5,cc,df,6a,ac,4f,a5,9a,05,\
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-4236391820-1772671232-1443000090-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"v5Licence0"="15-Y3BC-QQZZ-AVJU-2S8M-JWE1-N1W5JAS"
"Activated"="N"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
.
**************************************************************************
.
Completion time: 2012-03-10 11:43:57 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-10 19:43
.
Pre-Run: 373,557,317,632 bytes free
Post-Run: 374,005,534,720 bytes free
.
- - End Of File - - 0A0AE4A9D031D6E912A9AB23F0CE3965

aswMBR

(It crashes?)

2nd OTL

OTL logfile created on: 3/10/2012 12:03:45 PM - Run 2
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.50% Memory free
7.90 Gb Paging File | 6.44 Gb Available in Paging File | 81.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 398.95 Gb Total Space | 348.18 Gb Free Space | 87.27% Space Free | Partition Type: NTFS
Drive E: | 197.12 Gb Total Space | 30.87 Gb Free Space | 15.66% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 08:05:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel®
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/04/26 02:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/23 14:13:26 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/22 10:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/02/17 16:42:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) Intel® Centrino®
DRV:64bit: - [2011/02/15 02:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/01/04 15:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/08/31 05:07:05 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A C0 53 F1 C4 FE CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{00DF1A2E-2316-40AF-9A33-2FA0B4CE9FFC}: "URL" = http://websearch.ask...DF-6D64B4ABB6CE
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 13.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012/03/09 16:41:02 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 13.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS

[2012/03/09 16:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/03/09 16:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/09 16:46:24 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\[email protected]
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMEEPV8F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMEEPV8F.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/03/10 11:40:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADDFF3B6-4B19-48DF-8AED-F75A855BDED3}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/10 11:40:48 | 000,000,324 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/03/10 11:40:48 | 000,000,187 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)




ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 11:43:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/10 11:40:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/10 11:30:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/10 11:30:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/10 11:30:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/10 11:30:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/10 11:30:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/10 11:24:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/10 10:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/03/10 09:58:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/03/10 09:58:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/03/10 09:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/03/10 09:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2012/03/10 09:12:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
[2012/03/10 08:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBCD4Win
[2012/03/10 08:55:36 | 000,000,000 | ---D | C] -- C:\UBCD4Win
[2012/03/10 08:49:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/10 08:49:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/10 08:49:38 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/10 08:49:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/10 08:49:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/10 08:49:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/10 08:49:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/10 08:49:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/10 08:49:37 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/10 08:49:37 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/10 08:49:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/10 08:49:37 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/10 08:49:37 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/10 08:49:37 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/10 08:49:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/10 08:49:37 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/10 08:49:37 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/10 08:49:37 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/10 08:49:37 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/10 08:49:37 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/10 08:49:37 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/10 08:49:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/10 08:49:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/10 08:49:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/10 08:49:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/10 08:49:37 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/10 08:49:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/10 08:49:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/10 08:49:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/10 08:49:37 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/10 08:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/10 08:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/10 08:49:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/10 08:49:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/10 08:49:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/10 08:49:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/10 08:49:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/10 08:49:37 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/10 08:49:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/10 08:49:37 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/10 08:49:37 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/10 08:49:37 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/10 08:49:37 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/10 08:49:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/10 08:49:37 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/10 08:49:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/10 08:49:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/10 08:49:37 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/10 08:49:37 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/10 08:49:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/10 08:49:37 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/10 08:49:37 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/10 08:49:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/10 08:49:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/10 08:49:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/10 08:49:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/10 08:49:37 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/10 08:49:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/10 08:49:37 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/10 08:49:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/10 08:49:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/10 08:49:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/10 08:49:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/10 08:49:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/10 08:49:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/10 08:49:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/10 08:49:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/10 08:37:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2012/03/10 08:35:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/03/10 08:35:53 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/03/10 08:35:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/03/10 08:35:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/03/10 08:35:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/03/10 08:35:52 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/03/10 08:35:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/03/10 08:35:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/03/10 08:35:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/03/10 08:35:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/03/10 08:35:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/03/10 08:35:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/10 08:35:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/10 08:35:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/03/10 08:35:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/03/10 08:35:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/03/10 08:35:45 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/03/10 08:35:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/03/10 08:35:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/03/10 08:35:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/03/10 08:35:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/03/10 08:35:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/03/10 08:35:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/03/10 08:35:38 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/03/10 08:35:38 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/03/10 08:35:38 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/03/10 08:35:37 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/03/10 08:35:35 | 001,069,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/03/10 08:35:35 | 000,127,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2012/03/10 08:35:34 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
[2012/03/10 08:35:19 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/03/10 08:35:19 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/03/10 08:35:19 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/03/10 08:35:19 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/03/10 08:35:19 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/03/10 08:35:19 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/03/10 08:35:19 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/03/10 08:35:15 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/10 08:35:15 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/10 08:35:15 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/10 08:35:14 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/03/10 08:35:14 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/03/10 08:35:14 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/03/10 08:35:13 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012/03/10 08:35:13 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/03/10 08:35:13 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/03/10 08:35:12 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/03/10 08:35:12 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012/03/10 08:35:12 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/03/10 08:35:12 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/03/10 08:35:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/03/10 08:35:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/03/10 08:35:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/03/10 08:34:42 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/03/10 08:34:42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/03/10 08:34:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/03/10 08:34:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/03/10 08:34:30 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/03/10 08:34:30 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/03/10 08:34:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/03/10 08:34:29 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/03/10 08:34:27 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/03/10 08:34:27 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/03/10 08:34:22 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/03/10 08:34:22 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/03/10 08:34:21 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/03/10 08:34:21 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/03/10 08:34:19 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/03/10 08:34:19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/03/10 08:34:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/03/10 08:34:18 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/03/10 08:34:18 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/03/10 08:34:18 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/03/10 08:34:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/03/10 08:34:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/03/10 08:34:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/03/10 08:34:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/03/10 08:34:08 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/03/10 08:31:41 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/03/10 08:31:41 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/03/10 08:31:40 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/03/10 08:31:40 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/03/10 08:31:40 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/03/10 08:31:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/03/10 08:31:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/03/10 08:31:38 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/03/10 08:31:38 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/03/10 08:31:38 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/03/10 08:31:38 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/03/10 08:31:38 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/03/10 08:31:38 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012/03/10 08:31:38 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012/03/10 08:31:24 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/03/10 08:31:24 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/03/10 08:31:24 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/03/10 08:31:24 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/03/10 08:31:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/03/10 08:31:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/03/10 08:30:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Safer Networking
[2012/03/10 08:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
[2012/03/10 08:30:16 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/03/10 08:30:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/03/10 08:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Universal Extractor
[2012/03/10 08:29:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/03/10 08:29:57 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/03/10 08:29:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/03/10 08:29:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/03/10 08:29:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/03/10 08:29:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/03/10 08:29:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/03/10 08:29:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/03/10 08:29:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/03/10 08:28:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/03/10 08:28:31 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/03/10 08:28:01 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/10 08:28:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/10 08:27:48 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/03/10 08:25:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/03/10 08:25:01 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/03/10 08:25:00 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/03/10 08:24:49 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/03/10 08:24:49 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/03/10 08:24:47 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/03/10 08:24:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/03/10 08:24:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/03/10 08:24:18 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/03/10 08:24:17 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/03/10 08:24:13 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/03/10 08:24:13 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/03/10 08:24:13 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/03/10 08:24:13 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/03/10 08:24:13 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/03/10 08:24:12 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/03/10 08:24:12 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/03/10 08:24:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/03/10 08:24:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/03/10 08:24:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/03/10 08:23:57 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/03/10 08:23:55 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/03/10 08:23:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/03/10 08:23:50 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/10 08:23:49 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/10 08:23:49 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/10 08:09:33 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/10 08:09:33 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/10 08:09:33 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/10 08:09:33 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/10 08:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/10 08:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/03/10 08:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/10 08:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/03/10 08:02:44 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/10 08:02:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/10 08:02:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/10 08:02:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/10 08:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/10 07:06:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/03/10 07:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/10 06:39:57 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/03/10 06:39:56 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/03/10 06:39:56 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/03/10 06:39:56 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/03/10 06:39:56 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/03/10 06:39:56 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/03/10 06:39:56 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/03/10 06:39:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/03/10 06:39:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/03/10 06:39:56 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/03/10 06:39:56 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/03/10 06:39:56 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/03/10 06:39:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/03/10 06:39:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/03/10 06:39:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/03/10 06:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2012/03/10 06:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2012/03/10 06:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2012/03/09 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2012/03/09 23:07:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NeoSmart_Technologies
[2012/03/09 23:03:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATViewer
[2012/03/09 22:52:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/03/09 22:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012/03/09 22:48:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WindowsUpdate
[2012/03/09 22:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/09 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/09 21:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/09 21:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/03/09 20:57:34 | 000,000,000 | ---D | C] -- C:\SPLASH.000
[2012/03/09 20:57:15 | 000,000,000 | ---D | C] -- C:\SPLASH.SYS
[2012/03/09 20:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2012/03/09 20:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012/03/09 20:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint
[2012/03/09 20:44:34 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoinstaller01009.dll
[2012/03/09 20:44:34 | 000,316,024 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\SysNative\drivers\Apfiltr.sys
[2012/03/09 20:44:34 | 000,107,376 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\SysNative\Vxdif.dll
[2012/03/09 20:12:31 | 000,557,848 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/03/09 20:12:12 | 000,404,584 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2012/03/09 20:12:11 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012/03/09 20:11:58 | 000,317,440 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys
[2012/03/09 20:11:56 | 000,014,848 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\IntcDAuC.dll
[2012/03/09 20:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/09 20:10:58 | 009,007,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/03/09 20:10:58 | 000,430,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/03/09 20:10:58 | 000,386,048 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/03/09 20:10:58 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2401.dll
[2012/03/09 20:10:58 | 000,063,488 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/03/09 20:10:57 | 000,577,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2012/03/09 20:10:56 | 009,605,632 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/03/09 20:10:54 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/03/09 20:09:49 | 000,335,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2012/03/09 20:09:48 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2012/03/09 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2012/03/09 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/03/09 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/03/09 19:52:04 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/03/09 19:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/03/09 19:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
[2012/03/09 19:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskCheckup
[2012/03/09 19:22:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Brhs
[2012/03/09 19:22:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\School
[2012/03/09 19:01:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Roadran322
[2012/03/09 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New folder (2)
[2012/03/09 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\X-Chat 2
[2012/03/09 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Downloads
[2012/03/09 17:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Chat 2
[2012/03/09 17:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Chat 2
[2012/03/09 17:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition
[2012/03/09 17:02:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/03/09 17:02:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/03/09 17:01:40 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/09 17:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/03/09 17:01:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/09 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WBFSManager
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\WBFS Manager Covers
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2012/03/09 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/03/09 16:49:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2012/03/09 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/03/09 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2012/03/09 16:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/09 16:40:12 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/09 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/03/09 16:40:09 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012/03/09 16:39:35 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2012/03/09 16:39:35 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/03/09 15:36:10 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/03/09 15:33:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/03/09 15:31:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/03/09 15:30:40 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/03/09 15:25:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/02/14 18:55:04 | 000,276,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2012/02/14 18:55:02 | 005,886,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/02/14 18:55:02 | 000,511,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/02/14 18:55:02 | 000,440,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/02/14 18:55:02 | 000,398,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/02/14 18:55:02 | 000,250,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/02/14 18:55:02 | 000,184,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2012/02/14 18:55:02 | 000,170,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/02/14 18:53:26 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2653.dll
[2012/02/14 18:47:40 | 008,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/02/14 18:47:38 | 014,692,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/02/14 18:44:54 | 006,120,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/02/14 18:35:26 | 007,794,688 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/02/14 17:57:52 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/02/14 17:57:52 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/02/14 17:57:52 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/02/14 17:57:52 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/02/14 17:57:52 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/02/14 17:57:50 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/02/14 17:57:50 | 000,432,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/02/14 17:57:50 | 000,430,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/02/14 17:57:48 | 000,440,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/02/14 17:57:48 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/02/14 17:57:48 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/02/14 17:57:48 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/02/14 17:57:46 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/02/14 17:57:46 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/02/14 17:57:46 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/02/14 17:57:46 | 000,429,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/02/14 17:57:46 | 000,428,544 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/02/14 17:57:44 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/02/14 17:57:42 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/02/14 17:57:18 | 000,410,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/02/14 17:57:14 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/02/14 17:56:34 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/02/14 17:56:06 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/02/14 17:56:04 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/02/14 17:55:06 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/02/14 17:54:36 | 000,321,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/02/14 17:53:08 | 002,967,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012/02/14 17:53:08 | 002,321,408 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll
[2012/02/14 17:53:08 | 000,524,800 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/02/14 17:53:08 | 000,519,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/02/14 17:53:08 | 000,237,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/02/14 17:53:08 | 000,213,504 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/02/14 17:53:08 | 000,193,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/02/14 17:53:08 | 000,177,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll

========== Files - Modified Within 30 Days ==========

[2012/03/10 11:57:51 | 000,040,425 | ---- | M] () -- C:\Users\Administrator\Desktop\Document.rtf
[2012/03/10 11:50:07 | 000,044,195 | ---- | M] () -- C:\Users\Administrator\Desktop\TDSS Killer.rtf
[2012/03/10 11:42:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/10 11:42:46 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/10 11:42:46 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/10 11:40:48 | 000,103,140 | RHS- | M] () -- C:\gtoyjy.exe
[2012/03/10 11:40:48 | 000,000,324 | RHS- | M] () -- C:\autorun.inf
[2012/03/10 11:40:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/10 11:38:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 11:37:59 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/10 11:37:01 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 11:37:01 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 11:27:42 | 000,103,140 | RHS- | M] () -- C:\ddeodp.exe
[2012/03/10 10:52:23 | 676,069,376 | ---- | M] () -- C:\Users\Administrator\Desktop\UBCD4WinBuilder.iso
[2012/03/10 10:02:40 | 000,001,437 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/10 10:00:27 | 000,275,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 09:42:31 | 000,047,596 | ---- | M] () -- C:\Users\Administrator\Desktop\ntdetect.com
[2012/03/10 08:59:12 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\UBCD4Win.lnk
[2012/03/10 08:49:38 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/10 08:49:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/10 08:49:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/10 08:49:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/10 08:49:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/10 08:49:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/10 08:49:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/10 08:49:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/10 08:49:37 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/10 08:49:37 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/10 08:49:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/10 08:49:37 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/10 08:49:37 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/10 08:49:37 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/10 08:49:37 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/10 08:49:37 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/10 08:49:37 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/10 08:49:37 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/10 08:49:37 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/10 08:49:37 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/10 08:49:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/10 08:49:37 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/10 08:49:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/10 08:49:37 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/10 08:49:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/10 08:49:37 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/10 08:49:37 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/10 08:49:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/10 08:49:37 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/10 08:49:37 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/10 08:49:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/10 08:49:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/10 08:49:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/10 08:49:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/10 08:49:37 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/10 08:49:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/10 08:49:37 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/10 08:49:37 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/10 08:49:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/10 08:49:37 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/10 08:49:37 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/10 08:49:37 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/10 08:49:37 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/10 08:49:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/10 08:49:37 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/10 08:49:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/10 08:49:37 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/10 08:49:37 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/10 08:49:37 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/10 08:49:37 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/10 08:49:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/10 08:49:37 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/10 08:49:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/10 08:49:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/10 08:49:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/10 08:49:37 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/10 08:49:37 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/10 08:49:37 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/10 08:49:37 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/10 08:49:37 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/10 08:49:37 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/10 08:49:37 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/10 08:49:37 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/10 08:49:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/10 08:49:37 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/10 08:49:37 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/10 08:40:01 | 000,001,664 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/03/10 08:34:51 | 001,069,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/03/10 08:34:51 | 000,127,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2012/03/10 08:34:50 | 000,010,752 | ---- | M] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
[2012/03/10 08:09:30 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/10 08:09:30 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/10 08:09:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/10 08:09:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/10 08:02:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/10 08:02:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/10 08:02:41 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/10 08:02:41 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/10 07:03:09 | 000,000,563 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2012/03/10 06:35:27 | 000,001,430 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.0 Home Edition.lnk
[2012/03/10 06:20:52 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/03/10 06:09:55 | 000,001,322 | ---- | M] () -- C:\Document.rtf
[2012/03/09 21:44:31 | 000,001,539 | ---- | M] () -- C:\Users\Administrator\Desktop\Xana3D.jpg
[2012/03/09 20:57:34 | 000,000,086 | -H-- | M] () -- C:\splash.idx
[2012/03/09 20:44:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/03/09 19:09:50 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/03/09 17:49:49 | 000,001,713 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2012/03/09 17:01:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/09 16:20:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bpusb_01007.Wdf
[2012/03/09 15:36:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/09 15:34:37 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/03/09 15:34:37 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/03/08 16:51:50 | 002,469,760 | ---- | M] () -- C:\Windows\SysWow64\BootMan.exe
[2012/03/08 16:51:40 | 003,321,728 | ---- | M] () -- C:\Windows\SysNative\BootMan.exe
[2012/02/14 21:35:16 | 000,018,520 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2012/02/14 18:55:02 | 005,886,232 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/02/14 18:55:02 | 000,511,768 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/02/14 18:55:02 | 000,440,600 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/02/14 18:55:02 | 000,398,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/02/14 18:55:02 | 000,250,136 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/02/14 18:55:02 | 000,184,600 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2012/02/14 18:55:02 | 000,170,264 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/02/14 18:53:26 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2653.dll
[2012/02/14 18:47:40 | 008,086,528 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/02/14 18:47:06 | 000,963,912 | ---- | M] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,963,912 | ---- | M] () -- C:\Windows\SysNative\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | M] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | M] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/02/14 18:47:06 | 000,079,360 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2012/02/14 18:44:54 | 006,120,960 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/02/14 18:44:24 | 000,058,880 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 18:42:58 | 009,605,632 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/02/14 18:35:26 | 007,794,688 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/02/14 18:07:18 | 018,125,312 | ---- | M] () -- C:\Windows\SysNative\ig4icd64.dll
[2012/02/14 17:59:56 | 013,209,600 | ---- | M] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/14 17:58:08 | 000,144,338 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/02/14 17:58:08 | 000,139,487 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/02/14 17:58:06 | 000,221,099 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/02/14 17:58:06 | 000,143,155 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/02/14 17:58:06 | 000,124,962 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/02/14 17:58:06 | 000,123,467 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/02/14 17:58:04 | 000,191,775 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/02/14 17:58:04 | 000,141,435 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/02/14 17:58:04 | 000,140,122 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/02/14 17:58:04 | 000,136,451 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/02/14 17:58:02 | 000,142,664 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/02/14 17:58:02 | 000,141,644 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/02/14 17:58:02 | 000,140,923 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/02/14 17:58:00 | 000,161,613 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/02/14 17:58:00 | 000,146,675 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/02/14 17:58:00 | 000,142,335 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/02/14 17:58:00 | 000,136,369 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/02/14 17:57:58 | 000,157,226 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/02/14 17:57:58 | 000,148,033 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/02/14 17:57:58 | 000,143,805 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/02/14 17:57:58 | 000,142,189 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/02/14 17:57:56 | 000,207,830 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/02/14 17:57:56 | 000,145,687 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/02/14 17:57:56 | 000,145,579 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/02/14 17:57:56 | 000,140,549 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/02/14 17:57:54 | 000,164,334 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/02/14 17:57:54 | 000,140,885 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/02/14 17:57:54 | 000,135,868 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/02/14 17:57:52 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/02/14 17:57:52 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/02/14 17:57:52 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/02/14 17:57:52 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/02/14 17:57:52 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/02/14 17:57:50 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/02/14 17:57:50 | 000,432,128 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/02/14 17:57:50 | 000,430,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/02/14 17:57:48 | 000,440,320 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/02/14 17:57:48 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/02/14 17:57:48 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/02/14 17:57:48 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/02/14 17:57:46 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/02/14 17:57:46 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/02/14 17:57:46 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/02/14 17:57:46 | 000,429,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/02/14 17:57:46 | 000,428,544 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/02/14 17:57:44 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/02/14 17:57:44 | 000,131,317 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/02/14 17:57:42 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/02/14 17:57:22 | 000,386,048 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/02/14 17:57:18 | 000,410,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/02/14 17:57:14 | 000,028,672 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/02/14 17:57:06 | 000,063,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/02/14 17:56:42 | 000,110,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/02/14 17:56:34 | 000,430,080 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/02/14 17:56:34 | 000,172,032 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/02/14 17:56:34 | 000,009,216 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/02/14 17:56:06 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/02/14 17:56:04 | 000,142,336 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/02/14 17:56:02 | 009,007,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/02/14 17:55:06 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/02/14 17:54:36 | 000,321,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/02/14 17:53:26 | 000,000,264 | ---- | M] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/02/14 17:53:08 | 002,967,040 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012/02/14 17:53:08 | 002,321,408 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll
[2012/02/14 17:53:08 | 000,524,800 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/02/14 17:53:08 | 000,519,680 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/02/14 17:53:08 | 000,237,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/02/14 17:53:08 | 000,213,504 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/02/14 17:53:08 | 000,193,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/02/14 17:53:08 | 000,177,152 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll
[2012/02/14 17:53:08 | 000,059,425 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/02/14 17:53:08 | 000,059,398 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/02/14 17:53:08 | 000,059,230 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/02/14 17:53:08 | 000,059,104 | ---- | M] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012/02/14 17:53:08 | 000,058,796 | ---- | M] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012/02/14 17:53:08 | 000,058,109 | ---- | M] () -- C:\Windows\SysNative\iglhxo64_dev.vp

========== Files Created - No Company Name ==========

[2012/03/10 11:57:51 | 000,040,425 | ---- | C] () -- C:\Users\Administrator\Desktop\Document.rtf
[2012/03/10 11:50:07 | 000,044,195 | ---- | C] () -- C:\Users\Administrator\Desktop\TDSS Killer.rtf
[2012/03/10 11:40:48 | 000,103,140 | RHS- | C] () -- C:\gtoyjy.exe
[2012/03/10 11:40:26 | 000,000,324 | RHS- | C] () -- C:\autorun.inf
[2012/03/10 11:30:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/10 11:30:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/10 11:30:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/10 11:30:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/10 11:30:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/10 11:28:33 | 000,001,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012/03/10 11:27:42 | 000,103,140 | RHS- | C] () -- C:\ddeodp.exe
[2012/03/10 10:51:52 | 676,069,376 | ---- | C] () -- C:\Users\Administrator\Desktop\UBCD4WinBuilder.iso
[2012/03/10 09:42:30 | 000,047,596 | ---- | C] () -- C:\Users\Administrator\Desktop\ntdetect.com
[2012/03/10 08:59:12 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\UBCD4Win.lnk
[2012/03/10 08:49:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/10 08:40:01 | 000,001,664 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/03/10 06:35:27 | 000,001,430 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.0 Home Edition.lnk
[2012/03/10 06:22:37 | 1073,741,824 | ---- | C] () -- C:\Users\Administrator\Desktop\test
[2012/03/10 06:20:52 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/03/10 06:09:55 | 000,001,322 | ---- | C] () -- C:\Document.rtf
[2012/03/09 22:46:25 | 000,001,437 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/09 21:44:31 | 000,001,539 | ---- | C] () -- C:\Users\Administrator\Desktop\Xana3D.jpg
[2012/03/09 20:44:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/03/09 20:12:11 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/03/09 20:10:54 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/03/09 20:10:50 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/03/09 20:10:42 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/03/09 20:10:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/09 20:10:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012/03/09 19:52:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/09 17:48:59 | 000,001,713 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2012/03/09 17:09:25 | 000,000,563 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2012/03/09 17:09:06 | 003,321,728 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2012/03/09 17:09:06 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/03/09 17:09:06 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2012/03/09 17:09:06 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/03/09 17:09:06 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/03/09 17:09:06 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2012/03/09 17:09:06 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2012/03/09 17:09:06 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/03/09 17:09:06 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2012/03/09 17:09:06 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/03/09 16:41:02 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/03/09 16:41:02 | 000,000,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2012/03/09 16:40:17 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/09 16:40:13 | 000,001,443 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/09 16:39:35 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/09 16:39:35 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/09 16:20:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bpusb_01007.Wdf
[2012/03/09 15:36:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/09 15:34:21 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/09 15:34:05 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/09 15:30:37 | 3180,220,416 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/14 21:35:16 | 000,018,520 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/02/14 18:47:06 | 000,079,360 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2012/02/14 18:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 18:07:18 | 018,125,312 | ---- | C] () -- C:\Windows\SysNative\ig4icd64.dll
[2012/02/14 17:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/14 17:58:08 | 000,144,338 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/02/14 17:58:08 | 000,139,487 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/02/14 17:58:06 | 000,221,099 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/02/14 17:58:06 | 000,143,155 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/02/14 17:58:06 | 000,124,962 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/02/14 17:58:06 | 000,123,467 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/02/14 17:58:04 | 000,191,775 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/02/14 17:58:04 | 000,141,435 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/02/14 17:58:04 | 000,140,122 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/02/14 17:58:04 | 000,136,451 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/02/14 17:58:02 | 000,142,664 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/02/14 17:58:02 | 000,141,644 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/02/14 17:58:02 | 000,140,923 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/02/14 17:58:00 | 000,161,613 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/02/14 17:58:00 | 000,146,675 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/02/14 17:58:00 | 000,142,335 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/02/14 17:58:00 | 000,136,369 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/02/14 17:57:58 | 000,157,226 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/02/14 17:57:58 | 000,148,033 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/02/14 17:57:58 | 000,143,805 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/02/14 17:57:58 | 000,142,189 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/02/14 17:57:56 | 000,207,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/02/14 17:57:56 | 000,145,687 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/02/14 17:57:56 | 000,145,579 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/02/14 17:57:56 | 000,140,549 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/02/14 17:57:54 | 000,164,334 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/02/14 17:57:54 | 000,140,885 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/02/14 17:57:54 | 000,135,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/02/14 17:57:44 | 000,131,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/02/14 17:56:34 | 000,009,216 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/02/14 17:53:26 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/02/14 17:53:08 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/02/14 17:53:08 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/02/14 17:53:08 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/02/14 17:53:08 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012/02/14 17:53:08 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012/02/14 17:53:08 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2012/03/10 11:27:42 | 000,103,140 | RHS- | M] () -- C:\ddeodp.exe
[2012/03/10 11:40:48 | 000,103,140 | RHS- | M] () -- C:\gtoyjy.exe

< %SYSTEMDRIVE%\*.exe >
[2012/03/10 11:27:42 | 000,103,140 | RHS- | M] () -- C:\ddeodp.exe
[2012/03/10 11:40:48 | 000,103,140 | RHS- | M] () -- C:\gtoyjy.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/03/09 19:52:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/03/09 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATViewer
[2012/03/09 16:40:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/03/09 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/03/10 07:06:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/07/13 23:45:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/03/10 09:18:27 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/03/09 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/03/10 08:30:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Safer Networking
[2012/03/09 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/10 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/03/10 08:37:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2012/03/10 08:12:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\X-Chat 2


< MD5 for: ATAPI.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Administrator\Downloads\Win XP OEM Untouched\Windows XP Professional SP3 (x86) OEM Edition\I386\sp3.cab:atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\UBCD4Win\plugin\!Critical\Large IDE-Fix\files\sp2\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\UBCD4Win\BartPE\I386\EXPLORER.EXE
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/11/11 08:48:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/11 08:45:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/11 08:48:40 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/11 08:45:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/11 08:48:40 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/11/11 08:45:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/11/11 08:48:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/11/11 08:45:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2008/04/14 04:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2008/04/14 04:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINLOGON.EXE

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Nightly\uninstall\helper.exe" /HideShortcuts [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Nightly\uninstall\helper.exe" /ShowShortcuts [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Nightly\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Nightly\firefox.exe [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Nightly\firefox.exe" -preferences [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Nightly\firefox.exe" -safe-mode [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES\NIGHTLY\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES\NIGHTLY\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES\NIGHTLY\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES\NIGHTLY\FIREFOX.EXE [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES\NIGHTLY\FIREFOX.EXE" -PREFERENCES [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES\NIGHTLY\FIREFOX.EXE" -SAFE-MODE [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >

Extras

OTL logfile created on: 3/10/2012 12:03:45 PM - Run 2
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.50% Memory free
7.90 Gb Paging File | 6.44 Gb Available in Paging File | 81.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 398.95 Gb Total Space | 348.18 Gb Free Space | 87.27% Space Free | Partition Type: NTFS
Drive E: | 197.12 Gb Total Space | 30.87 Gb Free Space | 15.66% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 08:05:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel®
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/04/26 02:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/23 14:13:26 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/22 10:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/02/17 16:42:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) Intel® Centrino®
DRV:64bit: - [2011/02/15 02:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/01/04 15:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/08/31 05:07:05 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A C0 53 F1 C4 FE CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{00DF1A2E-2316-40AF-9A33-2FA0B4CE9FFC}: "URL" = http://websearch.ask...DF-6D64B4ABB6CE
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 13.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012/03/09 16:41:02 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 13.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS

[2012/03/09 16:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/03/09 16:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/09 16:46:24 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\[email protected]
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMEEPV8F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMEEPV8F.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/03/10 11:40:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADDFF3B6-4B19-48DF-8AED-F75A855BDED3}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/10 11:40:48 | 000,000,324 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2012/03/10 11:40:48 | 000,000,187 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)




ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 11:43:59 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/10 11:40:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/10 11:30:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/10 11:30:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/10 11:30:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/10 11:30:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/10 11:30:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/10 11:24:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/10 10:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/03/10 09:58:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/03/10 09:58:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/03/10 09:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/03/10 09:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2012/03/10 09:12:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
[2012/03/10 08:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBCD4Win
[2012/03/10 08:55:36 | 000,000,000 | ---D | C] -- C:\UBCD4Win
[2012/03/10 08:49:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/10 08:49:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/10 08:49:38 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/10 08:49:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/10 08:49:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/10 08:49:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/10 08:49:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/10 08:49:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/10 08:49:37 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/10 08:49:37 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/10 08:49:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/10 08:49:37 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/10 08:49:37 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/10 08:49:37 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/10 08:49:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/10 08:49:37 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/10 08:49:37 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/10 08:49:37 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/10 08:49:37 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/10 08:49:37 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/10 08:49:37 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/10 08:49:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/10 08:49:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/10 08:49:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/10 08:49:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/10 08:49:37 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/10 08:49:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/10 08:49:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/10 08:49:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/10 08:49:37 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/10 08:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/10 08:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/10 08:49:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/10 08:49:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/10 08:49:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/10 08:49:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/10 08:49:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/10 08:49:37 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/10 08:49:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/10 08:49:37 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/10 08:49:37 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/10 08:49:37 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/10 08:49:37 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/10 08:49:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/10 08:49:37 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/10 08:49:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/10 08:49:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/10 08:49:37 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/10 08:49:37 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/10 08:49:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/10 08:49:37 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/10 08:49:37 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/10 08:49:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/10 08:49:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/10 08:49:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/10 08:49:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/10 08:49:37 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/10 08:49:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/10 08:49:37 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/10 08:49:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/10 08:49:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/10 08:49:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/10 08:49:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/10 08:49:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/10 08:49:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/10 08:49:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/10 08:49:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/10 08:37:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2012/03/10 08:35:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/03/10 08:35:53 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/03/10 08:35:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/03/10 08:35:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/03/10 08:35:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/03/10 08:35:52 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/03/10 08:35:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/03/10 08:35:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/03/10 08:35:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/03/10 08:35:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/03/10 08:35:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/03/10 08:35:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/10 08:35:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/10 08:35:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/03/10 08:35:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/03/10 08:35:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/03/10 08:35:45 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/03/10 08:35:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/03/10 08:35:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/03/10 08:35:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/03/10 08:35:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/03/10 08:35:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/03/10 08:35:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/03/10 08:35:38 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/03/10 08:35:38 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/03/10 08:35:38 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/03/10 08:35:37 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/03/10 08:35:35 | 001,069,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/03/10 08:35:35 | 000,127,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2012/03/10 08:35:34 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
[2012/03/10 08:35:19 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/03/10 08:35:19 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/03/10 08:35:19 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/03/10 08:35:19 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/03/10 08:35:19 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/03/10 08:35:19 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/03/10 08:35:19 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/03/10 08:35:15 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/10 08:35:15 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/10 08:35:15 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/10 08:35:14 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/03/10 08:35:14 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/03/10 08:35:14 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/03/10 08:35:13 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012/03/10 08:35:13 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/03/10 08:35:13 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/03/10 08:35:12 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/03/10 08:35:12 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012/03/10 08:35:12 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/03/10 08:35:12 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/03/10 08:35:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/03/10 08:35:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/03/10 08:35:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/03/10 08:34:42 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/03/10 08:34:42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/03/10 08:34:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/03/10 08:34:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/03/10 08:34:30 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/03/10 08:34:30 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/03/10 08:34:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/03/10 08:34:29 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/03/10 08:34:27 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/03/10 08:34:27 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/03/10 08:34:22 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/03/10 08:34:22 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/03/10 08:34:21 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/03/10 08:34:21 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/03/10 08:34:19 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/03/10 08:34:19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/03/10 08:34:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/03/10 08:34:18 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/03/10 08:34:18 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/03/10 08:34:18 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/03/10 08:34:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/03/10 08:34:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/03/10 08:34:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/03/10 08:34:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/03/10 08:34:08 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/03/10 08:31:41 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/03/10 08:31:41 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/03/10 08:31:40 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/03/10 08:31:40 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/03/10 08:31:40 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/03/10 08:31:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/03/10 08:31:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/03/10 08:31:38 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/03/10 08:31:38 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/03/10 08:31:38 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/03/10 08:31:38 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/03/10 08:31:38 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/03/10 08:31:38 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012/03/10 08:31:38 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012/03/10 08:31:24 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/03/10 08:31:24 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/03/10 08:31:24 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/03/10 08:31:24 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/03/10 08:31:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/03/10 08:31:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/03/10 08:30:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Safer Networking
[2012/03/10 08:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
[2012/03/10 08:30:16 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/03/10 08:30:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/03/10 08:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Universal Extractor
[2012/03/10 08:29:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/03/10 08:29:57 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/03/10 08:29:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/03/10 08:29:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/03/10 08:29:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/03/10 08:29:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/03/10 08:29:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/03/10 08:29:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/03/10 08:29:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/03/10 08:28:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/03/10 08:28:31 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/03/10 08:28:01 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/10 08:28:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/10 08:27:48 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/03/10 08:25:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/03/10 08:25:01 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/03/10 08:25:00 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/03/10 08:24:49 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/03/10 08:24:49 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/03/10 08:24:47 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/03/10 08:24:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/03/10 08:24:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/03/10 08:24:18 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/03/10 08:24:17 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/03/10 08:24:13 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/03/10 08:24:13 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/03/10 08:24:13 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/03/10 08:24:13 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/03/10 08:24:13 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/03/10 08:24:12 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/03/10 08:24:12 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/03/10 08:24:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/03/10 08:24:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/03/10 08:24:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/03/10 08:23:57 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/03/10 08:23:55 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/03/10 08:23:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/03/10 08:23:50 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/10 08:23:49 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/10 08:23:49 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/10 08:09:33 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/10 08:09:33 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/10 08:09:33 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/10 08:09:33 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/10 08:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/10 08:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/03/10 08:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/10 08:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/03/10 08:02:44 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/10 08:02:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/10 08:02:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/10 08:02:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/10 08:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/10 07:06:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/03/10 07:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/10 06:39:57 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/03/10 06:39:56 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/03/10 06:39:56 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/03/10 06:39:56 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/03/10 06:39:56 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/03/10 06:39:56 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/03/10 06:39:56 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/03/10 06:39:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/03/10 06:39:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/03/10 06:39:56 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/03/10 06:39:56 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/03/10 06:39:56 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/03/10 06:39:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/03/10 06:39:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/03/10 06:39:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/03/10 06:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2012/03/10 06:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2012/03/10 06:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2012/03/09 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2012/03/09 23:07:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NeoSmart_Technologies
[2012/03/09 23:03:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATViewer
[2012/03/09 22:52:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/03/09 22:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012/03/09 22:48:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WindowsUpdate
[2012/03/09 22:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/09 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/09 21:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/09 21:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/03/09 20:57:34 | 000,000,000 | ---D | C] -- C:\SPLASH.000
[2012/03/09 20:57:15 | 000,000,000 | ---D | C] -- C:\SPLASH.SYS
[2012/03/09 20:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2012/03/09 20:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012/03/09 20:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint
[2012/03/09 20:44:34 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoinstaller01009.dll
[2012/03/09 20:44:34 | 000,316,024 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\SysNative\drivers\Apfiltr.sys
[2012/03/09 20:44:34 | 000,107,376 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\SysNative\Vxdif.dll
[2012/03/09 20:12:31 | 000,557,848 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/03/09 20:12:12 | 000,404,584 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2012/03/09 20:12:11 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012/03/09 20:11:58 | 000,317,440 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys
[2012/03/09 20:11:56 | 000,014,848 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\IntcDAuC.dll
[2012/03/09 20:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/09 20:10:58 | 009,007,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/03/09 20:10:58 | 000,430,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/03/09 20:10:58 | 000,386,048 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/03/09 20:10:58 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2401.dll
[2012/03/09 20:10:58 | 000,063,488 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/03/09 20:10:57 | 000,577,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2012/03/09 20:10:56 | 009,605,632 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/03/09 20:10:54 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/03/09 20:09:49 | 000,335,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2012/03/09 20:09:48 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2012/03/09 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2012/03/09 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/03/09 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/03/09 19:52:04 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/03/09 19:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/03/09 19:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
[2012/03/09 19:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskCheckup
[2012/03/09 19:22:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Brhs
[2012/03/09 19:22:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\School
[2012/03/09 19:01:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Roadran322
[2012/03/09 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New folder (2)
[2012/03/09 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\X-Chat 2
[2012/03/09 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Downloads
[2012/03/09 17:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Chat 2
[2012/03/09 17:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Chat 2
[2012/03/09 17:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition
[2012/03/09 17:02:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/03/09 17:02:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/03/09 17:01:40 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/09 17:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/03/09 17:01:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/09 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WBFSManager
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\WBFS Manager Covers
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2012/03/09 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/03/09 16:49:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2012/03/09 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/03/09 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2012/03/09 16:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/09 16:40:12 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/09 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/03/09 16:40:09 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012/03/09 16:39:35 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2012/03/09 16:39:35 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/03/09 15:36:10 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/03/09 15:33:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/03/09 15:31:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/03/09 15:30:40 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/03/09 15:25:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/02/14 18:55:04 | 000,276,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2012/02/14 18:55:02 | 005,886,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/02/14 18:55:02 | 000,511,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/02/14 18:55:02 | 000,440,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/02/14 18:55:02 | 000,398,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/02/14 18:55:02 | 000,250,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/02/14 18:55:02 | 000,184,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2012/02/14 18:55:02 | 000,170,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/02/14 18:53:26 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2653.dll
[2012/02/14 18:47:40 | 008,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/02/14 18:47:38 | 014,692,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/02/14 18:44:54 | 006,120,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/02/14 18:35:26 | 007,794,688 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/02/14 17:57:52 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/02/14 17:57:52 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/02/14 17:57:52 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/02/14 17:57:52 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/02/14 17:57:52 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/02/14 17:57:50 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/02/14 17:57:50 | 000,432,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/02/14 17:57:50 | 000,430,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/02/14 17:57:48 | 000,440,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/02/14 17:57:48 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/02/14 17:57:48 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/02/14 17:57:48 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/02/14 17:57:46 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/02/14 17:57:46 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/02/14 17:57:46 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/02/14 17:57:46 | 000,429,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/02/14 17:57:46 | 000,428,544 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/02/14 17:57:44 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/02/14 17:57:42 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/02/14 17:57:18 | 000,410,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/02/14 17:57:14 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/02/14 17:56:34 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/02/14 17:56:06 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/02/14 17:56:04 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/02/14 17:55:06 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/02/14 17:54:36 | 000,321,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/02/14 17:53:08 | 002,967,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012/02/14 17:53:08 | 002,321,408 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll
[2012/02/14 17:53:08 | 000,524,800 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/02/14 17:53:08 | 000,519,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/02/14 17:53:08 | 000,237,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/02/14 17:53:08 | 000,213,504 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/02/14 17:53:08 | 000,193,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/02/14 17:53:08 | 000,177,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll

========== Files - Modified Within 30 Days ==========

[2012/03/10 11:57:51 | 000,040,425 | ---- | M] () -- C:\Users\Administrator\Desktop\Document.rtf
[2012/03/10 11:50:07 | 000,044,195 | ---- | M] () -- C:\Users\Administrator\Desktop\TDSS Killer.rtf
[2012/03/10 11:42:46 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/10 11:42:46 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/10 11:42:46 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/10 11:40:48 | 000,103,140 | RHS- | M] () -- C:\gtoyjy.exe
[2012/03/10 11:40:48 | 000,000,324 | RHS- | M] () -- C:\autorun.inf
[2012/03/10 11:40:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/10 11:38:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 11:37:59 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/10 11:37:01 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 11:37:01 | 000,009,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 11:27:42 | 000,103,140 | RHS- | M] () -- C:\ddeodp.exe
[2012/03/10 10:52:23 | 676,069,376 | ---- | M] () -- C:\Users\Administrator\Desktop\UBCD4WinBuilder.iso
[2012/03/10 10:02:40 | 000,001,437 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/10 10:00:27 | 000,275,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 09:42:31 | 000,047,596 | ---- | M] () -- C:\Users\Administrator\Desktop\ntdetect.com
[2012/03/10 08:59:12 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\UBCD4Win.lnk
[2012/03/10 08:49:38 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/10 08:49:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/10 08:49:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/10 08:49:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/10 08:49:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/10 08:49:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/10 08:49:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/10 08:49:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/10 08:49:37 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/10 08:49:37 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/10 08:49:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/10 08:49:37 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/10 08:49:37 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/10 08:49:37 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/10 08:49:37 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/10 08:49:37 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/10 08:49:37 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/10 08:49:37 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/10 08:49:37 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/10 08:49:37 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/10 08:49:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/10 08:49:37 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/10 08:49:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/10 08:49:37 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/10 08:49:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/10 08:49:37 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/10 08:49:37 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/10 08:49:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/10 08:49:37 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/10 08:49:37 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/10 08:49:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/10 08:49:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/10 08:49:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/10 08:49:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/10 08:49:37 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/10 08:49:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/10 08:49:37 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/10 08:49:37 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/10 08:49:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/10 08:49:37 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/10 08:49:37 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/10 08:49:37 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/10 08:49:37 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/10 08:49:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/10 08:49:37 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/10 08:49:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/10 08:49:37 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/10 08:49:37 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/10 08:49:37 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/10 08:49:37 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/10 08:49:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/10 08:49:37 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/10 08:49:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/10 08:49:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/10 08:49:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/10 08:49:37 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/10 08:49:37 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/10 08:49:37 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/10 08:49:37 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/10 08:49:37 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/10 08:49:37 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/10 08:49:37 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/10 08:49:37 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/10 08:49:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/10 08:49:37 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/10 08:49:37 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/10 08:40:01 | 000,001,664 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/03/10 08:34:51 | 001,069,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/03/10 08:34:51 | 000,127,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2012/03/10 08:34:50 | 000,010,752 | ---- | M] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
[2012/03/10 08:09:30 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/10 08:09:30 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/10 08:09:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/10 08:09:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/10 08:02:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/10 08:02:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/10 08:02:41 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/10 08:02:41 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/10 07:03:09 | 000,000,563 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2012/03/10 06:35:27 | 000,001,430 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.0 Home Edition.lnk
[2012/03/10 06:20:52 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/03/10 06:09:55 | 000,001,322 | ---- | M] () -- C:\Document.rtf
[2012/03/09 21:44:31 | 000,001,539 | ---- | M] () -- C:\Users\Administrator\Desktop\Xana3D.jpg
[2012/03/09 20:57:34 | 000,000,086 | -H-- | M] () -- C:\splash.idx
[2012/03/09 20:44:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/03/09 19:09:50 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/03/09 17:49:49 | 000,001,713 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2012/03/09 17:01:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/09 16:20:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bpusb_01007.Wdf
[2012/03/09 15:36:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/09 15:34:37 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/03/09 15:34:37 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/03/08 16:51:50 | 002,469,760 | ---- | M] () -- C:\Windows\SysWow64\BootMan.exe
[2012/03/08 16:51:40 | 003,321,728 | ---- | M] () -- C:\Windows\SysNative\BootMan.exe
[2012/02/14 21:35:16 | 000,018,520 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2012/02/14 18:55:02 | 005,886,232 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/02/14 18:55:02 | 000,511,768 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/02/14 18:55:02 | 000,440,600 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/02/14 18:55:02 | 000,398,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/02/14 18:55:02 | 000,250,136 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/02/14 18:55:02 | 000,184,600 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2012/02/14 18:55:02 | 000,170,264 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/02/14 18:53:26 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2653.dll
[2012/02/14 18:47:40 | 008,086,528 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/02/14 18:47:06 | 000,963,912 | ---- | M] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,963,912 | ---- | M] () -- C:\Windows\SysNative\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | M] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | M] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/02/14 18:47:06 | 000,079,360 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2012/02/14 18:44:54 | 006,120,960 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/02/14 18:44:24 | 000,058,880 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 18:42:58 | 009,605,632 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/02/14 18:35:26 | 007,794,688 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/02/14 18:07:18 | 018,125,312 | ---- | M] () -- C:\Windows\SysNative\ig4icd64.dll
[2012/02/14 17:59:56 | 013,209,600 | ---- | M] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/14 17:58:08 | 000,144,338 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/02/14 17:58:08 | 000,139,487 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/02/14 17:58:06 | 000,221,099 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/02/14 17:58:06 | 000,143,155 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/02/14 17:58:06 | 000,124,962 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/02/14 17:58:06 | 000,123,467 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/02/14 17:58:04 | 000,191,775 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/02/14 17:58:04 | 000,141,435 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/02/14 17:58:04 | 000,140,122 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/02/14 17:58:04 | 000,136,451 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/02/14 17:58:02 | 000,142,664 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/02/14 17:58:02 | 000,141,644 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/02/14 17:58:02 | 000,140,923 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/02/14 17:58:00 | 000,161,613 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/02/14 17:58:00 | 000,146,675 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/02/14 17:58:00 | 000,142,335 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/02/14 17:58:00 | 000,136,369 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/02/14 17:57:58 | 000,157,226 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/02/14 17:57:58 | 000,148,033 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/02/14 17:57:58 | 000,143,805 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/02/14 17:57:58 | 000,142,189 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/02/14 17:57:56 | 000,207,830 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/02/14 17:57:56 | 000,145,687 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/02/14 17:57:56 | 000,145,579 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/02/14 17:57:56 | 000,140,549 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/02/14 17:57:54 | 000,164,334 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/02/14 17:57:54 | 000,140,885 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/02/14 17:57:54 | 000,135,868 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/02/14 17:57:52 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/02/14 17:57:52 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/02/14 17:57:52 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/02/14 17:57:52 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/02/14 17:57:52 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/02/14 17:57:50 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/02/14 17:57:50 | 000,432,128 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/02/14 17:57:50 | 000,430,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/02/14 17:57:48 | 000,440,320 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/02/14 17:57:48 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/02/14 17:57:48 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/02/14 17:57:48 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/02/14 17:57:46 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/02/14 17:57:46 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/02/14 17:57:46 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/02/14 17:57:46 | 000,429,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/02/14 17:57:46 | 000,428,544 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/02/14 17:57:44 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/02/14 17:57:44 | 000,131,317 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/02/14 17:57:42 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/02/14 17:57:22 | 000,386,048 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/02/14 17:57:18 | 000,410,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/02/14 17:57:14 | 000,028,672 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/02/14 17:57:06 | 000,063,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/02/14 17:56:42 | 000,110,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/02/14 17:56:34 | 000,430,080 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/02/14 17:56:34 | 000,172,032 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/02/14 17:56:34 | 000,009,216 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/02/14 17:56:06 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/02/14 17:56:04 | 000,142,336 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/02/14 17:56:02 | 009,007,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/02/14 17:55:06 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/02/14 17:54:36 | 000,321,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/02/14 17:53:26 | 000,000,264 | ---- | M] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/02/14 17:53:08 | 002,967,040 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012/02/14 17:53:08 | 002,321,408 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll
[2012/02/14 17:53:08 | 000,524,800 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/02/14 17:53:08 | 000,519,680 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/02/14 17:53:08 | 000,237,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/02/14 17:53:08 | 000,213,504 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/02/14 17:53:08 | 000,193,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/02/14 17:53:08 | 000,177,152 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll
[2012/02/14 17:53:08 | 000,059,425 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/02/14 17:53:08 | 000,059,398 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/02/14 17:53:08 | 000,059,230 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/02/14 17:53:08 | 000,059,104 | ---- | M] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012/02/14 17:53:08 | 000,058,796 | ---- | M] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012/02/14 17:53:08 | 000,058,109 | ---- | M] () -- C:\Windows\SysNative\iglhxo64_dev.vp

========== Files Created - No Company Name ==========

[2012/03/10 11:57:51 | 000,040,425 | ---- | C] () -- C:\Users\Administrator\Desktop\Document.rtf
[2012/03/10 11:50:07 | 000,044,195 | ---- | C] () -- C:\Users\Administrator\Desktop\TDSS Killer.rtf
[2012/03/10 11:40:48 | 000,103,140 | RHS- | C] () -- C:\gtoyjy.exe
[2012/03/10 11:40:26 | 000,000,324 | RHS- | C] () -- C:\autorun.inf
[2012/03/10 11:30:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/10 11:30:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/10 11:30:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/10 11:30:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/10 11:30:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/10 11:28:33 | 000,001,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012/03/10 11:27:42 | 000,103,140 | RHS- | C] () -- C:\ddeodp.exe
[2012/03/10 10:51:52 | 676,069,376 | ---- | C] () -- C:\Users\Administrator\Desktop\UBCD4WinBuilder.iso
[2012/03/10 09:42:30 | 000,047,596 | ---- | C] () -- C:\Users\Administrator\Desktop\ntdetect.com
[2012/03/10 08:59:12 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\UBCD4Win.lnk
[2012/03/10 08:49:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/10 08:40:01 | 000,001,664 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/03/10 06:35:27 | 000,001,430 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 9.1.0 Home Edition.lnk
[2012/03/10 06:22:37 | 1073,741,824 | ---- | C] () -- C:\Users\Administrator\Desktop\test
[2012/03/10 06:20:52 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\FileASSASSIN.lnk
[2012/03/10 06:09:55 | 000,001,322 | ---- | C] () -- C:\Document.rtf
[2012/03/09 22:46:25 | 000,001,437 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/09 21:44:31 | 000,001,539 | ---- | C] () -- C:\Users\Administrator\Desktop\Xana3D.jpg
[2012/03/09 20:44:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/03/09 20:12:11 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/03/09 20:10:54 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/03/09 20:10:50 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/03/09 20:10:42 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/03/09 20:10:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/09 20:10:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012/03/09 19:52:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/09 17:48:59 | 000,001,713 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2012/03/09 17:09:25 | 000,000,563 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2012/03/09 17:09:06 | 003,321,728 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2012/03/09 17:09:06 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/03/09 17:09:06 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2012/03/09 17:09:06 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/03/09 17:09:06 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/03/09 17:09:06 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2012/03/09 17:09:06 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2012/03/09 17:09:06 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/03/09 17:09:06 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2012/03/09 17:09:06 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/03/09 16:41:02 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/03/09 16:41:02 | 000,000,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2012/03/09 16:40:17 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/09 16:40:13 | 000,001,443 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/09 16:39:35 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/09 16:39:35 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/09 16:20:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bpusb_01007.Wdf
[2012/03/09 15:36:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/09 15:34:21 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/09 15:34:05 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/09 15:30:37 | 3180,220,416 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/14 21:35:16 | 000,018,520 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/02/14 18:47:06 | 000,079,360 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2012/02/14 18:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 18:07:18 | 018,125,312 | ---- | C] () -- C:\Windows\SysNative\ig4icd64.dll
[2012/02/14 17:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/14 17:58:08 | 000,144,338 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/02/14 17:58:08 | 000,139,487 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/02/14 17:58:06 | 000,221,099 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/02/14 17:58:06 | 000,143,155 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/02/14 17:58:06 | 000,124,962 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/02/14 17:58:06 | 000,123,467 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/02/14 17:58:04 | 000,191,775 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/02/14 17:58:04 | 000,141,435 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/02/14 17:58:04 | 000,140,122 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/02/14 17:58:04 | 000,136,451 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/02/14 17:58:02 | 000,142,664 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/02/14 17:58:02 | 000,141,644 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/02/14 17:58:02 | 000,140,923 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/02/14 17:58:00 | 000,161,613 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/02/14 17:58:00 | 000,146,675 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/02/14 17:58:00 | 000,142,335 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/02/14 17:58:00 | 000,136,369 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/02/14 17:57:58 | 000,157,226 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/02/14 17:57:58 | 000,148,033 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/02/14 17:57:58 | 000,143,805 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/02/14 17:57:58 | 000,142,189 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/02/14 17:57:56 | 000,207,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/02/14 17:57:56 | 000,145,687 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/02/14 17:57:56 | 000,145,579 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/02/14 17:57:56 | 000,140,549 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/02/14 17:57:54 | 000,164,334 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/02/14 17:57:54 | 000,140,885 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/02/14 17:57:54 | 000,135,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/02/14 17:57:44 | 000,131,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/02/14 17:56:34 | 000,009,216 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/02/14 17:53:26 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/02/14 17:53:08 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/02/14 17:53:08 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/02/14 17:53:08 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/02/14 17:53:08 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012/02/14 17:53:08 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012/02/14 17:53:08 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2012/03/10 11:27:42 | 000,103,140 | RHS- | M] () -- C:\ddeodp.exe
[2012/03/10 11:40:48 | 000,103,140 | RHS- | M] () -- C:\gtoyjy.exe

< %SYSTEMDRIVE%\*.exe >
[2012/03/10 11:27:42 | 000,103,140 | RHS- | M] () -- C:\ddeodp.exe
[2012/03/10 11:40:48 | 000,103,140 | RHS- | M] () -- C:\gtoyjy.exe

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/03/09 19:52:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/03/09 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATViewer
[2012/03/09 16:40:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/03/09 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/03/10 07:06:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/07/13 23:45:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/03/10 09:18:27 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/03/09 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/03/10 08:30:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Safer Networking
[2012/03/09 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/10 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/03/10 08:37:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2012/03/10 08:12:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\X-Chat 2


< MD5 for: ATAPI.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Administrator\Downloads\Win XP OEM Untouched\Windows XP Professional SP3 (x86) OEM Edition\I386\sp3.cab:atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\UBCD4Win\plugin\!Critical\Large IDE-Fix\files\sp2\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\UBCD4Win\BartPE\I386\EXPLORER.EXE
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/11/11 08:48:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/11 08:45:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/11 08:48:40 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/11 08:45:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/11 08:48:40 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/11/11 08:45:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/11/11 08:48:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/11/11 08:45:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2008/04/14 04:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2008/04/14 04:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINLOGON.EXE

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Nightly\uninstall\helper.exe" /HideShortcuts [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Nightly\uninstall\helper.exe" /ShowShortcuts [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Nightly\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Nightly\firefox.exe [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Nightly\firefox.exe" -preferences [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Nightly\firefox.exe" -safe-mode [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES\NIGHTLY\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES\NIGHTLY\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES\NIGHTLY\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/03/09 10:03:09 | 001,990,532 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES\NIGHTLY\FIREFOX.EXE [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES\NIGHTLY\FIREFOX.EXE" -PREFERENCES [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES\NIGHTLY\FIREFOX.EXE" -SAFE-MODE [2012/03/09 10:03:09 | 000,906,240 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >


VEW Log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/03/2012 12:31:16 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 10/03/2012 8:14:39 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.



VEW Application Log

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/03/2012 12:31:57 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 10/03/2012 8:15:46 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: VESMgrSub.exe, version: 5.5.0.1140, time stamp: 0x4d5e44f5 Faulting module name: VESTransform.dll, version: 5.5.0.3040, time stamp: 0x4d709f4e Exception code: 0xc0000005 Fault offset: 0x000122d0 Faulting process id: 0x65c Faulting application start time: 0x01ccfefa8fd97748 Faulting application path: C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe Faulting module path: C:\Program Files (x86)\Sony\VAIO Event Service\VESTransform.dll Report Id: d1e00628-6aed-11e1-b91f-78843ce06a81

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
RKinner
Posted 10 March 2012 - 12:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Did you get a TDSSKiller log?
Also you posted the OTL log twice and not the Extras log.
When you ran aswMBR did you uncheck the trace disk IO calls?


Looks like we didn't get all of it. It came back. See if you can get Flash_Disinfector to run:

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Right-click Flash_Disinfector.exe and Run As Administrator and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

If that works then we should be able to kill it. If not try:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


cd  \

del  autorun.inf

mkdir  autorun.inf

e:

cd  \

del  autorun.inf

mkdir  autorun.inf

Then reboot. (I use two spaces in the code box so you can see where one space goes.)

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
cd  \

del  ddeodp.exe

del  gtoyjy.exe

del  *.exe

sc  config  amsint32  start=  disabled

reboot.

Regardless of whether any of the above worked or not:



Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

AtJob::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\qntmon.sys
C:\gtoyjy.exe
C:\ddeodp.exe

Driver::
amsint32

RootKit::
c:\windows\system32\drivers\qntmon.sys
C:\gtoyjy.exe
C:\ddeodp.exe
******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

I don't see an anti-virus. Let's install the free Avast.

http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
qntmon.sys
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#5
roadran
Posted 10 March 2012 - 03:37 PM

roadran

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Nothing pops up or happens when I run the Flash_Disinfector, I did disable Trace Disk IO Calls and sorry, here are the logs



Extra

OTL Extras logfile created on: 3/10/2012 12:03:45 PM - Run 2
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.47 Gb Available Physical Memory | 62.50% Memory free
7.90 Gb Paging File | 6.44 Gb Available in Paging File | 81.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 398.95 Gb Total Space | 348.18 Gb Free Space | 87.27% Space Free | Partition Type: NTFS
Drive E: | 197.12 Gb Total Space | 30.87 Gb Free Space | 15.66% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Nightly\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 1
"FIREWALLDISABLENOTIFY" = 1
"UPDATESDISABLENOTIFY" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:ipsec
"C:\Users\Administrator\Downloads\aswMBR.exe" = C:\Users\Administrator\Downloads\aswMBR.exe:*:Enabled:ipsec -- (AVAST Software)
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:ipsec
"C:\Users\Administrator\Downloads\aswMBR.exe" = C:\Users\Administrator\Downloads\aswMBR.exe:*:Enabled:ipsec -- (AVAST Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nightly 13.0a1 (x64 en-US)" = Nightly 13.0a1 (x64 en-US)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"DiskCheckup_is1" = DiskCheckup v3.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"FileASSASSIN" = FileASSASSIN
"splashtop" = Quick Web Access
"UBCD4Win_is1" = UBCD4Win 3.60
"Universal Extractor_is1" = Universal Extractor 1.6.1
"WBFS Manager 3.0" = WBFS Manager 3.0
"X-Chat 2_is1" = X-Chat 2.8.6-2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 2:42:28 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UniExtract.exe, version: 1.6.1.0, time
stamp: 0x4bc81615 Faulting module name: UniExtract.exe, version: 1.6.1.0, time stamp:
0x4bc81615 Exception code: 0xc0000005 Fault offset: 0x000c217a Faulting process id:
0x8bc Faulting application start time: 0x01ccfeed8b172c29 Faulting application path:
C:\Program Files (x86)\Universal Extractor\UniExtract.exe Faulting module path:
C:\Program Files (x86)\Universal Extractor\UniExtract.exe Report Id: c8cf86ae-6ae0-11e1-aff8-78843ce06a81

Error - 3/10/2012 2:42:34 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UniExtract.exe, version: 1.6.1.0, time
stamp: 0x4bc81615 Faulting module name: UniExtract.exe, version: 1.6.1.0, time stamp:
0x4bc81615 Exception code: 0xc0000005 Fault offset: 0x000c217a Faulting process id:
0xecc Faulting application start time: 0x01ccfeed8ef3d893 Faulting application path:
C:\Program Files (x86)\Universal Extractor\UniExtract.exe Faulting module path:
C:\Program Files (x86)\Universal Extractor\UniExtract.exe Report Id: ccaca84a-6ae0-11e1-aff8-78843ce06a81

Error - 3/10/2012 2:42:52 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: UniExtract.exe, version: 1.6.1.0, time
stamp: 0x4bc81615 Faulting module name: UniExtract.exe, version: 1.6.1.0, time stamp:
0x4bc81615 Exception code: 0xc0000005 Fault offset: 0x000c217a Faulting process id:
0x194 Faulting application start time: 0x01ccfeed99a2398c Faulting application path:
C:\Program Files (x86)\Universal Extractor\UniExtract.exe Faulting module path:
C:\Program Files (x86)\Universal Extractor\UniExtract.exe Report Id: d75a9412-6ae0-11e1-aff8-78843ce06a81

Error - 3/10/2012 2:50:50 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Users\ADMINI~1\AppData\Local\Temp\GLF4A96\VCC\setup.exe
-s -removeonly -f1C:\Users\ADMINI~1\AppData\Local\Temp\GLF4A96\VCC\uninst.iss;
Description = Removed VAIO Control Center; Error = 0x80070422).

Error - 3/10/2012 2:51:03 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Users\ADMINI~1\AppData\Local\Temp\GLF4A96\BC\setup.exe
-s -removeonly -f1C:\Users\ADMINI~1\AppData\Local\Temp\GLF4A96\BC\uninst.iss; Description
= Removed ISB Utility; Error = 0x80070422).

Error - 3/10/2012 3:26:12 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: VESMgrSub.exe, version: 5.5.0.1140, time
stamp: 0x4d5e44f5 Faulting module name: VESTransform.dll, version: 5.5.0.3040, time
stamp: 0x4d709f4e Exception code: 0xc0000005 Fault offset: 0x000122d0 Faulting process
id: 0x674 Faulting application start time: 0x01ccfef3a5638d70 Faulting application
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe Faulting module
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESTransform.dll Report Id:
e53ab8f0-6ae6-11e1-b28c-78843ce06a81

Error - 3/10/2012 3:28:02 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Users\ADMINI~1\AppData\Local\Temp\GLF4A96\BC\setup.exe
-s -SMS -f1C:\Users\ADMINI~1\AppData\Local\Temp\GLF4A96\BC\setup.iss; Description
= Installed ISB Utility; Error = 0x80070422).

Error - 3/10/2012 3:28:27 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Users\ADMINI~1\AppData\Local\Temp\GLF4A96\VCC\setup.exe
-s -SMS -f1C:\Users\ADMINI~1\AppData\Local\Temp\GLF4A96\VCC\setup.iss; Description
= Installed VAIO Control Center; Error = 0x80070422).

Error - 3/10/2012 3:30:42 PM | Computer Name = Home-PC | Source = System Restore | ID = 8193
Description = Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe;
Description = ComboFix created restore point; Error = 0x80070422).

Error - 3/10/2012 3:38:34 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: VESMgrSub.exe, version: 5.5.0.1140, time
stamp: 0x4d5e44f5 Faulting module name: VESTransform.dll, version: 5.5.0.3040, time
stamp: 0x4d709f4e Exception code: 0xc0000005 Fault offset: 0x000122d0 Faulting process
id: 0x650 Faulting application start time: 0x01ccfef55f44dbe5 Faulting application
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe Faulting module
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESTransform.dll Report Id:
9f2f1267-6ae8-11e1-92f6-78843ce06a81

[ System Events ]
Error - 3/10/2012 3:38:27 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 3/10/2012 3:40:15 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/10/2012 3:40:15 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%1275

Error - 3/10/2012 3:55:23 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%2

Error - 3/10/2012 3:55:23 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/10/2012 3:55:23 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%1275

Error - 3/10/2012 3:56:55 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/10/2012 3:56:55 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%1275

Error - 3/10/2012 3:56:55 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/10/2012 3:56:55 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%1275


< End of report >

TDSSKiller

11:45:15.0285 3724 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39
11:45:15.0768 3724 ============================================================
11:45:15.0768 3724 Current date / time: 2012/03/10 11:45:15.0768
11:45:15.0768 3724 SystemInfo:
11:45:15.0768 3724
11:45:15.0768 3724 OS Version: 6.1.7600 ServicePack: 0.0
11:45:15.0768 3724 Product type: Workstation
11:45:15.0768 3724 ComputerName: HOME-PC
11:45:15.0768 3724 UserName: Administrator
11:45:15.0768 3724 Windows directory: C:\Windows
11:45:15.0768 3724 System windows directory: C:\Windows
11:45:15.0768 3724 Running under WOW64
11:45:15.0768 3724 Processor architecture: Intel x64
11:45:15.0768 3724 Number of processors: 4
11:45:15.0768 3724 Page size: 0x1000
11:45:15.0768 3724 Boot type: Normal boot
11:45:15.0768 3724 ============================================================
11:45:17.0812 3724 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:45:17.0828 3724 \Device\Harddisk0\DR0:
11:45:17.0828 3724 MBR used
11:45:17.0828 3724 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:45:17.0828 3724 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32FD0, BlocksNum 0x18A3FE42
11:45:17.0828 3724 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x18A72E18, BlocksNum 0x31DE49E8
11:45:18.0218 3724 Initialize success
11:45:18.0218 3724 ============================================================
11:46:13.0894 3884 ============================================================
11:46:13.0894 3884 Scan started
11:46:13.0894 3884 Mode: Manual; SigCheck; TDLFS;
11:46:13.0894 3884 ============================================================
11:46:18.0231 3884 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
11:46:18.0340 3884 1394ohci - ok
11:46:20.0618 3884 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
11:46:20.0711 3884 ACPI - ok
11:46:22.0069 3884 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
11:46:22.0178 3884 AcpiPmi - ok
11:46:24.0596 3884 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:46:24.0627 3884 adp94xx - ok
11:46:26.0842 3884 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:46:26.0873 3884 adpahci - ok
11:46:28.0714 3884 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:46:28.0730 3884 adpu320 - ok
11:46:31.0039 3884 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
11:46:31.0101 3884 AFD - ok
11:46:32.0567 3884 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
11:46:32.0599 3884 agp440 - ok
11:46:34.0159 3884 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
11:46:34.0174 3884 aliide - ok
11:46:35.0609 3884 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
11:46:35.0641 3884 amdide - ok
11:46:36.0873 3884 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:46:36.0904 3884 AmdK8 - ok
11:46:37.0419 3884 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:46:37.0450 3884 AmdPPM - ok
11:46:38.0464 3884 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
11:46:38.0480 3884 amdsata - ok
11:46:39.0728 3884 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:46:39.0759 3884 amdsbs - ok
11:46:40.0742 3884 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
11:46:40.0757 3884 amdxata - ok
11:46:41.0912 3884 ApfiltrService (d80cb25d90474c731c0d1312a6de3b13) C:\Windows\system32\DRIVERS\Apfiltr.sys
11:46:41.0943 3884 ApfiltrService - ok
11:46:43.0144 3884 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
11:46:43.0222 3884 AppID - ok
11:46:44.0221 3884 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:46:44.0236 3884 arc - ok
11:46:45.0359 3884 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:46:45.0375 3884 arcsas - ok
11:46:46.0841 3884 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:46:46.0888 3884 AsyncMac - ok
11:46:47.0855 3884 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
11:46:47.0871 3884 atapi - ok
11:46:48.0901 3884 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:46:48.0932 3884 b06bdrv - ok
11:46:49.0930 3884 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:46:49.0961 3884 b57nd60a - ok
11:46:51.0209 3884 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:46:51.0272 3884 Beep - ok
11:46:52.0473 3884 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:46:52.0520 3884 blbdrive - ok
11:46:53.0690 3884 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
11:46:53.0737 3884 bowser - ok
11:46:55.0031 3884 bpusb (2ee68405bbade51cbe1c973ff3a1a400) C:\Windows\system32\Drivers\bpusb.sys
11:46:55.0109 3884 bpusb - ok
11:46:56.0295 3884 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:46:56.0326 3884 BrFiltLo - ok
11:46:57.0886 3884 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:46:57.0902 3884 BrFiltUp - ok
11:46:59.0119 3884 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:46:59.0181 3884 BridgeMP - ok
11:47:00.0242 3884 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:47:00.0320 3884 Brserid - ok
11:47:01.0318 3884 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:47:01.0349 3884 BrSerWdm - ok
11:47:02.0239 3884 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:47:02.0254 3884 BrUsbMdm - ok
11:47:03.0206 3884 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:47:03.0237 3884 BrUsbSer - ok
11:47:04.0220 3884 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:47:04.0235 3884 BTHMODEM - ok
11:47:04.0282 3884 catchme - ok
11:47:05.0374 3884 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:47:05.0437 3884 cdfs - ok
11:47:06.0638 3884 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
11:47:06.0700 3884 cdrom - ok
11:47:07.0761 3884 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:47:07.0808 3884 circlass - ok
11:47:08.0494 3884 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:47:08.0525 3884 CLFS - ok
11:47:10.0117 3884 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:47:10.0148 3884 CmBatt - ok
11:47:11.0006 3884 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
11:47:11.0021 3884 cmdide - ok
11:47:12.0347 3884 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
11:47:12.0394 3884 CNG - ok
11:47:13.0611 3884 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:47:13.0627 3884 Compbatt - ok
11:47:14.0921 3884 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
11:47:14.0953 3884 CompositeBus - ok
11:47:16.0013 3884 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:47:16.0029 3884 crcdisk - ok
11:47:17.0402 3884 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
11:47:17.0449 3884 CSC - ok
11:47:18.0385 3884 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
11:47:18.0431 3884 DfsC - ok
11:47:19.0508 3884 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:47:19.0570 3884 discache - ok
11:47:21.0130 3884 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:47:21.0161 3884 Disk - ok
11:47:22.0066 3884 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:47:22.0097 3884 drmkaud - ok
11:47:23.0346 3884 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
11:47:23.0377 3884 DXGKrnl - ok
11:47:24.0578 3884 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:47:24.0734 3884 ebdrv - ok
11:47:25.0920 3884 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:47:25.0966 3884 elxstor - ok
11:47:26.0809 3884 epmntdrv (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
11:47:26.0809 3884 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
11:47:26.0809 3884 epmntdrv - detected UnsignedFile.Multi.Generic (1)
11:47:27.0776 3884 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
11:47:27.0807 3884 ErrDev - ok
11:47:28.0618 3884 EuGdiDrv (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
11:47:28.0634 3884 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
11:47:28.0634 3884 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
11:47:29.0882 3884 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:47:29.0929 3884 exfat - ok
11:47:30.0865 3884 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:47:30.0927 3884 fastfat - ok
11:47:31.0738 3884 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:47:31.0754 3884 fdc - ok
11:47:32.0846 3884 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:47:32.0862 3884 FileInfo - ok
11:47:33.0907 3884 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:47:33.0954 3884 Filetrace - ok
11:47:34.0936 3884 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:47:34.0999 3884 flpydisk - ok
11:47:36.0044 3884 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
11:47:36.0060 3884 FltMgr - ok
11:47:37.0136 3884 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:47:37.0152 3884 FsDepends - ok
11:47:38.0056 3884 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:47:38.0088 3884 Fs_Rec - ok
11:47:39.0039 3884 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:47:39.0070 3884 fvevol - ok
11:47:40.0006 3884 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:47:40.0022 3884 gagp30kx - ok
11:47:40.0974 3884 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:47:41.0005 3884 hcw85cir - ok
11:47:41.0956 3884 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
11:47:41.0988 3884 HdAudAddService - ok
11:47:43.0189 3884 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:47:43.0220 3884 HDAudBus - ok
11:47:44.0265 3884 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:47:44.0281 3884 HidBatt - ok
11:47:45.0388 3884 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:47:45.0420 3884 HidBth - ok
11:47:46.0184 3884 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:47:46.0231 3884 HidIr - ok
11:47:47.0229 3884 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
11:47:47.0276 3884 HidUsb - ok
11:47:48.0337 3884 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
11:47:48.0368 3884 HpSAMD - ok
11:47:49.0257 3884 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
11:47:49.0335 3884 HTTP - ok
11:47:50.0193 3884 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
11:47:50.0209 3884 hwpolicy - ok
11:47:51.0223 3884 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
11:47:51.0238 3884 i8042prt - ok
11:47:52.0252 3884 iaStor (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\DRIVERS\iaStor.sys
11:47:52.0284 3884 iaStor - ok
11:47:53.0532 3884 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
11:47:53.0563 3884 iaStorV - ok
11:47:56.0698 3884 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:47:57.0182 3884 igfx - ok
11:47:58.0430 3884 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:47:58.0446 3884 iirsp - ok
11:48:00.0146 3884 IntcDAud (4429b91b0fe91f9be8e24e93cc960368) C:\Windows\system32\DRIVERS\IntcDAud.sys
11:48:00.0193 3884 IntcDAud - ok
11:48:01.0300 3884 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
11:48:01.0316 3884 intelide - ok
11:48:02.0346 3884 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:48:02.0361 3884 intelppm - ok
11:48:03.0718 3884 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:48:03.0781 3884 IpFilterDriver - ok
11:48:04.0779 3884 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
11:48:04.0810 3884 IPMIDRV - ok
11:48:06.0402 3884 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:48:06.0464 3884 IPNAT - ok
11:48:08.0430 3884 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:48:08.0539 3884 IRENUM - ok
11:48:10.0052 3884 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
11:48:10.0068 3884 isapnp - ok
11:48:11.0706 3884 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
11:48:11.0721 3884 iScsiPrt - ok
11:48:12.0642 3884 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:48:12.0657 3884 kbdclass - ok
11:48:15.0169 3884 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
11:48:15.0200 3884 kbdhid - ok
11:48:16.0869 3884 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
11:48:16.0900 3884 KSecDD - ok
11:48:18.0117 3884 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
11:48:18.0133 3884 KSecPkg - ok
11:48:19.0818 3884 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:48:19.0880 3884 ksthunk - ok
11:48:21.0284 3884 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:48:21.0346 3884 lltdio - ok
11:48:22.0563 3884 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:48:22.0594 3884 LSI_FC - ok
11:48:23.0281 3884 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:48:23.0296 3884 LSI_SAS - ok
11:48:24.0076 3884 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:48:24.0092 3884 LSI_SAS2 - ok
11:48:25.0449 3884 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:48:25.0465 3884 LSI_SCSI - ok
11:48:26.0448 3884 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:48:26.0526 3884 luafv - ok
11:48:27.0321 3884 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:48:27.0337 3884 megasas - ok
11:48:28.0164 3884 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:48:28.0195 3884 MegaSR - ok
11:48:29.0209 3884 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:48:29.0271 3884 Modem - ok
11:48:30.0660 3884 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:48:30.0691 3884 monitor - ok
11:48:31.0580 3884 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:48:31.0596 3884 mouclass - ok
11:48:32.0048 3884 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:48:32.0064 3884 mouhid - ok
11:48:32.0126 3884 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
11:48:32.0157 3884 mountmgr - ok
11:48:32.0766 3884 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
11:48:32.0781 3884 mpio - ok
11:48:33.0327 3884 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:48:33.0390 3884 mpsdrv - ok
11:48:33.0904 3884 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
11:48:33.0951 3884 MRxDAV - ok
11:48:34.0528 3884 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:48:34.0575 3884 mrxsmb - ok
11:48:35.0371 3884 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:48:35.0402 3884 mrxsmb10 - ok
11:48:35.0698 3884 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:48:35.0808 3884 mrxsmb20 - ok
11:48:35.0886 3884 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
11:48:35.0901 3884 msahci - ok
11:48:35.0932 3884 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
11:48:35.0948 3884 msdsm - ok
11:48:36.0026 3884 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:48:36.0073 3884 Msfs - ok
11:48:37.0492 3884 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:48:37.0555 3884 mshidkmdf - ok
11:48:38.0787 3884 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
11:48:38.0803 3884 msisadrv - ok
11:48:40.0659 3884 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:48:40.0706 3884 MSKSSRV - ok
11:48:42.0656 3884 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:48:42.0734 3884 MSPCLOCK - ok
11:48:44.0122 3884 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:48:44.0185 3884 MSPQM - ok
11:48:46.0166 3884 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
11:48:46.0213 3884 MsRPC - ok
11:48:48.0350 3884 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
11:48:48.0366 3884 mssmbios - ok
11:48:49.0754 3884 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:48:49.0801 3884 MSTEE - ok
11:48:50.0877 3884 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:48:50.0908 3884 MTConfig - ok
11:48:51.0735 3884 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:48:51.0751 3884 Mup - ok
11:48:53.0264 3884 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:48:53.0311 3884 NativeWifiP - ok
11:48:54.0262 3884 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
11:48:54.0309 3884 NDIS - ok
11:48:55.0448 3884 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:48:55.0542 3884 NdisCap - ok
11:48:56.0571 3884 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:48:56.0665 3884 NdisTapi - ok
11:48:57.0679 3884 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
11:48:57.0741 3884 Ndisuio - ok
11:48:58.0942 3884 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:48:59.0020 3884 NdisWan - ok
11:49:00.0003 3884 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
11:49:00.0050 3884 NDProxy - ok
11:49:01.0126 3884 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:49:01.0173 3884 NetBIOS - ok
11:49:02.0858 3884 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
11:49:02.0905 3884 NetBT - ok
11:49:04.0652 3884 NETwNs64 (b9c587bdaa61a689883439d5ae6fe7f3) C:\Windows\system32\DRIVERS\NETwNs64.sys
11:49:04.0933 3884 NETwNs64 - ok
11:49:05.0916 3884 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:49:05.0947 3884 nfrd960 - ok
11:49:07.0039 3884 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:49:07.0101 3884 Npfs - ok
11:49:08.0536 3884 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:49:08.0599 3884 nsiproxy - ok
11:49:09.0769 3884 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
11:49:09.0800 3884 Ntfs - ok
11:49:11.0001 3884 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:49:11.0064 3884 Null - ok
11:49:12.0109 3884 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
11:49:12.0124 3884 nvraid - ok
11:49:13.0466 3884 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
11:49:13.0497 3884 nvstor - ok
11:49:14.0184 3884 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
11:49:14.0215 3884 nv_agp - ok
11:49:15.0198 3884 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
11:49:15.0229 3884 ohci1394 - ok
11:49:15.0744 3884 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:49:15.0775 3884 Parport - ok
11:49:15.0931 3884 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
11:49:15.0962 3884 partmgr - ok
11:49:15.0993 3884 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
11:49:16.0024 3884 pci - ok
11:49:16.0040 3884 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
11:49:16.0056 3884 pciide - ok
11:49:16.0071 3884 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:49:16.0102 3884 pcmcia - ok
11:49:16.0118 3884 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:49:16.0118 3884 pcw - ok
11:49:16.0149 3884 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:49:16.0212 3884 PEAUTH - ok
11:49:17.0007 3884 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
11:49:17.0085 3884 PptpMiniport - ok
11:49:17.0569 3884 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:49:17.0616 3884 Processor - ok
11:49:17.0772 3884 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
11:49:17.0819 3884 Psched - ok
11:49:17.0959 3884 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:49:18.0053 3884 ql2300 - ok
11:49:18.0599 3884 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:49:18.0614 3884 ql40xx - ok
11:49:19.0113 3884 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:49:19.0160 3884 QWAVEdrv - ok
11:49:19.0519 3884 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:49:19.0581 3884 RasAcd - ok
11:49:19.0659 3884 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:49:19.0753 3884 RasAgileVpn - ok
11:49:20.0237 3884 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:49:20.0283 3884 Rasl2tp - ok
11:49:20.0861 3884 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:49:20.0923 3884 RasPppoe - ok
11:49:21.0001 3884 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:49:21.0063 3884 RasSstp - ok
11:49:21.0110 3884 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
11:49:21.0141 3884 rdbss - ok
11:49:21.0687 3884 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:49:21.0734 3884 rdpbus - ok
11:49:21.0906 3884 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:49:21.0968 3884 RDPCDD - ok
11:49:22.0015 3884 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
11:49:22.0015 3884 RDPDR - ok
11:49:22.0686 3884 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:49:22.0748 3884 RDPENCDD - ok
11:49:22.0951 3884 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:49:23.0013 3884 RDPREFMP - ok
11:49:23.0045 3884 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
11:49:23.0107 3884 RDPWD - ok
11:49:23.0622 3884 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
11:49:23.0653 3884 rdyboost - ok
11:49:24.0246 3884 RSPCIESTOR (546d7f426776090b90ef5f195b6ae662) C:\Windows\system32\DRIVERS\RtsPStor.sys
11:49:24.0277 3884 RSPCIESTOR - ok
11:49:24.0495 3884 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:49:24.0558 3884 rspndr - ok
11:49:25.0151 3884 RTL8169 (e3aa12faa3192d1090b9069c3925373b) C:\Windows\system32\DRIVERS\Rtlh64.sys
11:49:25.0182 3884 RTL8169 - ok
11:49:25.0260 3884 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
11:49:25.0275 3884 s3cap - ok
11:49:25.0665 3884 SASDIFSV - ok
11:49:25.0712 3884 SASKUTIL - ok
11:49:26.0352 3884 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
11:49:26.0367 3884 sbp2port - ok
11:49:26.0851 3884 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
11:49:26.0898 3884 scfilter - ok
11:49:26.0976 3884 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:49:27.0023 3884 secdrv - ok
11:49:27.0069 3884 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:49:27.0085 3884 Serenum - ok
11:49:27.0147 3884 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:49:27.0179 3884 Serial - ok
11:49:27.0366 3884 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:49:27.0397 3884 sermouse - ok
11:49:28.0177 3884 SFEP (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\DRIVERS\SFEP.sys
11:49:28.0224 3884 SFEP - ok
11:49:28.0707 3884 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
11:49:28.0723 3884 sffdisk - ok
11:49:29.0394 3884 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
11:49:29.0409 3884 sffp_mmc - ok
11:49:29.0971 3884 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
11:49:29.0987 3884 sffp_sd - ok
11:49:30.0096 3884 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:49:30.0111 3884 sfloppy - ok
11:49:30.0704 3884 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:49:30.0720 3884 SiSRaid2 - ok
11:49:30.0845 3884 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:49:30.0876 3884 SiSRaid4 - ok
11:49:30.0954 3884 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:49:31.0047 3884 Smb - ok
11:49:31.0874 3884 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:49:31.0905 3884 spldr - ok
11:49:32.0498 3884 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
11:49:32.0576 3884 srv - ok
11:49:33.0341 3884 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
11:49:33.0372 3884 srv2 - ok
11:49:34.0089 3884 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
11:49:34.0121 3884 srvnet - ok
11:49:34.0682 3884 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:49:34.0698 3884 stexstor - ok
11:49:35.0306 3884 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
11:49:35.0322 3884 storflt - ok
11:49:35.0478 3884 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
11:49:35.0493 3884 storvsc - ok
11:49:35.0525 3884 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
11:49:35.0540 3884 swenum - ok
11:49:36.0273 3884 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
11:49:36.0305 3884 Tcpip - ok
11:49:37.0007 3884 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
11:49:37.0069 3884 TCPIP6 - ok
11:49:37.0553 3884 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
11:49:37.0631 3884 tcpipreg - ok
11:49:38.0348 3884 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:49:38.0411 3884 TDPIPE - ok
11:49:38.0426 3884 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
11:49:38.0457 3884 TDTCP - ok
11:49:38.0473 3884 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
11:49:38.0520 3884 tdx - ok
11:49:38.0551 3884 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
11:49:38.0551 3884 TermDD - ok
11:49:38.0598 3884 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:49:38.0629 3884 tssecsrv - ok
11:49:38.0691 3884 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
11:49:38.0754 3884 tunnel - ok
11:49:38.0769 3884 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:49:38.0769 3884 uagp35 - ok
11:49:38.0832 3884 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
11:49:38.0879 3884 udfs - ok
11:49:38.0894 3884 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
11:49:38.0910 3884 uliagpkx - ok
11:49:38.0925 3884 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
11:49:38.0925 3884 umbus - ok
11:49:38.0957 3884 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:49:38.0957 3884 UmPass - ok
11:49:39.0003 3884 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
11:49:39.0066 3884 usbccgp - ok
11:49:39.0097 3884 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
11:49:39.0144 3884 usbcir - ok
11:49:39.0159 3884 usbehci (df9f9afc9aaabd8ed47975d44e38169a) C:\Windows\system32\DRIVERS\usbehci.sys
11:49:39.0175 3884 usbehci - ok
11:49:39.0237 3884 usbhub (372a91bc3c6603080a793880b0873785) C:\Windows\system32\DRIVERS\usbhub.sys
11:49:39.0269 3884 usbhub - ok
11:49:39.0284 3884 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:49:39.0300 3884 usbohci - ok
11:49:39.0331 3884 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:49:39.0347 3884 usbprint - ok
11:49:39.0362 3884 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:49:39.0378 3884 USBSTOR - ok
11:49:39.0393 3884 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:49:39.0409 3884 usbuhci - ok
11:49:39.0503 3884 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
11:49:39.0534 3884 usbvideo - ok
11:49:40.0189 3884 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
11:49:40.0205 3884 vdrvroot - ok
11:49:40.0423 3884 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:49:40.0454 3884 vga - ok
11:49:40.0485 3884 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:49:40.0548 3884 VgaSave - ok
11:49:40.0563 3884 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
11:49:40.0579 3884 vhdmp - ok
11:49:40.0595 3884 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
11:49:40.0595 3884 viaide - ok
11:49:40.0641 3884 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
11:49:40.0641 3884 vmbus - ok
11:49:40.0673 3884 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
11:49:40.0673 3884 VMBusHID - ok
11:49:40.0704 3884 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
11:49:40.0719 3884 volmgr - ok
11:49:40.0751 3884 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
11:49:40.0766 3884 volmgrx - ok
11:49:40.0797 3884 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
11:49:40.0829 3884 volsnap - ok
11:49:41.0468 3884 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:49:41.0484 3884 vsmraid - ok
11:49:41.0671 3884 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:49:41.0702 3884 vwifibus - ok
11:49:42.0170 3884 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:49:42.0186 3884 vwififlt - ok
11:49:42.0373 3884 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:49:42.0420 3884 WacomPen - ok
11:49:42.0919 3884 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:49:42.0981 3884 WANARP - ok
11:49:43.0013 3884 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
11:49:43.0075 3884 Wanarpv6 - ok
11:49:43.0590 3884 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:49:43.0621 3884 Wd - ok
11:49:43.0699 3884 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:49:43.0730 3884 Wdf01000 - ok
11:49:44.0370 3884 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:49:44.0417 3884 WfpLwf - ok
11:49:44.0604 3884 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:49:44.0619 3884 WIMMount - ok
11:49:44.0697 3884 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:49:44.0697 3884 WmiAcpi - ok
11:49:44.0791 3884 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:49:44.0853 3884 ws2ifsl - ok
11:49:45.0087 3884 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
11:49:45.0150 3884 WudfPf - ok
11:49:45.0384 3884 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:49:45.0446 3884 WUDFRd - ok
11:49:45.0493 3884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:49:45.0665 3884 \Device\Harddisk0\DR0 - ok
11:49:45.0680 3884 Boot (0x1200) (a3190bbc06db17dacff680af7f8a1e96) \Device\Harddisk0\DR0\Partition0
11:49:45.0680 3884 \Device\Harddisk0\DR0\Partition0 - ok
11:49:45.0711 3884 Boot (0x1200) (e4b4ba8b4b79d3a8a06b890ff3344ed2) \Device\Harddisk0\DR0\Partition1
11:49:45.0727 3884 \Device\Harddisk0\DR0\Partition1 - ok
11:49:45.0743 3884 Boot (0x1200) (016ce0db3c156448a6c8a59cefc1d1d8) \Device\Harddisk0\DR0\Partition2
11:49:45.0743 3884 \Device\Harddisk0\DR0\Partition2 - ok
11:49:45.0743 3884 ============================================================
11:49:45.0743 3884 Scan finished
11:49:45.0743 3884 ============================================================
11:49:45.0774 3876 Detected object count: 2
11:49:45.0774 3876 Actual detected object count: 2
11:49:52.0061 3876 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:52.0061 3876 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:49:52.0061 3876 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
11:49:52.0061 3876 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

For CMD both drives when I delete say it couldn't find it, but when I do a mkdir it says "A subdirectory or file autorun.inf already exists." The ddeodp.exe and gtoyjy.exe aren't found nor is the *.exe, but the amsint32 is now disabled.

Should I leave my flash drive unplugged?

Avast

1505 Files found...

OTL

OTL logfile created on: 3/10/2012 4:27:48 PM - Run 3
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 59.23% Memory free
7.90 Gb Paging File | 6.18 Gb Available in Paging File | 78.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 398.95 Gb Total Space | 346.48 Gb Free Space | 86.85% Space Free | Partition Type: NTFS
Drive D: | 7.43 Gb Total Space | 6.74 Gb Free Space | 90.64% Space Free | Partition Type: FAT32
Drive E: | 197.12 Gb Total Space | 30.62 Gb Free Space | 15.54% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/10 08:05:37 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2012/03/06 16:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/05 16:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/03/08 23:00:52 | 000,398,848 | ---- | M] () -- E:\X-Chat 2\xchat.exe


========== Modules (No Company Name) ==========

MOD - [2009/03/08 23:00:52 | 000,398,848 | ---- | M] () -- E:\X-Chat 2\xchat.exe
MOD - [2009/01/10 21:19:50 | 000,447,410 | ---- | M] () -- E:\X-Chat 2\lib\libgio-2.0-0.dll
MOD - [2009/01/09 01:13:30 | 000,202,923 | ---- | M] () -- E:\X-Chat 2\lib\libpng12-0.dll
MOD - [2009/01/09 00:18:22 | 000,088,105 | ---- | M] () -- E:\X-Chat 2\lib\gtk-2.0\2.10.0\engines\libwimp.dll
MOD - [2009/01/02 08:47:34 | 000,794,572 | ---- | M] () -- E:\X-Chat 2\lib\libcairo-2.dll
MOD - [2008/11/04 20:54:56 | 000,077,792 | ---- | M] () -- E:\X-Chat 2\lib\libpangocairo-1.0-0.dll
MOD - [2008/01/21 15:30:42 | 000,164,869 | ---- | M] () -- E:\X-Chat 2\lib\gtk-2.0\2.10.0\engines\libclearlooks.dll
MOD - [2007/03/18 21:30:44 | 000,007,680 | ---- | M] () -- E:\X-Chat 2\plugins\xcdns.dll
MOD - [2007/03/18 21:30:44 | 000,005,632 | ---- | M] () -- E:\X-Chat 2\plugins\xcwinamp.dll
MOD - [2007/03/18 21:30:44 | 000,005,632 | ---- | M] () -- E:\X-Chat 2\plugins\xcexec.dll
MOD - [2004/10/05 13:08:00 | 000,055,808 | ---- | M] () -- E:\X-Chat 2\lib\zlib1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/06 16:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) Intel®
SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/05 16:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/06 16:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/03/06 16:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/03/06 16:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/03/06 16:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/03/06 16:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/03/06 16:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/04/26 02:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/03/23 14:13:26 | 000,316,024 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/02/22 10:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2011/02/17 16:42:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb) Intel® Centrino®
DRV:64bit: - [2011/02/15 02:37:10 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/01/04 15:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/08/31 05:07:05 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/08/03 05:35:54 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7A C0 53 F1 C4 FE CC 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{00DF1A2E-2316-40AF-9A33-2FA0B4CE9FFC}: "URL" = http://websearch.ask...DF-6D64B4ABB6CE
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 13.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012/03/10 13:40:08 | 000,000,000 | ---D | M]
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 13.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/03/10 13:38:49 | 000,000,000 | ---D | M]

[2012/03/09 16:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Extensions
[2012/03/09 16:46:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2012/03/09 16:43:19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/03/09 16:46:24 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\kmeepv8f.default\extensions\[email protected]
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMEEPV8F.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KMEEPV8F.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/03/10 13:32:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADDFF3B6-4B19-48DF-8AED-F75A855BDED3}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/10 08:23:36 | 000,000,016 | ---- | M] () - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)




ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/10 13:40:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/03/10 13:40:43 | 000,337,240 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/10 13:40:43 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/03/10 13:40:38 | 000,059,224 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/10 13:40:38 | 000,053,080 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/10 13:40:36 | 000,819,032 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/10 13:40:29 | 000,069,976 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/10 13:40:28 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/10 13:38:36 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/10 13:38:36 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/10 13:38:24 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/03/10 13:38:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/03/10 13:36:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/10 13:32:31 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/10 13:25:34 | 004,432,970 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/03/10 11:30:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/10 11:30:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/10 11:30:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/10 11:30:32 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/10 11:30:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/10 11:24:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/10 10:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/03/10 09:58:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2012/03/10 09:58:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2012/03/10 09:18:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012/03/10 09:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrium
[2012/03/10 09:12:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Macrium
[2012/03/10 08:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UBCD4Win
[2012/03/10 08:55:36 | 000,000,000 | ---D | C] -- C:\UBCD4Win
[2012/03/10 08:49:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/10 08:49:38 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/10 08:49:38 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/10 08:49:38 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/10 08:49:38 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/10 08:49:38 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/10 08:49:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/10 08:49:37 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/10 08:49:37 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/10 08:49:37 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/10 08:49:37 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/10 08:49:37 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/10 08:49:37 | 000,697,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/10 08:49:37 | 000,603,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/10 08:49:37 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/10 08:49:37 | 000,452,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/10 08:49:37 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/10 08:49:37 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/10 08:49:37 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/10 08:49:37 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/10 08:49:37 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/10 08:49:37 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/10 08:49:37 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/10 08:49:37 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/10 08:49:37 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/10 08:49:37 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/10 08:49:37 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/10 08:49:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/10 08:49:37 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/10 08:49:37 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/10 08:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/10 08:49:37 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/10 08:49:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/10 08:49:37 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/10 08:49:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/10 08:49:37 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/10 08:49:37 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/10 08:49:37 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/10 08:49:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/10 08:49:37 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/10 08:49:37 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/10 08:49:37 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/10 08:49:37 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/10 08:49:37 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/10 08:49:37 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/10 08:49:37 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/10 08:49:37 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/10 08:49:37 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/10 08:49:37 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/10 08:49:37 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/10 08:49:37 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/10 08:49:37 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/10 08:49:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/10 08:49:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/10 08:49:37 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/10 08:49:37 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/10 08:49:37 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/10 08:49:37 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/10 08:49:37 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/10 08:49:37 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/10 08:49:37 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/10 08:49:37 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/10 08:49:37 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/10 08:49:37 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/10 08:49:37 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/10 08:49:37 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/10 08:49:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/10 08:37:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2012/03/10 08:35:53 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/03/10 08:35:53 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/03/10 08:35:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/03/10 08:35:52 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/03/10 08:35:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/03/10 08:35:52 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/03/10 08:35:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/03/10 08:35:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/03/10 08:35:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/03/10 08:35:52 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/03/10 08:35:52 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/03/10 08:35:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/10 08:35:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/03/10 08:35:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/03/10 08:35:51 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/03/10 08:35:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/03/10 08:35:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/03/10 08:35:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/03/10 08:35:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/03/10 08:35:45 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/03/10 08:35:44 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/03/10 08:35:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/03/10 08:35:43 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/03/10 08:35:43 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/03/10 08:35:43 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/03/10 08:35:43 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/03/10 08:35:38 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/03/10 08:35:38 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/03/10 08:35:38 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/03/10 08:35:37 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/03/10 08:35:35 | 001,069,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/03/10 08:35:35 | 000,127,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2012/03/10 08:35:34 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
[2012/03/10 08:35:19 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/03/10 08:35:19 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/03/10 08:35:19 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/03/10 08:35:19 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/03/10 08:35:19 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/03/10 08:35:19 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/03/10 08:35:19 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/03/10 08:35:15 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/03/10 08:35:15 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/10 08:35:15 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/03/10 08:35:14 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2012/03/10 08:35:14 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2012/03/10 08:35:14 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2012/03/10 08:35:13 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2012/03/10 08:35:13 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2012/03/10 08:35:13 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2012/03/10 08:35:12 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2012/03/10 08:35:12 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2012/03/10 08:35:12 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2012/03/10 08:35:12 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2012/03/10 08:35:12 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2012/03/10 08:35:12 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2012/03/10 08:35:12 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2012/03/10 08:34:42 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/03/10 08:34:42 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/03/10 08:34:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/03/10 08:34:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/03/10 08:34:30 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/03/10 08:34:30 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/03/10 08:34:29 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/03/10 08:34:29 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/03/10 08:34:27 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/03/10 08:34:27 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/03/10 08:34:22 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/03/10 08:34:22 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/03/10 08:34:21 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/03/10 08:34:21 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/03/10 08:34:19 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/03/10 08:34:19 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/03/10 08:34:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/03/10 08:34:18 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/03/10 08:34:18 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/03/10 08:34:18 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/03/10 08:34:18 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/03/10 08:34:13 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/03/10 08:34:13 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/03/10 08:34:11 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/03/10 08:34:08 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/03/10 08:31:41 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/03/10 08:31:41 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/03/10 08:31:40 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/03/10 08:31:40 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/03/10 08:31:40 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/03/10 08:31:40 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/03/10 08:31:39 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/03/10 08:31:38 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/03/10 08:31:38 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/03/10 08:31:38 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/03/10 08:31:38 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/03/10 08:31:38 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/03/10 08:31:38 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012/03/10 08:31:38 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012/03/10 08:31:24 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/03/10 08:31:24 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/03/10 08:31:24 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/03/10 08:31:24 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/03/10 08:31:24 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/03/10 08:31:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/03/10 08:30:48 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Safer Networking
[2012/03/10 08:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Universal Extractor
[2012/03/10 08:30:16 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/03/10 08:30:16 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/03/10 08:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Universal Extractor
[2012/03/10 08:29:57 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/03/10 08:29:57 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/03/10 08:29:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/03/10 08:29:57 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/03/10 08:29:57 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/03/10 08:29:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/03/10 08:29:57 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/03/10 08:29:57 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/03/10 08:29:57 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/03/10 08:28:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/03/10 08:28:31 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/03/10 08:28:01 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/03/10 08:28:00 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/03/10 08:27:48 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/03/10 08:25:37 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/03/10 08:25:01 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/03/10 08:25:00 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/03/10 08:24:49 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/03/10 08:24:49 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/03/10 08:24:47 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/03/10 08:24:45 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/03/10 08:24:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/03/10 08:24:18 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/03/10 08:24:17 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/03/10 08:24:13 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/03/10 08:24:13 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/03/10 08:24:13 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/03/10 08:24:13 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/03/10 08:24:13 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/03/10 08:24:12 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/03/10 08:24:12 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/03/10 08:24:12 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/03/10 08:24:12 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/03/10 08:24:12 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/03/10 08:23:57 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/03/10 08:23:55 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/03/10 08:23:54 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/03/10 08:23:50 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/10 08:23:49 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/10 08:23:49 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/10 08:09:33 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/10 08:09:33 | 000,191,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/10 08:09:33 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/10 08:09:33 | 000,172,320 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/10 08:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/10 08:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/03/10 08:03:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/10 08:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
[2012/03/10 08:02:44 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/10 08:02:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/10 08:02:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/10 08:02:44 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/10 08:02:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/03/10 07:06:02 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012/03/10 07:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/10 06:39:57 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/03/10 06:39:56 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/03/10 06:39:56 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/03/10 06:39:56 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/03/10 06:39:56 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/03/10 06:39:56 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/03/10 06:39:56 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/03/10 06:39:56 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/03/10 06:39:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/03/10 06:39:56 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/03/10 06:39:56 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/03/10 06:39:56 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/03/10 06:39:56 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/03/10 06:39:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/03/10 06:39:52 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/03/10 06:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2012/03/10 06:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
[2012/03/10 06:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileASSASSIN
[2012/03/09 23:28:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\DoctorWeb
[2012/03/09 23:07:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\NeoSmart_Technologies
[2012/03/09 23:03:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATViewer
[2012/03/09 22:52:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012/03/09 22:52:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012/03/09 22:48:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WindowsUpdate
[2012/03/09 22:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/09 21:53:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/09 21:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/03/09 21:47:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2012/03/09 20:57:34 | 000,000,000 | ---D | C] -- C:\SPLASH.000
[2012/03/09 20:57:15 | 000,000,000 | ---D | C] -- C:\SPLASH.SYS
[2012/03/09 20:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2012/03/09 20:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2012/03/09 20:44:41 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint
[2012/03/09 20:44:34 | 001,721,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoinstaller01009.dll
[2012/03/09 20:44:34 | 000,316,024 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\SysNative\drivers\Apfiltr.sys
[2012/03/09 20:44:34 | 000,107,376 | ---- | C] (Alps Electric Co., Ltd.) -- C:\Windows\SysNative\Vxdif.dll
[2012/03/09 20:12:31 | 000,557,848 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2012/03/09 20:12:12 | 000,404,584 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2012/03/09 20:12:11 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2012/03/09 20:11:58 | 000,317,440 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\drivers\IntcDAud.sys
[2012/03/09 20:11:56 | 000,014,848 | ---- | C] (Intel® Corporation) -- C:\Windows\SysNative\IntcDAuC.dll
[2012/03/09 20:11:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/03/09 20:11:22 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/09 20:10:58 | 009,007,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/03/09 20:10:58 | 000,430,080 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/03/09 20:10:58 | 000,386,048 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/03/09 20:10:58 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2401.dll
[2012/03/09 20:10:58 | 000,063,488 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/03/09 20:10:57 | 000,577,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2012/03/09 20:10:56 | 009,605,632 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/03/09 20:10:54 | 000,110,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/03/09 20:09:49 | 000,335,464 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtsPStor.sys
[2012/03/09 20:09:48 | 009,888,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysWow64\RtsPStorIcon.dll
[2012/03/09 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2012/03/09 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/03/09 19:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012/03/09 19:52:04 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/03/09 19:51:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012/03/09 19:38:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
[2012/03/09 19:38:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskCheckup
[2012/03/09 19:22:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Brhs
[2012/03/09 19:22:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\School
[2012/03/09 19:01:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Roadran322
[2012/03/09 19:00:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\New folder (2)
[2012/03/09 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\X-Chat 2
[2012/03/09 17:09:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Downloads
[2012/03/09 17:09:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\X-Chat 2
[2012/03/09 17:09:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\X-Chat 2
[2012/03/09 17:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition
[2012/03/09 17:02:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/03/09 17:02:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/03/09 17:01:40 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/09 17:01:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012/03/09 17:01:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/09 16:52:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\WBFSManager
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\WBFS Manager Covers
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WBFS Manager
[2012/03/09 16:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\WBFS
[2012/03/09 16:51:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/03/09 16:49:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
[2012/03/09 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/03/09 16:41:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Mozilla
[2012/03/09 16:41:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nightly
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012/03/09 16:40:12 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/09 16:40:12 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/09 16:40:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/03/09 16:40:09 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012/03/09 16:39:35 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012/03/09 16:39:35 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Templates
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Start Menu
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\PrintHood
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\NetHood
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Videos
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Pictures
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\My Music
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\My Documents
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Local Settings
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\History
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Application Data
[2012/03/09 16:39:35 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Application Data
[2012/03/09 16:39:35 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Temp
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012/03/09 16:39:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/03/09 15:36:10 | 000,000,000 | ---D | C] -- C:\Recovery
[2012/03/09 15:33:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/03/09 15:31:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/03/09 15:30:40 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/03/09 15:25:13 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012/02/14 18:55:04 | 000,276,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2012/02/14 18:55:02 | 005,886,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/02/14 18:55:02 | 000,511,768 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/02/14 18:55:02 | 000,440,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/02/14 18:55:02 | 000,398,616 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/02/14 18:55:02 | 000,250,136 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/02/14 18:55:02 | 000,184,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2012/02/14 18:55:02 | 000,170,264 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/02/14 18:53:26 | 000,090,112 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2653.dll
[2012/02/14 18:47:40 | 008,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/02/14 18:47:38 | 014,692,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/02/14 18:44:54 | 006,120,960 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/02/14 18:35:26 | 007,794,688 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/02/14 17:57:52 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/02/14 17:57:52 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/02/14 17:57:52 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/02/14 17:57:52 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/02/14 17:57:52 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/02/14 17:57:50 | 000,439,296 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/02/14 17:57:50 | 000,432,128 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/02/14 17:57:50 | 000,430,592 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/02/14 17:57:48 | 000,440,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/02/14 17:57:48 | 000,439,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/02/14 17:57:48 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/02/14 17:57:48 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/02/14 17:57:46 | 000,438,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/02/14 17:57:46 | 000,438,272 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/02/14 17:57:46 | 000,437,248 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/02/14 17:57:46 | 000,429,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/02/14 17:57:46 | 000,428,544 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/02/14 17:57:44 | 000,435,712 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/02/14 17:57:42 | 000,126,976 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/02/14 17:57:18 | 000,410,624 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/02/14 17:57:14 | 000,028,672 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/02/14 17:56:34 | 000,172,032 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/02/14 17:56:06 | 000,286,208 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/02/14 17:56:04 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/02/14 17:55:06 | 000,025,088 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/02/14 17:54:36 | 000,321,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/02/14 17:53:08 | 002,967,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012/02/14 17:53:08 | 002,321,408 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll
[2012/02/14 17:53:08 | 000,524,800 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/02/14 17:53:08 | 000,519,680 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/02/14 17:53:08 | 000,237,056 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/02/14 17:53:08 | 000,213,504 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/02/14 17:53:08 | 000,193,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/02/14 17:53:08 | 000,177,152 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll

========== Files - Modified Within 30 Days ==========

[2012/03/10 15:54:37 | 000,009,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 15:54:37 | 000,009,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/10 15:29:15 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/10 15:29:15 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/10 15:29:15 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/10 15:21:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/10 13:44:54 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/10 13:40:44 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/10 13:40:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/03/10 13:32:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/10 13:24:14 | 329,955,452 | -H-- | M] () -- C:\Users\Administrator\Desktop\liveboot_full823.iso.~P2S
[2012/03/10 11:57:51 | 000,040,425 | ---- | M] () -- C:\Users\Administrator\Desktop\Document.rtf
[2012/03/10 11:50:07 | 000,044,195 | ---- | M] () -- C:\Users\Administrator\Desktop\TDSS Killer.rtf
[2012/03/10 10:52:23 | 676,069,376 | ---- | M] () -- C:\Users\Administrator\Desktop\UBCD4WinBuilder.iso
[2012/03/10 10:02:40 | 000,001,437 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/10 10:00:27 | 000,275,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 09:42:31 | 000,047,596 | ---- | M] () -- C:\Users\Administrator\Desktop\ntdetect.com
[2012/03/10 08:59:12 | 000,001,325 | ---- | M] () -- C:\Users\Public\Desktop\UBCD4Win.lnk
[2012/03/10 08:49:38 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/03/10 08:49:38 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2012/03/10 08:49:38 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2012/03/10 08:49:38 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2012/03/10 08:49:38 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2012/03/10 08:49:38 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2012/03/10 08:49:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2012/03/10 08:49:37 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2012/03/10 08:49:37 | 002,308,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/03/10 08:49:37 | 001,493,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/03/10 08:49:37 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/03/10 08:49:37 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/03/10 08:49:37 | 000,697,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/03/10 08:49:37 | 000,603,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/03/10 08:49:37 | 000,534,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2012/03/10 08:49:37 | 000,452,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2012/03/10 08:49:37 | 000,448,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2012/03/10 08:49:37 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2012/03/10 08:49:37 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2012/03/10 08:49:37 | 000,282,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2012/03/10 08:49:37 | 000,267,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2012/03/10 08:49:37 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/03/10 08:49:37 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/03/10 08:49:37 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/03/10 08:49:37 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2012/03/10 08:49:37 | 000,222,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2012/03/10 08:49:37 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2012/03/10 08:49:37 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/03/10 08:49:37 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/03/10 08:49:37 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2012/03/10 08:49:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2012/03/10 08:49:37 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2012/03/10 08:49:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2012/03/10 08:49:37 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2012/03/10 08:49:37 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2012/03/10 08:49:37 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2012/03/10 08:49:37 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2012/03/10 08:49:37 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2012/03/10 08:49:37 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/03/10 08:49:37 | 000,135,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2012/03/10 08:49:37 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2012/03/10 08:49:37 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2012/03/10 08:49:37 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2012/03/10 08:49:37 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2012/03/10 08:49:37 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2012/03/10 08:49:37 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2012/03/10 08:49:37 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/03/10 08:49:37 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2012/03/10 08:49:37 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2012/03/10 08:49:37 | 000,085,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2012/03/10 08:49:37 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2012/03/10 08:49:37 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2012/03/10 08:49:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2012/03/10 08:49:37 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2012/03/10 08:49:37 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2012/03/10 08:49:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/03/10 08:49:37 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2012/03/10 08:49:37 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2012/03/10 08:49:37 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2012/03/10 08:49:37 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2012/03/10 08:49:37 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2012/03/10 08:49:37 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2012/03/10 08:49:37 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2012/03/10 08:49:37 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2012/03/10 08:49:37 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2012/03/10 08:49:37 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2012/03/10 08:49:37 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2012/03/10 08:49:37 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2012/03/10 08:40:01 | 000,001,664 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[2012/03/10 08:34:51 | 001,069,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSCOMCTL.OCX
[2012/03/10 08:34:51 | 000,127,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MSWINSCK.OCX
[2012/03/10 08:34:50 | 000,010,752 | ---- | M] (Almeida & Andrade Ltda) -- C:\Windows\SysWow64\aamd532.dll
[2012/03/10 08:09:30 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2012/03/10 08:09:30 | 000,191,264 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2012/03/10 08:09:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2012/03/10 08:09:30 | 000,172,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2012/03/10 08:02:41 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/10 08:02:41 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/10 08:02:41 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/10 08:02:41 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/10 07:43:44 | 004,432,970 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012/03/10 07:03:09 | 000,000,563 | ---- | M] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2012/03/10 06:09:55 | 000,001,322 | ---- | M] () -- C:\Document.rtf
[2012/03/09 21:44:31 | 000,001,539 | ---- | M] () -- C:\Users\Administrator\Desktop\Xana3D.jpg
[2012/03/09 20:57:34 | 000,000,086 | -H-- | M] () -- C:\splash.idx
[2012/03/09 20:44:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/03/09 19:09:50 | 000,001,026 | ---- | M] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/03/09 17:49:49 | 000,001,713 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2012/03/09 17:01:40 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/03/09 16:20:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bpusb_01007.Wdf
[2012/03/09 15:36:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/09 15:34:37 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/03/09 15:34:37 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/03/08 16:51:50 | 002,469,760 | ---- | M] () -- C:\Windows\SysWow64\BootMan.exe
[2012/03/08 16:51:40 | 003,321,728 | ---- | M] () -- C:\Windows\SysNative\BootMan.exe
[2012/03/06 16:15:19 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/03/06 16:15:14 | 000,201,352 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/03/06 16:15:03 | 000,258,520 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/03/06 16:04:06 | 000,819,032 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/03/06 16:04:04 | 000,337,240 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/03/06 16:02:20 | 000,053,080 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/03/06 16:01:57 | 000,059,224 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/03/06 16:01:52 | 000,069,976 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/03/06 16:01:32 | 000,024,408 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/02/14 21:35:16 | 000,018,520 | ---- | M] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/02/14 18:55:04 | 000,276,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\IntelCpHeciSvc.exe
[2012/02/14 18:55:02 | 005,886,232 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2012/02/14 18:55:02 | 000,511,768 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2012/02/14 18:55:02 | 000,440,600 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2012/02/14 18:55:02 | 000,398,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2012/02/14 18:55:02 | 000,250,136 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2012/02/14 18:55:02 | 000,184,600 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2012/02/14 18:55:02 | 000,170,264 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2012/02/14 18:53:26 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxCoIn_v2653.dll
[2012/02/14 18:47:40 | 008,086,528 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2012/02/14 18:47:38 | 014,692,224 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2012/02/14 18:47:06 | 000,963,912 | ---- | M] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,963,912 | ---- | M] () -- C:\Windows\SysNative\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | M] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | M] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/02/14 18:47:06 | 000,079,360 | ---- | M] () -- C:\Windows\SysNative\igdde64.dll
[2012/02/14 18:44:54 | 006,120,960 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igdumd32.dll
[2012/02/14 18:44:24 | 000,058,880 | ---- | M] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 18:42:58 | 009,605,632 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2012/02/14 18:35:26 | 007,794,688 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2012/02/14 18:07:18 | 018,125,312 | ---- | M] () -- C:\Windows\SysNative\ig4icd64.dll
[2012/02/14 17:59:56 | 013,209,600 | ---- | M] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/14 17:58:08 | 000,144,338 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/02/14 17:58:08 | 000,139,487 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/02/14 17:58:06 | 000,221,099 | ---- | M] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/02/14 17:58:06 | 000,143,155 | ---- | M] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/02/14 17:58:06 | 000,124,962 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/02/14 17:58:06 | 000,123,467 | ---- | M] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/02/14 17:58:04 | 000,191,775 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/02/14 17:58:04 | 000,141,435 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/02/14 17:58:04 | 000,140,122 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/02/14 17:58:04 | 000,136,451 | ---- | M] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/02/14 17:58:02 | 000,142,664 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/02/14 17:58:02 | 000,141,644 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/02/14 17:58:02 | 000,140,923 | ---- | M] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/02/14 17:58:00 | 000,161,613 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/02/14 17:58:00 | 000,146,675 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/02/14 17:58:00 | 000,142,335 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/02/14 17:58:00 | 000,136,369 | ---- | M] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/02/14 17:57:58 | 000,157,226 | ---- | M] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/02/14 17:57:58 | 000,148,033 | ---- | M] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/02/14 17:57:58 | 000,143,805 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/02/14 17:57:58 | 000,142,189 | ---- | M] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/02/14 17:57:56 | 000,207,830 | ---- | M] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/02/14 17:57:56 | 000,145,687 | ---- | M] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/02/14 17:57:56 | 000,145,579 | ---- | M] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/02/14 17:57:56 | 000,140,549 | ---- | M] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/02/14 17:57:54 | 000,164,334 | ---- | M] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/02/14 17:57:54 | 000,140,885 | ---- | M] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/02/14 17:57:54 | 000,135,868 | ---- | M] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/02/14 17:57:52 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2012/02/14 17:57:52 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrom.lrc
[2012/02/14 17:57:52 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhrv.lrc
[2012/02/14 17:57:52 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2012/02/14 17:57:52 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2012/02/14 17:57:52 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2012/02/14 17:57:50 | 000,439,296 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2012/02/14 17:57:50 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2012/02/14 17:57:50 | 000,437,760 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2012/02/14 17:57:50 | 000,432,128 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2012/02/14 17:57:50 | 000,430,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2012/02/14 17:57:48 | 000,440,320 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2012/02/14 17:57:48 | 000,439,808 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2012/02/14 17:57:48 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2012/02/14 17:57:48 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2012/02/14 17:57:48 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2012/02/14 17:57:46 | 000,438,784 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2012/02/14 17:57:46 | 000,438,272 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2012/02/14 17:57:46 | 000,437,248 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2012/02/14 17:57:46 | 000,429,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2012/02/14 17:57:46 | 000,428,544 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2012/02/14 17:57:44 | 000,435,712 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2012/02/14 17:57:44 | 000,131,317 | ---- | M] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/02/14 17:57:42 | 000,126,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2012/02/14 17:57:22 | 000,386,048 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2012/02/14 17:57:18 | 000,410,624 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2012/02/14 17:57:14 | 000,028,672 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2012/02/14 17:57:06 | 000,063,488 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2012/02/14 17:56:42 | 000,110,592 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2012/02/14 17:56:34 | 000,430,080 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2012/02/14 17:56:34 | 000,172,032 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2012/02/14 17:56:34 | 000,009,216 | ---- | M] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/02/14 17:56:06 | 000,286,208 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2012/02/14 17:56:04 | 000,142,336 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2012/02/14 17:56:02 | 009,007,616 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2012/02/14 17:55:06 | 000,025,088 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2012/02/14 17:54:36 | 000,321,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2012/02/14 17:53:26 | 000,000,264 | ---- | M] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/02/14 17:53:08 | 002,967,040 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmjit64.dll
[2012/02/14 17:53:08 | 002,321,408 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmjit32.dll
[2012/02/14 17:53:08 | 000,524,800 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2012/02/14 17:53:08 | 000,519,680 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2012/02/14 17:53:08 | 000,237,056 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\igfxcmrt32.dll
[2012/02/14 17:53:08 | 000,213,504 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2012/02/14 17:53:08 | 000,193,024 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\igfxcmrt64.dll
[2012/02/14 17:53:08 | 000,177,152 | ---- | M] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll
[2012/02/14 17:53:08 | 000,059,425 | ---- | M] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/02/14 17:53:08 | 000,059,398 | ---- | M] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/02/14 17:53:08 | 000,059,230 | ---- | M] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/02/14 17:53:08 | 000,059,104 | ---- | M] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012/02/14 17:53:08 | 000,058,796 | ---- | M] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012/02/14 17:53:08 | 000,058,109 | ---- | M] () -- C:\Windows\SysNative\iglhxo64_dev.vp

========== Files Created - No Company Name ==========

[2012/03/10 13:40:44 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/03/10 13:40:28 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/03/10 13:04:35 | 329,955,452 | -H-- | C] () -- C:\Users\Administrator\Desktop\liveboot_full823.iso.~P2S
[2012/03/10 11:57:51 | 000,040,425 | ---- | C] () -- C:\Users\Administrator\Desktop\Document.rtf
[2012/03/10 11:50:07 | 000,044,195 | ---- | C] () -- C:\Users\Administrator\Desktop\TDSS Killer.rtf
[2012/03/10 11:30:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/10 11:30:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/10 11:30:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/10 11:30:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/10 11:30:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/10 11:28:33 | 000,001,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012/03/10 10:51:52 | 676,069,376 | ---- | C] () -- C:\Users\Administrator\Desktop\UBCD4WinBuilder.iso
[2012/03/10 09:42:30 | 000,047,596 | ---- | C] () -- C:\Users\Administrator\Desktop\ntdetect.com
[2012/03/10 08:59:12 | 000,001,325 | ---- | C] () -- C:\Users\Public\Desktop\UBCD4Win.lnk
[2012/03/10 08:49:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/03/10 08:49:37 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/03/10 08:40:01 | 000,001,664 | ---- | C] () -- C:\Windows\SysNative\MRT.INI
[2012/03/10 06:22:37 | 1073,741,824 | ---- | C] () -- C:\Users\Administrator\Desktop\test
[2012/03/10 06:09:55 | 000,001,322 | ---- | C] () -- C:\Document.rtf
[2012/03/09 22:46:25 | 000,001,437 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/09 21:44:31 | 000,001,539 | ---- | C] () -- C:\Users\Administrator\Desktop\Xana3D.jpg
[2012/03/09 20:44:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2012/03/09 20:12:11 | 000,074,272 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/03/09 20:10:54 | 000,094,208 | ---- | C] () -- C:\Windows\SysNative\IccLibDll_x64.dll
[2012/03/09 20:10:50 | 000,001,074 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2012/03/09 20:10:42 | 001,981,696 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2012/03/09 20:10:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/09 20:10:40 | 000,145,804 | ---- | C] () -- C:\Windows\SysNative\igcompkrng600.bin
[2012/03/09 19:52:19 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/09 17:48:59 | 000,001,713 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2012/03/09 17:09:25 | 000,000,563 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\X-Chat 2.lnk
[2012/03/09 17:09:06 | 003,321,728 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2012/03/09 17:09:06 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/03/09 17:09:06 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2012/03/09 17:09:06 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/03/09 17:09:06 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/03/09 17:09:06 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2012/03/09 17:09:06 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2012/03/09 17:09:06 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/03/09 17:09:06 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2012/03/09 17:09:06 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012/03/09 16:41:02 | 000,001,026 | ---- | C] () -- C:\Users\Public\Desktop\Nightly.lnk
[2012/03/09 16:41:02 | 000,000,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nightly.lnk
[2012/03/09 16:40:17 | 000,001,409 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/09 16:40:13 | 000,001,443 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/09 16:39:35 | 000,000,290 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/09 16:39:35 | 000,000,272 | ---- | C] () -- C:\Users\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/09 16:20:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_bpusb_01007.Wdf
[2012/03/09 15:36:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/09 15:34:21 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/09 15:34:05 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/09 15:30:37 | 3180,220,416 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/14 21:35:16 | 000,018,520 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 18:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysNative\igkrng600.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 18:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysNative\igfcg600m.bin
[2012/02/14 18:47:06 | 000,079,360 | ---- | C] () -- C:\Windows\SysNative\igdde64.dll
[2012/02/14 18:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 18:07:18 | 018,125,312 | ---- | C] () -- C:\Windows\SysNative\ig4icd64.dll
[2012/02/14 17:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/14 17:58:08 | 000,144,338 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ro-RO.resources
[2012/02/14 17:58:08 | 000,139,487 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hr-HR.resources
[2012/02/14 17:58:06 | 000,221,099 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2012/02/14 17:58:06 | 000,143,155 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2012/02/14 17:58:06 | 000,124,962 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2012/02/14 17:58:06 | 000,123,467 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2012/02/14 17:58:04 | 000,191,775 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2012/02/14 17:58:04 | 000,141,435 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2012/02/14 17:58:04 | 000,140,122 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2012/02/14 17:58:04 | 000,136,451 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2012/02/14 17:58:02 | 000,142,664 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2012/02/14 17:58:02 | 000,141,644 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2012/02/14 17:58:02 | 000,140,923 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2012/02/14 17:58:00 | 000,161,613 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2012/02/14 17:58:00 | 000,146,675 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2012/02/14 17:58:00 | 000,142,335 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2012/02/14 17:58:00 | 000,136,369 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2012/02/14 17:57:58 | 000,157,226 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2012/02/14 17:57:58 | 000,148,033 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2012/02/14 17:57:58 | 000,143,805 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2012/02/14 17:57:58 | 000,142,189 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2012/02/14 17:57:56 | 000,207,830 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2012/02/14 17:57:56 | 000,145,687 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2012/02/14 17:57:56 | 000,145,579 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2012/02/14 17:57:56 | 000,140,549 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2012/02/14 17:57:54 | 000,164,334 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2012/02/14 17:57:54 | 000,140,885 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2012/02/14 17:57:54 | 000,135,868 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2012/02/14 17:57:44 | 000,131,317 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2012/02/14 17:56:34 | 000,009,216 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2012/02/14 17:53:26 | 000,000,264 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2012/02/14 17:53:08 | 000,059,425 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2012/02/14 17:53:08 | 000,059,398 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2012/02/14 17:53:08 | 000,059,230 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2012/02/14 17:53:08 | 000,059,104 | ---- | C] () -- C:\Windows\SysNative\iglhxc64_dev.vp
[2012/02/14 17:53:08 | 000,058,796 | ---- | C] () -- C:\Windows\SysNative\iglhxg64_dev.vp
[2012/02/14 17:53:08 | 000,058,109 | ---- | C] () -- C:\Windows\SysNative\iglhxo64_dev.vp

========== Custom Scans ==========



========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: WDC WD6400BPVT-55HXZT2 ATA Device
Partitions: 3
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 - Removable Media
Interface type: USB
Media Type: Removable Media
Model: SanDisk Cruzer USB Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 0.00GB
Starting Offset: 1048576
Hidden sectors: 0

DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 197.00GB
Starting Offset: 106930176
Hidden sectors: 0

DeviceID: Disk #0, Partition #2
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 399.00GB
Starting Offset: 211768061952
Hidden sectors: 0

DeviceID: Disk #1, Partition #0
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 7.00GB
Starting Offset: 8225280
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/03/09 19:52:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012/03/09 23:03:07 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATViewer
[2012/03/09 16:40:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012/03/09 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012/03/10 07:06:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009/07/13 23:45:14 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012/03/10 09:18:27 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012/03/09 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2012/03/10 08:30:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Safer Networking
[2012/03/09 21:53:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2012/03/10 11:55:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2012/03/10 08:37:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2012/03/10 13:19:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\X-Chat 2


< MD5 for: ATAPI.SYS >
[2008/04/14 04:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\Users\Administrator\Downloads\Win XP OEM Untouched\Windows XP Professional SP3 (x86) OEM Edition\I386\sp3.cab:atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2008/04/14 04:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2002/10/24 15:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\UBCD4Win\plugin\!Critical\Large IDE-Fix\files\sp2\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011/02/25 22:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/25 21:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\UBCD4Win\BartPE\I386\EXPLORER.EXE
[2009/07/13 17:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/25 21:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/11/11 08:48:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 21:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/24 22:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/25 22:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/11 08:45:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/24 21:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/11 08:48:40 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/11/11 08:45:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/11 08:48:40 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/11/11 08:45:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 17:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/11/11 08:48:40 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/25 22:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/11/11 08:45:47 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 04:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SVCHOST.EXE
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache86\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 17:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\ERDNT\cache64\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 17:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/13 17:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/13 17:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2008/04/14 04:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\USERINIT.EXE

< MD5 for: WINLOGON.EXE >
[2009/07/13 17:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2010/11/11 08:48:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2008/04/14 04:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\UBCD4Win\BartPE\I386\SYSTEM32\WINLOGON.EXE

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Nightly\uninstall\helper.exe" /HideShortcuts [2012/03/10 13:40:02 | 000,872,324 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Nightly\uninstall\helper.exe" /ShowShortcuts [2012/03/10 13:40:02 | 000,872,324 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Nightly\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/03/10 13:40:02 | 000,872,324 | ---- | M] (mozilla.org)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Nightly\firefox.exe [2012/03/10 13:40:06 | 000,906,240 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Nightly\firefox.exe" -preferences [2012/03/10 13:40:06 | 000,906,240 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Nightly\firefox.exe" -safe-mode [2012/03/10 13:40:06 | 000,906,240 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2012/03/10 08:49:37 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES\NIGHTLY\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2012/03/10 13:40:02 | 000,872,324 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES\NIGHTLY\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2012/03/10 13:40:02 | 000,872,324 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES\NIGHTLY\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2012/03/10 13:40:02 | 000,872,324 | ---- | M] (mozilla.org)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\PROGRAM FILES\NIGHTLY\FIREFOX.EXE [2012/03/10 13:40:06 | 000,906,240 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\PROGRAM FILES\NIGHTLY\FIREFOX.EXE" -PREFERENCES [2012/03/10 13:40:06 | 000,906,240 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\PROGRAM FILES\NIGHTLY\FIREFOX.EXE" -SAFE-MODE [2012/03/10 13:40:06 | 000,906,240 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/03/10 08:49:37 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2012/03/10 08:49:38 | 000,748,336 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< End of report >


Extras

OTL Extras logfile created on: 3/10/2012 4:27:48 PM - Run 3
OTL by OldTimer - Version 3.2.36.2 Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 59.23% Memory free
7.90 Gb Paging File | 6.18 Gb Available in Paging File | 78.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 398.95 Gb Total Space | 346.48 Gb Free Space | 86.85% Space Free | Partition Type: NTFS
Drive D: | 7.43 Gb Total Space | 6.74 Gb Free Space | 90.64% Space Free | Partition Type: FAT32
Drive E: | 197.12 Gb Total Space | 30.62 Gb Free Space | 15.54% Space Free | Partition Type: NTFS

Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Nightly\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"ANTIVIRUSDISABLENOTIFY" = 0
"FIREWALLDISABLENOTIFY" = 0
"UPDATESDISABLENOTIFY" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:ipsec
"C:\Users\Administrator\Downloads\aswMBR.exe" = C:\Users\Administrator\Downloads\aswMBR.exe:*:Enabled:ipsec
"C:\Users\Administrator\Downloads\YUMI-0.0.5.0.exe" = C:\Users\Administrator\Downloads\YUMI-0.0.5.0.exe:*:Enabled:ipsec
"C:\Users\ADMINI~1\AppData\Local\Temp\winjfqc.exe" = C:\Users\ADMINI~1\AppData\Local\Temp\winjfqc.exe:*:Enabled:ipsec
"C:\Program Files (x86)\uTorrent\uTorrent.exe" = C:\Program Files (x86)\uTorrent\uTorrent.exe:*:Enabled:ipsec
"C:\Users\Administrator\Downloads\aswMBR.exe" = C:\Users\Administrator\Downloads\aswMBR.exe:*:Enabled:ipsec
"C:\Users\Administrator\Downloads\YUMI-0.0.5.0.exe" = C:\Users\Administrator\Downloads\YUMI-0.0.5.0.exe:*:Enabled:ipsec
"C:\Users\ADMINI~1\AppData\Local\Temp\winjfqc.exe" = C:\Users\ADMINI~1\AppData\Local\Temp\winjfqc.exe:*:Enabled:ipsec


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416031FF}" = Java™ 6 Update 31 (64-bit)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nightly 13.0a1 (x64 en-US)" = Nightly 13.0a1 (x64 en-US)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13EC74A6-4707-4D26-B9B9-E173403F3B08}" = Quick Web Access
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"avast" = avast! Free Antivirus
"DiskCheckup_is1" = DiskCheckup v3.1
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 9.1.0 Home Edition
"FileASSASSIN" = FileASSASSIN
"splashtop" = Quick Web Access
"UBCD4Win_is1" = UBCD4Win 3.60
"Universal Extractor_is1" = Universal Extractor 1.6.1
"WBFS Manager 3.0" = WBFS Manager 3.0
"X-Chat 2_is1" = X-Chat 2.8.6-2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/10/2012 4:15:46 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: VESMgrSub.exe, version: 5.5.0.1140, time
stamp: 0x4d5e44f5 Faulting module name: VESTransform.dll, version: 5.5.0.3040, time
stamp: 0x4d709f4e Exception code: 0xc0000005 Fault offset: 0x000122d0 Faulting process
id: 0x65c Faulting application start time: 0x01ccfefa8fd97748 Faulting application
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe Faulting module
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESTransform.dll Report Id:
d1e00628-6aed-11e1-b91f-78843ce06a81

Error - 3/10/2012 5:32:07 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: VESMgrSub.exe, version: 5.5.0.1140, time
stamp: 0x4d5e44f5 Faulting module name: VESTransform.dll, version: 5.5.0.3040, time
stamp: 0x4d709f4e Exception code: 0xc0000005 Fault offset: 0x000122d0 Faulting process
id: 0x718 Faulting application start time: 0x01ccff053bae7eb9 Faulting application
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe Faulting module
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESTransform.dll Report Id:
7be4e145-6af8-11e1-8534-78843ce06a81

Error - 3/10/2012 7:22:56 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Faulting application name: VESMgrSub.exe, version: 5.5.0.1140, time
stamp: 0x4d5e44f5 Faulting module name: VESTransform.dll, version: 5.5.0.3040, time
stamp: 0x4d709f4e Exception code: 0xc0000005 Fault offset: 0x000122d0 Faulting process
id: 0x668 Faulting application start time: 0x01ccff14b19c7497 Faulting application
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe Faulting module
path: C:\Program Files (x86)\Sony\VAIO Event Service\VESTransform.dll Report Id:
f74f4304-6b07-11e1-88a9-78843ce06a81

Error - 3/10/2012 7:58:26 PM | Computer Name = Home-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\UBCD4Win\BartPE\PROGRAMS\spybot\DelZip179.dll".Error
in manifest or policy file "c:\UBCD4Win\BartPE\PROGRAMS\spybot\DelZip179.dll" on
line 8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 3/10/2012 5:24:23 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 3/10/2012 5:24:23 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
Description = The amsint32 service failed to start due to the following error: %%1275

Error - 3/10/2012 5:26:33 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 3/10/2012 5:26:33 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 3/10/2012 5:28:42 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/10/2012 5:29:55 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 3/10/2012 5:29:55 PM | Computer Name = Home-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 3/10/2012 5:30:26 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/10/2012 5:30:32 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 3/10/2012 5:31:59 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126


< End of report >
  • 0

#6
RKinner
Posted 10 March 2012 - 04:58 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
See if you can find aswboot.txt in C:\ProgramData\Avast Software\Avast\report\aswboot.txt and attach it to your next post.

We are making progress. No new exe files in c:\ but it looks like the qntmon.sys is still trying to load.

You should uninstall your
Universal Extractor 1.6.1 it doesn't look very happy and is creating a bunch of errors. Try 7-zip instead.
http://downloads.sou...p/7z920-x64.msi

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:
Dir  /a  \autorun.inf

(Do you see autorun.inf ?

If so and it is a file try:)

attrib  -r  -h  -s  \autorun.inf

del  \autorun.inf

mkdir  \autorun.inf

If it is a folder or directory then leave it.

(Your D: drive has an autorun.inf file to so let's try to remove it)

d:

attrib  -r  -h  -s  \autorun.inf

del  \autorun.inf

mkdir  \autorun.inf



Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot.
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#7
roadran
Posted 10 March 2012 - 05:07 PM

roadran

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
The only things I can do via the commands that you gave to me for command prompt, the only thing that works was mkdir. Other than the one for the D: Drive

I also see that on my flash drive there is a hidden pxcay.exe

VEW

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 10/03/2012 6:05:07 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/03/2012 1:15:31 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 11/03/2012 1:15:31 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Log: 'System' Date/Time: 10/03/2012 9:31:59 PM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Windows Defender service terminated with the following error: The specified module could not be found.

Log: 'System' Date/Time: 10/03/2012 9:30:32 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 10/03/2012 9:30:26 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 10/03/2012 9:29:55 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 10/03/2012 9:29:55 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 10/03/2012 9:28:42 PM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 10/03/2012 9:26:33 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 10/03/2012 9:26:33 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 10/03/2012 9:24:23 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The amsint32 service failed to start due to the following error: This driver has been blocked from loading

Log: 'System' Date/Time: 10/03/2012 9:24:23 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 10/03/2012 9:24:19 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The amsint32 service failed to start due to the following error: This driver has been blocked from loading

Log: 'System' Date/Time: 10/03/2012 9:24:19 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 10/03/2012 9:19:26 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The amsint32 service failed to start due to the following error: This driver has been blocked from loading

Log: 'System' Date/Time: 10/03/2012 9:19:26 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 10/03/2012 8:57:50 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The amsint32 service failed to start due to the following error: This driver has been blocked from loading

Log: 'System' Date/Time: 10/03/2012 8:57:50 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 10/03/2012 8:57:49 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The amsint32 service failed to start due to the following error: This driver has been blocked from loading

Log: 'System' Date/Time: 10/03/2012 8:57:49 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\Windows\SysWow64\drivers\qntmon.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.

Log: 'System' Date/Time: 11/03/2012 1:02:30 AM
Type: Warning Category: 0
Event: 51 Source: cdrom
An error was detected on device \Device\CdRom0 during a paging operation.


ASWBoot

03/10/2012 13:44
Scan of all local drives

File C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\bin\ConvertFat2NTFS.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\bin\epm0.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\bin\ErrorReport.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\bin\Help.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\bin\Main.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\bin\sm.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\bin\spawn.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\bin\WinChkdsk.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\unins000.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\FileASSASSIN\uninst.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\InstallShield Installation Information\{70991E0A-1108-437E-BA7D-085702C670C0}\setup.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Intel\Intel® Processor Graphics\uninstall\Setup.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\java-rmi.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\java.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\javacpl.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\javaw.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\javaws.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\jbroker.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\jqs.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\jqsnotify.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\keytool.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\kinit.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\klist.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\ktab.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\orbd.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\pack200.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\policytool.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\rmid.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\rmiregistry.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\servertool.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\ssvagent.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\tnameserv.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Java\jre6\bin\unpack200.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\arc.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\AspackDie.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\bin2iso.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\cdirip.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\clit.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\cmdTotal.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\Expander.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\extractMHT.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\i6comp.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\innounp.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\IsXunpack.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\kgb_arch_decompress.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\lzop.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\MsiX.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\NBHextract.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\nrg2iso.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\pea.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\PEiD.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\RAIU.EXE is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\tee.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\trid.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\UHARC04.EXE is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\unlzx.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\UNUHARC06.EXE is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\unzip.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\upx.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\bin\uudeview.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\UniExtract.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\Universal Extractor\unins000.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\X-Chat 2\lib\gdk-pixbuf-query-loaders.exe is infected by Win32:Sality, Moved to chest
File C:\Program Files (x86)\X-Chat 2\lib\gspawn-win32-helper-console.exe is infected by Win32:Sality, Moved to chest
File C:\Qoobox\Quarantine\C\ddeodp.exe.vir is infected by Win32:Sality, Moved to chest
File C:\Qoobox\Quarantine\C\gtoyjy.exe.vir is infected by Win32:Sality, Moved to chest
File C:\Qoobox\Quarantine\C\Users\Public\firefox-13.0a1.en-US.win64-x86_64.installer.exe.vir is infected by Win32:Sality, Moved to chest
File C:\Qoobox\Quarantine\E\av1.zip|>Qoobox\Quarantine\E\vaeu.exe.vir is infected by Win32:Sality, Moved to chest
File C:\Qoobox\Quarantine\E\av1.zip|>Qoobox\Quarantine\E\xjfxf.exe.vir is infected by Win32:Sality, Moved to chest
File C:\Qoobox\Quarantine\E\vaeu.exe.vir is infected by Win32:Sality, Moved to chest
File C:\Qoobox\Quarantine\E\xjfxf.exe.vir is infected by Win32:Sality, Moved to chest
File C:\Users\Administrator\Desktop\Roadran322\My Stuff\Misc\2.exe is infected by Win32:Sality, Moved to chest
File C:\Users\Administrator\Desktop\test.txt is infected by BV:AutoRun-AC [Wrm], Moved to chest
File C:\Users\Administrator\DoctorWeb\Quarantine\Copy of Shortcut to (1).lnk is infected by LNK:Runner, Moved to chest
File C:\Users\Administrator\DoctorWeb\Quarantine\Copy of Shortcut to (2).lnk is infected by LNK:Runner, Moved to chest
File C:\Users\Administrator\DoctorWeb\Quarantine\Copy of Shortcut to (3).lnk is infected by LNK:Runner, Moved to chest
File C:\Users\Administrator\DoctorWeb\Quarantine\Copy of Shortcut to (4).lnk is infected by LNK:Runner, Moved to chest
File C:\Users\Administrator\Documents\asdfasf.txt is infected by BV:AutoRun-AC [Wrm], Moved to chest
File C:\Users\Administrator\Downloads\DRPSu11.8\DriverPackSolution.exe is infected by Win32:Sality, Moved to chest
File C:\Users\Administrator\Downloads\DRPSu11.8\drp\Vista-7-x64\DP_Monitors_wnt6-x64_911.7z|>Monitors_x64_911\2\1\B273HU_t.cab|>driver000.cab|>B273HU_HDMI_Vista x86_Premium_Pass.cpk Error 42110 {The file is a decompression bomb.}
File C:\Users\Administrator\Downloads\DRPSu11.8\drp\Vista-7-x64\DP_Monitors_wnt6-x64_911.7z|>Monitors_x64_911\2\1\B273HU_t.cab|>driver000.cab Error 42110 {The file is a decompression bomb.}
File C:\Users\Administrator\Downloads\DRPSu11.8\drp\XP\DP_WebCam_wnt5_x86-32_1101.7z|>D\3\W\K4\PASnap.exe is infected by Win32:Injected-BA [PUP], Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Users\Administrator\Downloads\DRPSu11.8\drp\XP\DP_WebCam_wnt5_x86-32_1101.7z|>D\3\W\K7\PASnap.exe is infected by Win32:Injected-BA [PUP], Move to chest: Error 42111 {The operation is not supported for this type of archive.}, Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Users\Administrator\Downloads\DRPSu11.8\drp\XP\DP_WebCam_wnt5_x86-32_1101.7z|>D\3\W\AZ\PXIINST32\Remove.exe is infected by Win32:Injected-BA [PUP], Move to chest: Error 42111 {The operation is not supported for this type of archive.}
File C:\Users\Administrator\Downloads\DRPSu11.8\drp\XP\DP_WebCam_wnt5_x86-32_1101.7z|>D\3\W\K8\SNAPSHOT.exe is infected by Win32:Injected-BA [PUP]
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\ATK\AGFNEX_WIN7_32_WIN7_64_1000008\SETUP.EXE is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\ATK\ATK_Hotkey_Win7_32_64_100054\Setup.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\Firefox.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\HPhotkey.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\K-Lite_Codec_Pack.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\magentsetup_rfrdrp.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\MailRuSputnik_rfrdriverpack_s_mpcln9134.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\Opera.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\PuntoSwitcher.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\USSF.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\programs\utorrent.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\tools\CPUz\cpuz.exe is infected by Win32:Sality
File C:\Users\Administrator\Downloads\DRPSu11.8\tools\mshta.exe is infected by Win32:Sality
File C:\_OTL\MovedFiles\03102012_112430\C_\autorun.inf is infected by INF:AutoRun-gen@bhv [Wrm]
File C:\_OTL\MovedFiles\03102012_112430\C_\snqn.pif is infected by Win32:Sality
File C:\_OTL\MovedFiles\03102012_112430\C_Users\Administrator\AppData\Local\Temp\winsicjo.exe is infected by Win32:Malware-gen
File C:\_OTL\MovedFiles\03102012_112430\E_\autorun.inf is infected by INF:AutoRun-gen@bhv [Wrm]
File E:\gnxe.exe is infected by Win32:Sality
File E:\Qoobox\Quarantine\E\vaeu.exe.vir is infected by Win32:Sality
File E:\Users\Roadran422\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0002fd is infected by JS:Redirector-MA [Trj]
File E:\Users\Roadran422\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000309 is infected by JS:Redirector-MA [Trj]
File E:\Users\Roadran422\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00030f is infected by HTML:Script-inf
File E:\Users\Roadran422\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000312 is infected by JS:Redirector-MA [Trj]
File E:\Users\Roadran422\AppData\Local\Temp\RT_Mount\Windows\ehome\CreateDisc\SonicResources\ClickMe.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2011-12-24_093913-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2011-12-24_170918-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2011-12-24_181730-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2011-12-24_215247-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2011-12-25_073958-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2011-12-27_105600-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2011-12-28_154120-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2011-12-29_163535-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2011-12-31_123808-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-01_153239-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-02_163750-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-03_191736-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-03_214151-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-04_134844-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-04_224952-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-05_220724-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-08_151410-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-09_055135-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-09_155813-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-10_064123-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-10_150110-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-10_163713-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-12_060331-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-12_213224-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-13_173458-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-13_211427-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-14_072345-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-14_134754-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-15_085348-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-15_103155-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-15_122602-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-16_140225-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-17_054424-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-17_155620-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-19_130859-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-19_172439-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-19_230328-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-20_190513-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-20_195000-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-20_224616-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-22_080744-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-22_114132-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-22_194215-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-22_200715-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-23_182616-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-23_190739-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-23_191144-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-24_060340-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-25_212848-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-27_070432-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-27_164755-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-27_211936-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-28_094407-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-29_185511-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-30_214138-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-01-31_204701-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-01_062642-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-01_135026-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-01_164025-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-01_164108-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-01_164619-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-01_211521-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-01_211859-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-02_145214-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-02_150126-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-02_151938-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-02_200423-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-03_161752-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-03_161823-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-04_093056-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-04_093149-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-04_093348-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-04_124305-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-04_131824-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-04_132443-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-04_165221-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-04_173551-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-05_093958-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-05_111608-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-05_123735-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-06_003129-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-06_161159-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-06_162506-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-07_065745-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-07_145124-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-07_145949-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-07_151957-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-07_160747-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-07_212444-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-08_164040-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-08_165031-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-08_170420-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-10_033232-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-11_082202-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-12_071957-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-12_093627-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-12_095055-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-13_213948-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-14_210024-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-15_064758-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-15_143254-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-15_182742-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-16_043023-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-16_150611-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-16_200633-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-16_215904-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-18_062131-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-18_123441-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-18_165726-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-18_224836-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-18_231333-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-19_212605-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-20_081708-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-20_081952-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-20_094806-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-20_183517-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-21_140328-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-22_191602-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-22_195730-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-24_185121-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-24_191350-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-25_223446-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-02-25_224712-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\chanserv\2012-03-04_090820-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\cheezmo\2012-01-27_193014-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\cprossu\2012-01-27_175540-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\dactadork\2012-01-20_195453-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\dbshortwave\2012-02-20_124851-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\druidic_rifleman\2012-02-11_204343-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\einball\2012-01-27_193003-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\einball\2012-01-28_043657-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\einball\2012-01-30_195503-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\einball1\2012-01-16_141440-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\electricguy\2012-01-01_171858-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\electricguy\2012-01-01_172512-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\electricguy\2012-01-13_155806-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\electricguy_\2012-02-18_093520-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\electricguy_\2012-02-18_102912-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ender\2012-02-18_213559-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ender\2012-02-18_215554-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\experimentonomen\2012-02-07_212646-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\highman\2012-02-24_185139-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\iisi50mhz\2012-02-19_162757-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\injektion\2011-12-30_140229-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\isasha\2012-01-27_175319-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\istas\2012-02-18_121611-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\istas\2012-02-18_182720-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\istas\2012-02-19_102022-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\kake\2012-02-14_175847-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\kb3nzq\2012-01-29_144211-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\la_fen\2012-02-15_181735-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\leepod\2012-02-03_211234-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\leepod\2012-02-19_144526-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\lwq1996\2012-01-09_205929-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\lwq1996\2012-01-31_195957-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\lwq1996\2012-02-04_221945-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\lwq1996\2012-02-04_224106-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\lwq1996\2012-02-07_215426-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\lwq1996\2012-02-09_184224-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\lwq1996\2012-02-20_124532-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2011-12-28_154911-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-01-03_202108-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-01-05_203327-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-01-09_170400-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-01-09_210154-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-01-27_175428-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-01-30_203402-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-01-30_214609-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-03_160806-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-03_161926-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-04_223935-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-05_151301-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-06_162942-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-07_155557-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-07_184403-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-07_195850-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-08_161507-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-08_170433-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-10_223104-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-11_120958-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-12_102914-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-12_220417-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-15_183502-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-16_153730-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-17_210802-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-18_170651-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-19_154017-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-19_183209-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-20_125807-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-20_201722-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\masterofmonks\2012-02-22_192455-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\monkeh\2012-02-12_135713-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\monkeh%7clap\2012-02-14_203134-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\monkeh%7clap\2012-02-18_220201-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\monkeh%7clap\2012-02-18_231452-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\moxiemike\2012-01-23_215801-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\moxiemike\2012-01-27_180509-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\n1mjf\2012-01-30_220434-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nazca\2012-01-22_130834-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\neato\2012-01-10_164251-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\newtoz\2012-01-16_140234-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2011-12-29_222255-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2011-12-31_123836-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2011-12-31_220735-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2011-12-31_231622-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-01_174704-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-01_214220-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-02_183716-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-02_184010-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-03_191716-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-04_070727-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-05_163647-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-09_055131-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-09_145336-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-09_210508-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-10_064049-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-10_150047-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-12_152827-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-14_124018-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-14_131324-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-15_103145-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-15_222009-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-16_140207-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-16_202053-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-16_210501-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-17_054421-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-17_155551-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-19_025347-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-19_193834-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-20_190506-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-20_194938-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-20_224548-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-22_080739-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-22_114123-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-22_194151-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-22_215923-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-23_182611-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-23_190733-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-24_060336-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-27_070408-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-27_070423-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-01-28_094338-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-01_062639-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-01_135022-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-01_212932-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-01_214650-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-01_214706-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-02_145209-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-02_152149-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-02_203643-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-02_203703-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-02_203735-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-03_161747-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-04_093337-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-04_132429-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-04_165454-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-04_173546-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-06_003125-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-06_161144-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-07_145118-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-07_160626-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-07_212440-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-08_164038-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-08_164956-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-08_170417-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-10_033218-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-11_082158-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-12_071954-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-12_093621-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-12_163348-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-14_171055-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-14_210021-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-15_143250-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-15_182738-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-16_043018-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-16_150607-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-17_204049-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-18_123435-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-18_123515-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-18_224830-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-18_231328-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-19_212601-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-20_081704-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-20_081948-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-20_082018-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-20_094803-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-20_145439-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-20_183513-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-20_214520-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-21_140321-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-21_154200-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-22_191557-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-22_191630-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-22_193202-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-24_185117-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-02-25_223441-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\nickserv\2012-03-04_090816-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\niobe%7claptop\2012-02-12_075820-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\pegasus\2012-02-18_181511-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\pockitaru\2012-02-19_103046-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\pockitaru\2012-02-20_204122-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\pockitaru_\2012-02-20_180732-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ponko\2012-01-23_203504-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ponko\2012-01-30_195424-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ponko\2012-01-30_195553-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ponko\2012-02-01_211305-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ponko\2012-02-06_162614-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\rageriot\2012-01-27_175442-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\rageriot%7cafk\2012-01-30_195420-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\rageriot%7cafk\2012-02-07_191137-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\rageriot%7cafk\2012-02-11_170308-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\reesk\2012-01-19_180157-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\roadran422\2012-02-02_181231-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\roadran422\2012-02-03_161655-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\roadran422\2012-02-06_173052-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\rowan138\2012-02-02_181246-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\sarahm\2012-01-24_150430-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\sarahm\2012-01-24_150512-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2011-12-28_205327-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2011-12-30_204545-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-01-03_191817-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-01-16_094036-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-01-16_141320-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-01-19_172456-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-01-22_194243-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-01-27_175302-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-02-01_164042-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-02-04_142435-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-02-04_180147-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-02-18_164043-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\seroster\2012-02-19_130831-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\serostern\2012-02-22_182721-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\sgt_lemming\2012-02-18_181709-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\sgt_lemming\2012-02-19_100017-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\sgt_lemming\2012-02-19_182316-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\sndwrx\2011-12-31_220600-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\sparkyprojects\2012-02-05_110324-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\sparkyprojects\2012-02-05_111820-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\tgg%7cynos\2012-02-03_161525-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\tgg_maglin\2012-01-29_151434-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\tgg_maglin_\2012-01-29_185219-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\tgg_maglin_\2012-01-29_190059-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\toastdude\2011-12-25_221646-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\toastdude\2011-12-28_165707-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\toastdude\2012-01-03_180046-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\toastdude\2012-01-03_182155-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\toastdude\2012-01-29_141047-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\toastdude\2012-02-14_213904-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\toastdude\2012-02-18_230523-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\tonsofpcs\2012-02-10_210916-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe-zomb\2012-02-10_223531-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe-zz\2012-02-07_063803-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2011-12-24_210409-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2011-12-25_223312-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-01-01_210836-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-01-02_220511-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-01-02_220557-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-01-04_195625-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-01-05_200953-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-01-05_214604-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-01-08_151619-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-01-27_165212-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-02-05_131528-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-02-13_180744-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-02-18_204521-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-02-19_230305-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\wannabe1987\2012-02-20_134422-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\y007-nb\2012-02-17_070012-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\y007ghg7\2012-01-27_193008-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ynos\2012-01-09_220052-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ynos\2012-01-16_142021-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ynos\2012-01-24_150137-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\ynos\2012-02-20_131459-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\#wiihacks.chat\2012-02-18_120516-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\#wiihacks.chat\2012-02-18_144336-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-02-18_120418-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-02-19_212551-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-02-20_081701-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-02-20_081944-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-02-20_094801-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-02-20_183509-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-02-21_140243-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-02-24_185115-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-02-24_212604-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-02-25_223436-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\global\2012-03-04_090814-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\luigi\2012-02-18_120518-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\.purple\logs\irc\[email protected]\luigi\2012-02-18_144338-0500EST_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Genie-Soft\GBMPro8\Jobs\New Backup Job\00000000\log_backup_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\bookmarks_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\conduitCommon\alert\Dialogs\AppNotificationDialog\initialNotification_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\conduitCommon\alert\Dialogs\AppNotificationDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\conduitCommon\alert\Dialogs\AppNotificationDialog\sampleNotification_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\AddedAppDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\DetectedAppDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\EngineFirstTimeDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\NewSearchProtectorDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\SearchProtectorBubbleDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\SearchProtectorDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\ToolbarFirstTimeDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\ToolbarUntrustedAppsApprovalDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\UntrustedAddedAppDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\UntrustedAppApprovalDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\CT2260173\Dialogs\UntrustedAppPendingDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\lib\rsspreview_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\newtab\newtab_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\toolbar.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\panel_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Messaging\skin\messageContent_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Messaging\skin\messageList_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\login_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\skin\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels\default\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels\popupWidgets_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\uwa\paneltemplate_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\uwa\proxy_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\uwa\templateFF_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\uwa\template_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\weatherbutton\panels\popupWeather_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\1s9pxeuy.Defaukt\ScrapBook\data\20110223214127\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\bookmarks_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\conduitCommon\alert\Dialogs\AppNotificationDialog\initialNotification_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\conduitCommon\alert\Dialogs\AppNotificationDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\conduitCommon\alert\Dialogs\AppNotificationDialog\sampleNotification_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\AddedAppDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\DetectedAppDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\EngineFirstTimeDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\NewSearchProtectorDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\SearchProtectorBubbleDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\SearchProtectorDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\ToolbarFirstTimeDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\ToolbarUntrustedAppsApprovalDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\UntrustedAddedAppDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\UntrustedAppApprovalDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\CT2260173\Dialogs\UntrustedAppPendingDialog\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\lib\rsspreview_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\newtab\newtab_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\toolbar.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\panel_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Messaging\skin\messageContent_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Messaging\skin\messageList_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\login_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.Twitter\skin\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\content\widgets\net.vmn.www.YouTube_v2\skin\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels\default\main_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\panels\popupWidgets_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\uwa\paneltemplate_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\uwa\proxy_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\uwa\templateFF_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\uwa\template_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\chrome\skin\lib\weatherbutton\panels\popupWeather_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\FlashGot.exe is infected by Win32:Virut-AGW
File E:\Users\Roadran422\AppData\Roaming\Mozilla\Firefox\Profiles\lo3vaiog.Default User\ScrapBook\data\20110223214127\index_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Smilebox\PrintWizardLoader_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\Smilebox\SmileboxPhotoLoader_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\AppData\Roaming\VOS\CCleanerMalwarebytes Anti-MalwareSpybot - Search DestroySUPERAntiSpyware\AppVirtDll_CCleanerMalwarebytes Anti-MalwareSpybot - Search DestroySUPERAntiSpyware_dll.exe is infected by Win32:Ramnit-E
File E:\Users\Roadran422\Desktop\New folder (2)\apps\Cfg_USB_Loader_65\inSDRoot\usb-loader\CfgLoaderConfigurator.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\LIMES Regular - R2006\LIMES - R2006.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\Microsoft Windows 7 Ultimate SP1 (64) English DVD [MSDN]\Extracted\boot\bootsect.exe is infected by Win32:Virut-AGQ
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\Microsoft Windows 7 Ultimate SP1 (64) English DVD [MSDN]\Extracted\sources\dismhost.exe is infected by Win32:Virut-AGQ
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\Microsoft Windows 7 Ultimate SP1 (64) English DVD [MSDN]\Extracted\sources\rollback.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\Microsoft Windows 7 Ultimate SP1 (64) English DVD [MSDN]\Extracted\sources\setup.exe is infected by Win32:Virut-AMD
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\Microsoft Windows 7 Ultimate SP1 (64) English DVD [MSDN]\Extracted\sources\upghost.exe is infected by Win32:Patched-XP [Trj]
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\Microsoft Windows 7 Ultimate SP1 (64) English DVD [MSDN]\Extracted\support\migwiz\mighost.exe is infected by Win32:Patched-AFR [Trj]
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\Microsoft Windows 7 Ultimate SP1 (64) English DVD [MSDN]\Extracted\support\migwiz\migwiz.exe is infected by Win32:Virut-AEO
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\Microsoft Windows 7 Ultimate SP1 (64) English DVD [MSDN]\Extracted\support\migwiz\postmig.exe is infected by Win32:Virut-AGW
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\Microsoft Windows 7 Ultimate SP1 (64) English DVD [MSDN]\Extracted\support\tools\gbunicnv.exe is infected by Win32:Virut-AEO
File E:\Users\Roadran422\Desktop\Roadran322\Movies and Software\Microsoft Windows 7 Ultimate SP1 (64) English DVD [MSDN]\Extracted\upgrade\netfx\netfxupdate.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Desktop\Roadran322\Mozilla\Firefox\Profiles\xyizeofa.default\bookmarks_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\Desktop\Roadran322\Mozilla\Firefox\Profiles\xyizeofa.default\extensions\multifox@hultmann\content\about-multifox_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\Desktop\Roadran322\Mozilla\Firefox\Profiles\xyizeofa.default\extensions\multifox@hultmann\locale\en-US\about_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\Desktop\Roadran322\Mozilla\Firefox\Profiles\xyizeofa.default\extensions\multifox@hultmann\locale\es-ES\about_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\Desktop\Roadran322\Mozilla\Firefox\Profiles\xyizeofa.default\extensions\multifox@hultmann\locale\pt-BR\about_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\Desktop\Roadran322\Mozilla\Firefox\Profiles\xyizeofa.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\content\test_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\Desktop\Roadran322\My Stuff\Misc\Windows XP Crack\index_php.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\Documents\Sony Premium Services VAIO Health Check\Sony Premium Services VAIO Health Check ScanReport_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\AIO Updates\bin\hashdeep.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\AIO Updates\bin\hashdeep64.exe is infected by Win32:Virut-AEO
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\AIO Updates\bin\IfAdmin.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\AIO Updates\wxp\enu\windowsxp-kb956744-x86-enu_3d8a4f0990d13778983b5f2c4dcb982d4d7bfd20.exe|>_sfx_0016._p|>msrdp.ocx Error 42127 {CAB archive is corrupted.}
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\AIO Updates\wxp\enu\windowsxp-kb958470-x86-enu_887a259c39636eaf1ab9bfec71172203224415cc.exe|>_sfx_0006._p|>msrdp.ocx Error 42127 {CAB archive is corrupted.}
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\Anti-Malware\NMR.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\BlueScreen\BlueScreenView.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\File Manager\DelZip179_dll.exe is infected by Win32:Ramnit-E
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\File Manager\FreeCommander.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\File Manager\unrar_dll.exe is infected by Win32:Ramnit-E
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\FileViewer\amnani_dll.exe is infected by Win32:Ramnit-E
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\FileViewer\Conv\xdoc2txt.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\FileViewer\ijl15_dll.exe is infected by Win32:Ramnit-E
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\FileViewer\Nav.exe is infected by Win32:Ramnit-E
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\FileViewer\unrar_dll.exe is infected by Win32:Ramnit-E
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\FileViewer\Viewer.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\FixWin\FixWin v 1.2.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\JavaRa\JavaRa.exe is infected by Win32:Patched-AFY [Trj]
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\RootKit\aswMBR.exe is infected by Win32:Vitro
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\Run Dialog\Run.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\Tweaking.com - Windows Repair\files\erunt\AUTOBACK.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\Tweaking.com - Windows Repair\files\erunt\ERUNT.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\Tweaking.com - Windows Repair\files\erunt\NTREGOPT.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\Tweaking.com - Windows Repair\files\regini.exe is infected by Win32:Patched-XP [Trj]
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\Tweaking.com - Windows Repair\files\SetACL.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\Tweaking.com - Windows Repair\Repair_Windows.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\WinRar\Languages\de\Order.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\WinRar\Languages\en\Order.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\WinRar\Launch WinRAR.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\WinRar\Rar.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\WinRar\RarExtLoader.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\Downloads\AntiVirus_AntiSpyware_AntiMalware_AntiRogueware and General Repair\Misc\WinRar\UnRAR.exe is infected by Win32:Virtu-A
File E:\Users\Roadran422\FirefoxPortable\App\DefaultData\profile\bookmarks_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\FirefoxPortable\Data\profile\bookmarks_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Users\Roadran422\FirefoxPortable\help_html.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\assembly\GAC_64\mcupdate\6.1.0.0__31bf3856ad364e35\mcupdate.exe is infected by Win32:Virut-AFX
File E:\Windows\assembly\GAC_MSIL\dfsvc\2.0.0.0__b03f5f7f11d50a3a\dfsvc.exe is infected by Win32:Virtu-A
File E:\Windows\assembly\GAC_MSIL\ehexthost\6.1.0.0__31bf3856ad364e35\ehexthost.exe is infected by Win32:Virtu-A
File E:\Windows\assembly\GAC_MSIL\loadmxf\6.1.0.0__31bf3856ad364e35\loadmxf.exe is infected by Win32:Virtu-A
File E:\Windows\Drivers\EXE\Memory Card Reader Writer Driver (Realtek)\APBin_32bit\RIconMan.exe is infected by Win32:Virut-AGW
File E:\Windows\Drivers\EXE\Memory Card Reader Writer Driver (Realtek)\APBin_64bit\RIconMan.exe is infected by Win32:Virut-AEO
File E:\Windows\ehome\ehmsas.exe is infected by Win32:Virut-AFB
File E:\Windows\ehome\ehprivjob.exe is infected by Win32:Virut-AFB
File E:\Windows\ehome\ehrec.exe is infected by Win32:Virut-AEO
File E:\Windows\ehome\ehshell.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\ehome\ehtray.exe is infected by Win32:Virut-AFX
File E:\Windows\ehome\ehvid.exe is infected by Win32:Virut-AKB
File E:\Windows\ehome\mcGlidHost.exe is infected by Win32:Virut-AGW
File E:\Windows\ehome\McrMgr.exe is infected by Win32:Virut-AEO
File E:\Windows\ehome\Mcx2Prov.exe is infected by Win32:Virut-AEO
File E:\Windows\ehome\McxTask.exe is infected by Win32:Virut-AGQ
File E:\Windows\Installer\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}\EventViewerShortcu_76E67E6157E04378993DB5E66098550F.exe is infected by Win32:Virtu-A
File E:\Windows\Installer\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}\ITAdministratorToo_76E67E6157E04378993DB5E66098550F.exe is infected by Win32:Virtu-A
File E:\Windows\Installer\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}\ManDgShortcut_76E67E6157E04378993DB5E66098550F.exe is infected by Win32:Virtu-A
File E:\Windows\Installer\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}\NewShortcut1_76E67E6157E04378993DB5E66098550F.exe is infected by Win32:Virtu-A
File E:\Windows\Installer\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}\NewShortcut2_C50EF0C9FF57433B94FED16F9E10EBBF.exe is infected by Win32:Virtu-A
File E:\Windows\Installer\{4F26C164-9373-4974-8F43-E0F2176AF937}\ARPPRODUCTICON.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\Installer\{4F26C164-9373-4974-8F43-E0F2176AF937}\NewShortcut1_815D94B0F82F4067AE1EBEEA35B90A14.exe is infected by Win32:FileInfector-D [Heur]
File E:\Windows\Installer\{4F26C164-9373-4974-8F43-E0F2176AF937}\UNINST_Uninstall_I_2E275B59066D40F9B847B3C160DA3262.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\Installer\{E5D03B2E-B2D4-477F-A60D-8E1969D821FA}\ARPPRODUCTICON.exe is infected by Win32:Virtu-A
File E:\Windows\Installer\{F909BB1B-3FC1-4EDA-AF1F-8F1A89163591}\NewShortcut2_5B2EDCAA303A43629DACC3FFFABD0901.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_compiler.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\Microsoft.NET\Framework64\v2.0.50727\CasPol.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework64\v2.0.50727\jsc.exe is infected by Win32:Virtu-A
File E:\Windows\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\Microsoft.NET\Framework64\v2.0.50727\RegAsm.exe is infected by Win32:Virut-AGQ
File E:\Windows\Setup1.exe is infected by Win32:Virtu-A
File E:\Windows\Simple Port Forwarding\uninstall.exe is infected by Win32:Virtu-A
File E:\Windows\Sonysys\scheduler\Scheduler.exe is infected by Win32:Virtu-A
File E:\Windows\ST6UNST.EXE is infected by Win32:Virtu-A
File E:\Windows\System32\AdapterTroubleshooter.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\aitagent.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\auditpol.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\baaupdate.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\bcdboot.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\bcdedit.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\BdeHdCfg.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\BdeUnlockWizard.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\System32\bootcfg.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\bthudtask.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\Bubbles.scr is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\calc.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\CertEnrollCtrl.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\certreq.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\certutil.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\charmap.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\chkdsk.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\choice.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\System32\cipher.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\cliconfg.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\clip.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\cmd.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\cmdl32.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\cmstp.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\ComputerDefaults.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\conhost.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\control.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\credwiz.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\cscript.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\cttune.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\cttunesvr.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\dccw.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\ddodiag.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\Defrag.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\DeviceDisplayObjectProvider.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\DevicePairingWizard.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\DeviceProperties.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\DFDWiz.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\dfrgui.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\dialer.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\diantz.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\diskpart.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\diskraid.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\dispdiag.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\DisplaySwitch.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\dpapimig.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\DpiScaling.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\dpnsvr.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\DriverStore\FileRepository\kit37419.inf_amd64_neutral_4f9039daecaada05\igfxcmrt32.dll is infected by Win32:Ramnit-E
File E:\Windows\System32\DriverStore\FileRepository\wvmic.inf_amd64_neutral_b94eb92e8150fa35\vmicsvc.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\drvinst.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\dwm.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\dxdiag.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\EhStorAuthn.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\eventcreate.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\eventvwr.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\expand.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\extrac32.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\findstr.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\fontview.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\forfiles.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\ftp.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\FXSCOVER.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\FXSSVC.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\getmac.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\gpresult.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\hdwwiz.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\hwrcomp.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\hwrreg.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\ie4uinit.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\ieUnatt.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\iexpress.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\IME\IMEJP10\IMJPDCT.EXE is infected by Win32:Virut-AKB
File E:\Windows\System32\IME\IMEJP10\IMJPDSVR.EXE is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\IME\IMEJP10\IMJPMGR.EXE is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\IME\IMEJP10\IMJPUEX.EXE is infected by Win32:Virut-AEO
File E:\Windows\System32\IME\IMEJP10\imjpuexc.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\IME\IMESC5\IMSCPROP.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\IME\shared\IMEPADSV.EXE is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\ipconfig.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\irftp.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\iscsicpl.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\isoburn.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\klist.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\LocationNotifications.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\lodctr.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\logagent.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\logman.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\lpksetup.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\lpremove.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\lsm.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\Magnify.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\makecab.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\mcbuilder.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\mctadmin.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\MdRes.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\migwiz\mighost.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\migwiz\PostMig.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\mmc.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\msconfig.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\msdt.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\msiexec.exe is infected by Win32:Patched-YH [Trj]
File E:\Windows\System32\msinfo32.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\mspaint.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\msra.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\mstsc.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\mtstocom.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\MuiUnattend.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\Mystify.scr is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\Narrator.exe is infected by Win32:Virtu-A
File E:\Windows\System32\ndadmin.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\NetProj.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\netsh.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\newdev.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\nltest.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\notepad.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\nslookup.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\ntprint.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\ocsetup.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\odbcad32.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\odbcconf.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\oobe\audit.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\oobe\oobeldr.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\oobe\Setup.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\oobe\windeploy.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\openfiles.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\OptionalFeatures.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\osk.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\p2phost.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\perfmon.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\PhotoScreensaver.scr is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\PkgMgr.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\PnPUnattend.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\PnPutil.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\powercfg.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\PresentationSettings.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\printfilterpipelinesvc.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\printui.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\psr.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\rdpclip.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\rdpinit.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\rdpshell.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\rdpsign.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\regini.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\RegisterIEPKEYs.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\relog.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\RelPost.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\repair-bde.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\resmon.exe is infected by Win32:Patched-YH [Trj]
File E:\Windows\System32\Ribbons.scr is infected by Win32:Virut-AGW
File E:\Windows\System32\RMActivate.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\RMActivate_isv.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\RMActivate_ssp.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\RMActivate_ssp_isv.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\Robocopy.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\rrinstaller.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\rstrui.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\rundll32.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\RunLegacyCPLElevated.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\runonce.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\sc.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\sdchange.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\sdclt.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\services.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\sethc.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\SetIEInstalledDate.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\setspn.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\setupugc.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\sfc.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\shrpubw.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\shutdown.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\sigverif.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\SnippingTool.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\SoundRecorder.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\spinstall.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\sppsvc.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\spreview.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\ssText3d.scr is infected by Win32:Virut-AFB
File E:\Windows\System32\StikyNot.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\sxstrace.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\SyncHost.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\syskey.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\systeminfo.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\SystemPropertiesAdvanced.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\SystemPropertiesDataExecutionPrevention.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\SystemPropertiesPerformance.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\SystemPropertiesProtection.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\SystemPropertiesRemote.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\tabcal.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\takeown.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\taskeng.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\taskhost.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\taskkill.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\tasklist.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\taskmgr.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\telnet.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\timeout.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\tlntadmn.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\tlntsess.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\tlntsvr.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\TpmInit.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\tracerpt.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\TSWbPrxy.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\typeperf.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\System32\tzutil.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\UI0Detect.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\unlodctr.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\unregmp2.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\Utilman.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\VaultSysUi.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\vds.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\verifier.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\System32\vssadmin.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\VSSVC.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\waitfor.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\wbadmin.exe is infected by Win32:Virut-AFB
File E:\Windows\System32\wbem\scrcons.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\wbem\unsecapp.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\wbem\WinMgmt.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\wbem\WMIADAP.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\wbem\WmiApSrv.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\System32\wbengine.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\wecutil.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\WerFault.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\wermgr.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\wevtutil.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\wextract.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\System32\WFS.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\where.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\whoami.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\wimserv.exe is infected by Win32:Virut-AMD
File E:\Windows\System32\WindowsAnytimeUpgradeResults.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\WindowsPowerShell\v1.0\powershell_ise.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\wininit.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\System32\winrs.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\winver.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\wisptis.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\wlanext.exe is infected by Win32:Virut-AGQ
File E:\Windows\System32\wlrmdr.exe is infected by Win32:Virut-AGW
File E:\Windows\System32\WPDShextAutoplay.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\System32\wpnpinst.exe is infected by Win32:Virut-AEO
File E:\Windows\System32\wsqmcons.exe is infected by Win32:Virut-AFX
File E:\Windows\System32\WUDFHost.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\System32\xpsrchvw.exe is infected by Win32:Virut-AKB
File E:\Windows\System32\xwizard.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\AdapterTroubleshooter.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\Adobe\Shockwave 11\SwInit.exe is infected by Win32:Virtu-A
File E:\Windows\SysWOW64\at.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\SysWOW64\auditpol.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\cacls.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\CertEnrollCtrl.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\chkntfs.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\cliconfg.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\cmdkey.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\colorcpl.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\compact.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\ComputerDefaults.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\convert.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\credwiz.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\SysWOW64\cttune.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\SysWOW64\cttunesvr.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\dccw.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\ddodiag.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\DevicePairingWizard.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\DeviceProperties.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\dfrgui.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\Dism\DismHost.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\Dism.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\drvinst.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\explorer.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\fontview.exe is infected by Win32:Virut-AMD
File E:\Windows\SysWOW64\fsutil.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\ftp.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\getmac.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\gpresult.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\SysWOW64\gpscript.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\gpupdate.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\SysWOW64\grpconv.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\hdwwiz.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\help.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\hh.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\igfxcmrt32.dll is infected by Win32:Ramnit-E
File E:\Windows\SysWOW64\IME\IMEJP10\IMJPDADM.EXE is infected by Win32:Virut-AEF [Trj]
File E:\Windows\SysWOW64\IME\IMEJP10\IMJPDCT.EXE is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\IME\IMEJP10\IMJPDSVR.EXE is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\IME\IMEJP10\IMJPMGR.EXE is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\IME\IMEJP10\imjppdmg.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\IME\IMEJP10\IMJPUEX.EXE is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\IME\IMEJP10\imjpuexc.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\IME\IMETC10\IMTCPROP.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\IME\shared\IMCCPHR.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\IME\shared\IMEPADSV.EXE is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\InfDefaultInstall.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\instnm.exe is infected by Win32:Virut-AFB
File E:\Windows\SysWOW64\ipconfig.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\iscsicli.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\isoburn.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\ktmutil.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\label.exe is infected by Win32:Virut-AMD
File E:\Windows\SysWOW64\LocationNotifications.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\lodctr.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\Macromed\Shockwave 10\SwInit.exe is infected by Win32:Virtu-A
File E:\Windows\SysWOW64\mcbuilder.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\mfpmp.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\mobsync.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\SysWOW64\mountvol.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\msdt.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\msfeedssync.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\mshtml.dll is infected by Win32:Ramnit-E
File E:\Windows\SysWOW64\msinfo32.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\mspaint.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\MuiUnattend.exe is infected by Win32:Virut-AFB
File E:\Windows\SysWOW64\Mystify.scr is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\NAPSTAT.EXE is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\ndadmin.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\net.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\SysWOW64\net1.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\netbtugc.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\Netplwiz.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\newdev.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\notepad.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\nslookup.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\ocsetup.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\odbcad32.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\pcaui.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\perfhost.exe is infected by Win32:Virtu-A
File E:\Windows\SysWOW64\prevhost.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\printui.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\psr.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\ReAgentc.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\RegisterIEPKEYs.exe is infected by Win32:Virtu-A
File E:\Windows\SysWOW64\RMActivate.exe is infected by Win32:Virtu-A
File E:\Windows\SysWOW64\RMActivate_isv.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\RMActivate_ssp.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\RMActivate_ssp_isv.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\rrinstaller.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\sc.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\schtasks.exe is infected by Win32:Virut-AMD
File E:\Windows\SysWOW64\scrnsave.scr is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\secinit.exe is infected by Win32:Virut-AFB
File E:\Windows\SysWOW64\sethc.exe is infected by Win32:Virut-AFB
File E:\Windows\SysWOW64\setup16.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\setupSNK.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\SysWOW64\setupugc.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\setx.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\shrpubw.exe is infected by Win32:Virut-AMD
File E:\Windows\SysWOW64\shutdown.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\SndVol.exe is infected by Win32:Virut-AFO
File E:\Windows\SysWOW64\ssText3d.scr is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\svchost.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\sxstrace.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\syskey.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\SystemPropertiesAdvanced.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\SystemPropertiesComputerName.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\SystemPropertiesDataExecutionPrevention.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\SystemPropertiesPerformance.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\SystemPropertiesProtection.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\unlodctr.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\verclsid.exe is infected by Win32:Virut-AGQ
File E:\Windows\SysWOW64\vssadmin.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\waitfor.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\SysWOW64\wbem\WinMgmt.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\SysWOW64\wbem\WMIADAP.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\wbem\WMIC.exe is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\wbem\WmiPrvSE.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\SysWOW64\wecutil.exe is infected by Win32:Virut-AMD
File E:\Windows\SysWOW64\where.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\SysWOW64\whoami.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\wiaacmgr.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\wimserv.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe is infected by Win32:Virtu-A
File E:\Windows\SysWOW64\wininit.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\winrshost.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\winver.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\WISPTIS.EXE is infected by Win32:Virut-AFX
File E:\Windows\SysWOW64\wlanext.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\SysWOW64\WPDShextAutoplay.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\SysWOW64\WSManHTTPConfig.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\wuapp.exe is infected by Win32:Virut-AKB
File E:\Windows\SysWOW64\xcopy.exe is infected by Win32:Virut-AEO
File E:\Windows\SysWOW64\xpsrchvw.exe is infected by Win32:Virut-AGW
File E:\Windows\SysWOW64\xwizard.exe is infected by Win32:Virut-AGW
File E:\Windows\twunk_32.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\amd64_brmfcwia.inf_31bf3856ad364e35_6.1.7600.16385_none_11493a3982b640b7\BrmfRsmg.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\amd64_bth.inf_31bf3856ad364e35_6.1.7601.17514_none_d06ac9aad230c1d6\fsquirt.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_divacx64.inf_31bf3856ad364e35_6.1.7600.16385_none_cf37cc4c5bc25dc7\ditrace.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\amd64_divacx64.inf_31bf3856ad364e35_6.1.7600.16385_none_cf37cc4c5bc25dc7\xlog.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-alg_31bf3856ad364e35_6.1.7600.16385_none_04de43c774cf8fe3\alg.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-appid_31bf3856ad364e35_6.1.7601.17514_none_b57215bac8c6d647\appidpolicyconverter.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-atbroker_31bf3856ad364e35_6.1.7600.16385_none_2b95a17838063e9b\AtBroker.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.17514_none_d4c5c995fb3f4a1b\audiodg.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-audio-volumecontrol_31bf3856ad364e35_6.1.7601.17514_none_244e76d61e1989e5\SndVol.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-axinstallservice_31bf3856ad364e35_6.1.7601.17514_none_352b5454878cd498\AxInstUI.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-b..vironment-servicing_31bf3856ad364e35_6.1.7601.17514_none_843a86a1bc33fcd1\bfsvc.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17514_none_d281ccc018b94ff4\conhost.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17617_none_d284cf8418b69920\conhost.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.17625_none_d277ff0418c08263\conhost.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21728_none_d3049cad31db6e32\conhost.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21738_none_d2f9ccc131e38a23\conhost.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-consolehost_31bf3856ad364e35_6.1.7601.21756_none_d2e22c5531f58f57\conhost.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-d..ing-management-core_31bf3856ad364e35_6.1.7601.17514_none_895a2b74415ea575\DismHost.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.1.7600.16385_none_3580dea4def227d4\esentutl.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-e..e-managed-regmceapp_31bf3856ad364e35_6.1.7600.16385_none_b13a0967547ecab4\RegisterMCEApp.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\flyout.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\main.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-e..ebargadgetresources_31bf3856ad364e35_6.1.7600.16385_none_88767a95b8bbf001\settings.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.1.7600.16385_none_5a9496fc0f35b80b\DWWIN.EXE is infected by Win32:Patched-YH [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_6.1.7600.16385_none_63df9c242588e5fc\rekeywiz.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-ehome-mcweblauncher_31bf3856ad364e35_6.1.7600.16385_none_5846a8771b202706\MediaCenterWebLauncher.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehrecvr_31bf3856ad364e35_6.1.7601.17514_none_1b8f8373383de46a\ehrecvr.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-ehome-services-ehsched_31bf3856ad364e35_6.1.7600.16385_none_0167f08155bf1c81\ehsched.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-ehome-wtvconverter_31bf3856ad364e35_6.1.7600.16385_none_a8464accb5a91f59\WTVConverter.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.17514_none_d71fb1d63f05ef22\FXSCOVER.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.1.7601.21659_none_d7831063583f7d63\FXSCOVER.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7600.16385_none_28590620099da2d8\fsutil.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7601.21680_none_2ac406171fe62477\fsutil.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\settings.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_92dafd34e62c3942\weather.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-help-client_31bf3856ad364e35_6.1.7600.16385_none_c80d81c947c7b794\HelpPane.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_7f263a8951bc5a48\SetIEInstalledDate.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_8.0.7601.17514_none_7a9a2f07e4e23a48\ConfigureIEOptionalComponents.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_9.4.8112.16421_none_765820a329e47a35\ConfigureIEOptionalComponents.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.17514_none_736d5be520319b24\tzupd.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.1.7601.21767_none_73c3ebd839750fcf\tzupd.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\401-1.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\401-2.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\401-3.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\401-4.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\401-5.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\401.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-1.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-10.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-11.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-12.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-13.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-14.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-15.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-16.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-17.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-18.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-19.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-2.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-3.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-4.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-5.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-6.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-7.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-8.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403-9.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\403.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-1.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-10.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-11.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-12.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-13.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-14.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-15.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-2.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-3.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-4.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-5.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-6.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-7.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-8.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404-9.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\404.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\405.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\406.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\412.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-13.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-14.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-15.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-16.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-17.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-18.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500-19.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\500.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\501.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..sbinaries.resources_31bf3856ad364e35_6.1.7600.16385_en-us_b87da52fa7e9b700\502.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-i..tional-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_b7aa02fc1797974c\IMTCPROP.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\amd64_microsoft-windows-icacls_31bf3856ad364e35_6.1.7600.16385_none_8ea990b7bfab3802\icacls.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.7601.17514_none_a0c922c3b170dd5d\RegisterIEPKEYs.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7600.16385_none_d009281f9a108e04\mshta.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-ie-iecleanup_31bf3856ad364e35_9.4.8112.16421_none_3284937a6731ad8c\iecleanup.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_7d25450501edb94f\ielowutil.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-ie-ielowutil_31bf3856ad364e35_9.4.8112.16421_none_7b144a6843de7cd6\ielowutil.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.7600.16385_none_db2b15bfcf64f104\iexpress.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.7600.16385_none_db2b15bfcf64f104\wextract.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7600.16385_none_a61138e7aab17fed\ieUnatt.exe is infected by Win32:Patched-YQ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7600.16385_none_6425238b793ee910\PDMSetup.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-ie-pdm_31bf3856ad364e35_9.4.8112.16421_none_621428eebb2fac97\PDMSetup.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-ie-setup-support_31bf3856ad364e35_8.0.7601.17514_none_3eb101caec1acc2c\ie4uinit.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_8.0.7601.17514_none_617c25c51f43e03f\ieinstal.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\amd64_microsoft-windows-ieinstal_31bf3856ad364e35_9.4.8112.16421_none_5d3a17606446202c\ieinstal.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.1.7601.17514_none_2dd00d963fe4475e\iisstart.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-iis-managementconsole_31bf3856ad364e35_6.1.7600.16385_none_e3c88f07d4c88269\InetMgr.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\appcmd.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\aspnetca.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iisrstas.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_6f0f7833cb71e18d\iissetup.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.1.7601.17514_none_f1fca1ab90570e8a\MdSched.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\amd64_microsoft-windows-m..essagingcoreservice_31bf3856ad364e35_6.1.7601.17514_none_412fcd2afecdc412\mqbkup.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.1.7601.17514_none_b8bffa4921e2a435\mblctr.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-m..odeupdate-servicing_31bf3856ad364e35_6.1.7600.16385_none_ff7cf696bfb54620\ucsvc.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-msinfo32-exe-common_31bf3856ad364e35_6.1.7601.17514_none_e46b048a01806891\msinfo32.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-n..protection-statusui_31bf3856ad364e35_6.1.7600.16385_none_998ff5c741ae3fb1\NAPSTAT.EXE is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-net-command-line-tool_31bf3856ad364e35_6.1.7600.16385_none_ae2743278c281682\net.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-net1-command-line-tool_31bf3856ad364e35_6.1.7601.17514_none_e501f8e06b32b48f\net1.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-netcfg_31bf3856ad364e35_6.1.7600.16385_none_6c23cd5f6b2a8dbc\netcfg.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\nfsadmin.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\rpcinfo.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-nfs-admincmdtools_31bf3856ad364e35_6.1.7601.17514_none_12d42225a9a7aef7\showmount.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_6.1.7600.16385_none_ad5854ca0a23343d\mount.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcmdtools_31bf3856ad364e35_6.1.7600.16385_none_ad5854ca0a23343d\umount.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-nfs-clientcore_31bf3856ad364e35_6.1.7601.17514_none_0b0882245933a065\nfsclnt.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-p..ng-spooler-splwow64_31bf3856ad364e35_6.1.7601.17514_none_25d05769a8973724\splwow64.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-p..ting-tools-printbrm_31bf3856ad364e35_6.1.7601.17514_none_dfe02de35bf41e0b\PrintBrmEngine.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-powershell-exe_31bf3856ad364e35_6.1.7600.16385_none_c50af05b1be3aa2b\powershell.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_6.1.7600.16385_none_8d8925a444607f8c\reg.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_b70694aa97134f37\rdrleakdiag.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17514_none_58b4153116c17b41\RDVGHelper.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_6.1.7600.16385_none_8be8919a8f43b3f6\raserver.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-s..iuminboxgames-chess_31bf3856ad364e35_6.1.7600.16385_none_d0c99374981840d5\Chess.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\amd64_microsoft-windows-s..l-inboxgames-hearts_31bf3856ad364e35_6.1.7600.16385_none_4ffeefd67d89d45b\Hearts.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-s..mes-spidersolitaire_31bf3856ad364e35_6.1.7600.16385_none_dead260d8f002b73\SpiderSolitaire.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-s..nboxgames-solitaire_31bf3856ad364e35_6.1.7600.16385_none_d1124c00155dfd14\Solitaire.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-minesweeper_31bf3856ad364e35_6.1.7600.16385_none_fe560f0352e04f48\MineSweeper.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-s..oxgames-purbleplace_31bf3856ad364e35_6.1.7600.16385_none_622070221822eb39\PurblePlace.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-sctasks_31bf3856ad364e35_6.1.7601.17514_none_e8657d02cbf5e4c1\schtasks.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef\BitLockerWizard.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-securestartup-cpl_31bf3856ad364e35_6.1.7601.17514_none_b5ac5cc3a1b7e9ef\BitLockerWizardElev.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-securestartup-notify_31bf3856ad364e35_6.1.7600.16385_none_78e75d04c1b0c873\fvenotify.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-securestartup-prompt_31bf3856ad364e35_6.1.7600.16385_none_4c045ec8fda52d34\fveprompt.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-securestartup-service_31bf3856ad364e35_6.1.7600.16385_none_c09aa5b3bec88beb\BdeUISrv.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-securestartup-tool-exe_31bf3856ad364e35_6.1.7601.17514_none_5840c326cdf5dca9\manage-bde.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-security-spp-ux_31bf3856ad364e35_6.1.7601.17514_none_b9e7a42ab571bbb9\slui.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_655452efe0fb810b\PkgMgr.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_678566b7ddea04a5\PkgMgr.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\PkgMgr.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-snmp-agent-service_31bf3856ad364e35_6.1.7601.17514_none_555ae6d66ee2630d\snmp.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-snmp-evntwin_31bf3856ad364e35_6.1.7600.16385_none_12c5b5b81f2d2f1d\evntwin.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-sonic-clickme_31bf3856ad364e35_6.1.7600.16385_none_560dd693a7476c8c\ClickMe.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-sonic-sbeserver_31bf3856ad364e35_6.1.7601.17514_none_7b380cb06fd9d81d\SBEServer.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\SpeechUXTutorial.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-speech-userexperience_31bf3856ad364e35_6.1.7601.17514_none_7a2ff57a626c29fd\SpeechUXWiz.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\amd64_microsoft-windows-sysprep_31bf3856ad364e35_6.1.7600.16385_none_4b73926c122be805\sysprep.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-t..c-journalnotewriter_31bf3856ad364e35_6.1.7600.16385_none_9e59e11166b683d3\PDIALOG.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-t..es-workspaceruntime_31bf3856ad364e35_6.1.7601.17514_none_848b402bf3e1c3b1\wksprt.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_6.1.7601.17514_none_28c78887678afbb1\mip.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-t..flicklearningwizard_31bf3856ad364e35_6.1.7600.16385_none_69769fd78b751ad3\FlickLearningWizard.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_6fb51b358e21d75f\TabTip.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-v..-ui-propertyhandler_31bf3856ad364e35_7.1.7601.17514_none_622ad1ccee43625b\vpcshellreg.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\amd64_microsoft-windows-v..alpc-ui-vpcsettings_31bf3856ad364e35_7.1.7601.17514_none_902def9cb585fa46\VPCSettings.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-virtualpc-application_31bf3856ad364e35_7.1.7601.17514_none_09c520fe00652de5\vpc.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\amd64_microsoft-windows-virtualpc-ui-vmwindow_31bf3856ad364e35_7.1.7600.16393_none_c661bbf36eaa14f2\VMWindow.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-virtualpc-ui-vmwindow_31bf3856ad364e35_7.1.7601.17514_none_c89fa03b6b8eaf49\VMWindow.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-virtualpc-ui-vpcwizard_31bf3856ad364e35_7.1.7601.17514_none_8980301be92c53b2\VPCWizard.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-virtualpc-vmsal_31bf3856ad364e35_7.1.7600.16393_none_48abca53b6ebcc5d\vmsal.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\amd64_microsoft-windows-w..cquisition-wiawow64_31bf3856ad364e35_6.1.7600.16385_none_2874ea220a5507fd\wiawow64.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\amd64_microsoft-windows-w..for-management-core_31bf3856ad364e35_6.1.7601.17514_none_288b7acec3a75696\WSManHTTPConfig.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\amd64_microsoft-windows-w..ommand-line-utility_31bf3856ad364e35_6.1.7600.16385_none_fd9ec705e687f8c2\WMIC.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-w..sition-uicomponents_31bf3856ad364e35_6.1.7601.17514_none_2d1a84c49beb2055\wiaacmgr.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.5.7601.17514_none_1f3413afc64d10c5\wuauclt.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\amd64_microsoft-windows-w..ystemassessmenttool_31bf3856ad364e35_6.1.7601.17514_none_d9bafd47cdf9833b\WinSAT.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_a0cf62efee3228a3\wab.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_microsoft-windows-wab-app_31bf3856ad364e35_6.1.7601.17514_none_a0cf62efee3228a3\wabmig.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\amd64_microsoft-windows-wmi-snmp-provider_31bf3856ad364e35_6.1.7601.17514_none_08e183f8dd5f48b7\smi2smir.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\amd64_microsoft-windows-wmi-tools_31bf3856ad364e35_6.1.7600.16385_none_33f05b889d506d0a\wbemtest.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\posix.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\psxrun.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\amd64_subsystem-for-unix-based-applications_31bf3856ad364e35_6.1.7601.17514_none_d20e5d35068f261a\psxss.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchFilterHost.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchIndexer.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_d18028273214fa77\SearchProtocolHost.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\SearchFilterHost.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\SearchIndexer.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_d17c28e532189242\SearchProtocolHost.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.21720_none_d1faf5c44b3e4dfd\SearchFilterHost.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.21720_none_d1faf5c44b3e4dfd\SearchIndexer.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\amd64_windowssearchengine_31bf3856ad364e35_7.0.7601.21720_none_d1faf5c44b3e4dfd\SearchProtocolHost.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\msil_narrator_31bf3856ad364e35_6.1.7601.17514_none_e18f9f5aaa2eda72\Narrator.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\wow64_eventviewersettings_31bf3856ad364e35_6.1.7600.16385_none_5b41740051c4eca4\eventvwr.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.1.7601.17514_none_3d8bb37f97ba22ff\sdbinst.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\wow64_microsoft-windows-bth-user_31bf3856ad364e35_6.1.7601.17514_none_cd93efad202e5fb6\bthudtask.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\wow64_microsoft-windows-commandprompt_31bf3856ad364e35_6.1.7601.17514_none_f387767e655cd5ab\cmd.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\wow64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.17514_none_df7c5af777ec4541\drvinst.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\wow64_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.1.7601.21733_none_dfef5986911b00bd\drvinst.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17514_none_4a5d2c9ecd59afa7\dnscacheugc.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.17570_none_4a184beecd8df1f1\dnscacheugc.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.21673_none_4aa4e997e6a8ddc0\dnscacheugc.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe is infected by Win32:Patched-YH [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\wow64_microsoft-windows-i..lified-chinese-core_31bf3856ad364e35_6.1.7601.17514_none_808c0da292f3ca46\IMSCPROP.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\setup.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\wow64_microsoft-windows-i..llshield-wow64-main_31bf3856ad364e35_6.1.7600.16385_none_ca61f601a4548b8e\_isdel.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_8.0.7600.16385_none_da5dd271ce714fff\mshta.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_microsoft-windows-ie-htmlapplication_31bf3856ad364e35_9.4.8112.16421_none_d84cd7d510621386\mshta.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16430_none_922a2afa2937025c\mshtml.dll is infected by Win32:Ramnit-E
File E:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16434_none_922e2c22293367b8\mshtml.dll is infected by Win32:Ramnit-E
File E:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16437_none_92312d002930b3bd\mshtml.dll is infected by Win32:Ramnit-E
File E:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16440_none_921f5b0e293f1e4d\mshtml.dll is infected by Win32:Ramnit-E
File E:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20534_none_92b7c8ed42510782\mshtml.dll is infected by Win32:Ramnit-E
File E:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20537_none_92bac9cb424e5387\mshtml.dll is infected by Win32:Ramnit-E
File E:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20544_none_92acf90142592373\mshtml.dll is infected by Win32:Ramnit-E
File E:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20546_none_92aef99542575621\mshtml.dll is infected by Win32:Ramnit-E
File E:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.7601.17514_none_b296f701dc00c582\ieUnatt.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_9.4.8112.16421_none_ae54e89d2103056f\ieUnatt.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\wow64_microsoft-windows-ie-offlinefavorites_31bf3856ad364e35_9.4.8112.16421_none_e01ecb8c58be153b\webcheck.dll is infected by Win32:Ramnit-E
File E:\Windows\winsxs\wow64_microsoft-windows-iis-legacysnapin_31bf3856ad364e35_6.1.7601.17514_none_e99b83c8fd064a06\InetMgr6.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\appcmd.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\aspnetca.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\iisreset.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.1.7601.17514_none_79642285ffd2a388\iissetup.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\migwiz.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.1.7601.17514_none_22f5c6aadf559287\PostMig.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-performancetoolsgui_31bf3856ad364e35_6.1.7601.17514_none_04846decebf43c4c\resmon.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\wow64_microsoft-windows-r..sistance-dcomserver_31bf3856ad364e35_6.1.7600.16385_none_963d3becc3a475f1\raserver.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasautou.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmdl32.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmmon32.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_microsoft-windows-rasconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_c79aef32ab85d92b\cmstp.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedt32.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_9da1b3254ff796e9\msra.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_microsoft-windows-remoteassistance-exe_31bf3856ad364e35_6.1.7600.16385_none_9da1b3254ff796e9\sdchange.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-s..csengine-nativehost_31bf3856ad364e35_6.1.7600.16385_none_806f80a8aaa33dd4\sdiagnhost.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\cscript.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-scripting_31bf3856ad364e35_6.1.7600.16385_none_aeb1ef0f4e6bba1d\wscript.exe is infected by Win32:Patched-YH [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-setupapi_31bf3856ad364e35_6.1.7601.17514_none_9d700972113e2691\wowreg32.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\wow64_microsoft-windows-sharedaccess_31bf3856ad364e35_6.1.7600.16385_none_6b16fa9f975e1109\icsunattend.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\wow64_microsoft-windows-sidebar_31bf3856ad364e35_6.1.7601.17514_none_37575b7e71a86712\sbunattend.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-snmp-agent-service_31bf3856ad364e35_6.1.7601.17514_none_5faf9128a3432508\snmp.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\wow64_microsoft-windows-synchost_31bf3856ad364e35_6.1.7600.16385_none_cfcaa9124aa42f85\SyncHost.exe is infected by Win32:Patched-YH [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-t..etpc-mathinputpanel_31bf3856ad364e35_6.1.7601.17514_none_331c32d99bebbdac\mip.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-t..minalservicesclient_31bf3856ad364e35_6.1.7601.17514_none_b656fd566c17dc3a\mstsc.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-tabletpc-inputpanel_31bf3856ad364e35_6.1.7601.17514_none_7a09c587c282995a\TabTip32.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\wow64_microsoft-windows-tapicore_31bf3856ad364e35_6.1.7600.16385_none_4a83748394a862f9\dialer.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\wow64_microsoft-windows-tapisetup_31bf3856ad364e35_6.1.7600.16385_none_d03cc6bce93bce83\TapiUnattend.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-tzutil_31bf3856ad364e35_6.1.7601.17514_none_9cbe849a4e275c84\tzutil.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnpcont.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-virtualpc-vmsal_31bf3856ad364e35_7.1.7600.16393_none_530074a5eb4c8e58\vmsal.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\wow64_microsoft-windows-virtualpc-vmsal_31bf3856ad364e35_7.1.7601.17514_none_553e58ede83128af\vmsal.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16385_none_ce6f64032560fa6b\instnm.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7600.16385_none_ce6f64032560fa6b\setup16.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17617_none_d0a37a8f224cc731\setup16.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17625_none_d096aa0f2256b074\instnm.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.17625_none_d096aa0f2256b074\setup16.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.21728_none_d12347b83b719c43\instnm.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.21728_none_d12347b83b719c43\setup16.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.21738_none_d11877cc3b79b834\instnm.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.21738_none_d11877cc3b79b834\setup16.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.21772_none_d0e736603b9f8fee\instnm.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\wow64_microsoft-windows-wow64_31bf3856ad364e35_6.1.7601.21772_none_d0e736603b9f8fee\setup16.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchFilterHost.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchIndexer.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17514_none_dbd4d2796675bc72\SearchProtocolHost.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_dbd0d3376679543d\SearchFilterHost.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_dbd0d3376679543d\SearchIndexer.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.17610_none_dbd0d3376679543d\SearchProtocolHost.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.21720_none_dc4fa0167f9f0ff8\SearchFilterHost.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\wow64_windowssearchengine_31bf3856ad364e35_7.0.7601.21720_none_dc4fa0167f9f0ff8\SearchProtocolHost.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_ehexthost32_31bf3856ad364e35_6.1.7600.16385_none_2a78e65a954611a5\ehexthost32.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\x86_microsoft-windows-basic-misc-tools_31bf3856ad364e35_6.1.7600.16385_none_17330d9420bf24e8\expand.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.1.7601.17514_none_4f18faed6aae2509\bitsadmin.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-bootconfig_31bf3856ad364e35_6.1.7600.16385_none_0becd32d7b9ba9e5\bootcfg.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-bubbles_31bf3856ad364e35_6.1.7601.17514_none_7085b0272833ba88\Bubbles.scr is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-c..mplus-admin-comrepl_31bf3856ad364e35_6.1.7600.16385_none_e9dfd464f0c2ad1f\comrepl.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-c..plus-setup-migregdb_31bf3856ad364e35_6.1.7600.16385_none_2d26f786c50448ba\MigRegDB.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-calc_31bf3856ad364e35_6.1.7601.17514_none_abc56b2678fe1108\calc.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-certificaterequesttool_31bf3856ad364e35_6.1.7600.16385_none_67e6e9a778bbd9d5\certreq.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-certutil_31bf3856ad364e35_6.1.7600.16385_none_b55b5e1094b0283d\certutil.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\x86_microsoft-windows-charmap_31bf3856ad364e35_6.1.7600.16385_none_f230138205aebc59\charmap.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-chkdsk_31bf3856ad364e35_6.1.7600.16385_none_c1bcb003ee041301\chkdsk.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-choice_31bf3856ad364e35_6.1.7600.16385_none_c33d412fed16819c\choice.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-cipher_31bf3856ad364e35_6.1.7600.16385_none_acecd57e066c38ac\cipher.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-cleanmgr_31bf3856ad364e35_6.1.7600.16385_none_6d1a8c84bedf66a4\cleanmgr.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-clip_31bf3856ad364e35_6.1.7600.16385_none_a7b238407d550501\clip.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\x86_microsoft-windows-com-complus-setup_31bf3856ad364e35_6.1.7600.16385_none_e97e2f6c50a1c3c0\mtstocom.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-com-complus-ui_31bf3856ad364e35_6.1.7600.16385_none_b07e19d8a98c26cf\dcomcnfg.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\x86_microsoft-windows-com-surrogate_31bf3856ad364e35_6.1.7600.16385_none_43fa44d954d596e7\dllhst3g.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-diantz_31bf3856ad364e35_6.1.7600.16385_none_a69c6a8f23f521f3\diantz.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-directshow-dvdplay_31bf3856ad364e35_6.1.7600.16385_none_0184794e7b5db540\dvdplay.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\x86_microsoft-windows-directshow-dvdupgrd_31bf3856ad364e35_6.1.7600.16385_none_7d9cbcec3df8da86\dvdupgrd.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-directx-directplay8_31bf3856ad364e35_6.1.7601.17514_none_7addf2001d014646\dpnsvr.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-diskpart_31bf3856ad364e35_6.1.7601.17514_none_6adfcf45f42effcf\diskpart.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-diskraid_31bf3856ad364e35_6.1.7601.17514_none_67910dfbf63c4aae\diskraid.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\x86_microsoft-windows-displayswitch_31bf3856ad364e35_6.1.7600.16385_none_ec98071c85cf09eb\DisplaySwitch.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-dpapi-keys_31bf3856ad364e35_6.1.7600.16385_none_7da9291f2ec46948\dpapimig.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-dpiscaling_31bf3856ad364e35_6.1.7600.16385_none_7a1e2959bc43abd5\DpiScaling.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-driverquery_31bf3856ad364e35_6.1.7600.16385_none_95f92198f65d354d\driverquery.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-driververifier_31bf3856ad364e35_6.1.7600.16385_none_ba42313afe0efbbb\verifier.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-e..ageengine-utilities_31bf3856ad364e35_6.1.7600.16385_none_d96243212694b69e\esentutl.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-e..ortingcompatibility_31bf3856ad364e35_6.1.7600.16385_none_fe75fb7856d846d5\DWWIN.EXE is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-efs-rekeywiz_31bf3856ad364e35_6.1.7600.16385_none_07c100a06d2b74c6\rekeywiz.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-efs-ui_31bf3856ad364e35_6.1.7600.16385_none_f64b1e25e8ea1172\efsui.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_6.1.7601.17514_none_227e1c01642654f4\wermgr.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_720e868d9b0b6a44\WerFault.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-errorreportingfaults_31bf3856ad364e35_6.1.7601.17514_none_720e868d9b0b6a44\WerFaultSecure.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-eudcedit_31bf3856ad364e35_6.1.7601.17514_none_5b9fee911dc04044\eudcedit.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-eventcreate_31bf3856ad364e35_6.1.7600.16385_none_d53926c7a0e7716d\eventcreate.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-eventlog-commandline_31bf3856ad364e35_6.1.7600.16385_none_c0aa8bc2de239cf9\wevtutil.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-extrac32_31bf3856ad364e35_6.1.7600.16385_none_dafff0c26538f91f\extrac32.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-f..temcompareutilities_31bf3856ad364e35_6.1.7600.16385_none_009cfaa696afe78b\fc.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-filtermanager-utils_31bf3856ad364e35_6.1.7600.16385_none_1964092586ab4352\fltMC.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-findstr_31bf3856ad364e35_6.1.7601.17514_none_2936f54db7f6c08f\findstr.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\x86_microsoft-windows-fsutil_31bf3856ad364e35_6.1.7601.21680_none_cea56a936788b341\fsutil.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\x86_microsoft-windows-g..-calendar.resources_31bf3856ad364e35_6.1.7600.16385_en-us_dd95cd2390bb17bc\calendar.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..-currency.resources_31bf3856ad364e35_6.1.7600.16385_en-us_d158ae10876efd6d\currency.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2b166002b7f51771\flyout.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2b166002b7f51771\RSSFeeds.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..edsgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_2b166002b7f51771\settings.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7fddcd6a1ab604da\clock.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..ets-clock.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7fddcd6a1ab604da\settings.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d7d60ea24be809c\settings.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..howgadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6d7d60ea24be809c\slideShow.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_36bc61b12dcec80c\settings.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..s-weather.resources_31bf3856ad364e35_6.1.7600.16385_en-us_36bc61b12dcec80c\weather.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a6285ac2a45ae884\picturePuzzle.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-g..zlegadget.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a6285ac2a45ae884\settings.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-gadgets-cpu.resources_31bf3856ad364e35_6.1.7600.16385_en-us_4d6aa30008b38d10\cpu.html is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_8.0.7600.16385_none_23079f05995ee912\SetIEInstalledDate.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-i..-setieinstalleddate_31bf3856ad364e35_9.4.8112.16421_none_20f6a468db4fac99\SetIEInstalledDate.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\x86_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_8.0.7601.17514_none_1e7b93842c84c912\ConfigureIEOptionalComponents.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-i..eoptionalcomponents_31bf3856ad364e35_9.4.8112.16421_none_1a39851f718708ff\ConfigureIEOptionalComponents.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\x86_microsoft-windows-icacls_31bf3856ad364e35_6.1.7600.16385_none_328af534074dc6cc\icacls.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-ie-feedsbs_31bf3856ad364e35_8.0.7601.17514_none_190fa02cb006154d\msfeedssync.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-ie-gc-registeriepkeys_31bf3856ad364e35_8.0.7601.17514_none_44aa873ff9136c27\RegisterIEPKEYs.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-ie-iecleanup_31bf3856ad364e35_9.4.8112.16421_none_d665f7f6aed43c56\iecleanup.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\x86_microsoft-windows-ie-iediag_31bf3856ad364e35_9.4.8112.16421_none_2f5fcfbaab97b79b\iediagcmd.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\x86_microsoft-windows-ie-ielowutil_31bf3856ad364e35_8.0.7600.16385_none_2106a98149904819\ielowutil.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.7600.16385_none_7f0c7a3c17077fce\iexpress.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_8.0.7600.16385_none_7f0c7a3c17077fce\wextract.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_9.4.8112.16421_none_7cfb7f9f58f84355\iexpress.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-ie-iexpress_31bf3856ad364e35_9.4.8112.16421_none_7cfb7f9f58f84355\wextract.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\x86_microsoft-windows-ie-impexp-extexport_31bf3856ad364e35_8.0.7601.17514_none_4abf71c398c9a7d6\ExtExport.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_8.0.7601.17514_none_0a379bcfbdcffb74\PDMSetup.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-ie-pdm_31bf3856ad364e35_9.4.8112.16421_none_05f58d6b02d23b61\PDMSetup.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\x86_microsoft-windows-ie-setup-support_31bf3856ad364e35_9.4.8112.16421_none_de5057e278bf9ae3\ie4uinit.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-ieinstal_31bf3856ad364e35_9.4.8112.16421_none_011b7bdcabe8aef6\ieinstal.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\doskey.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\find.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\print.exe is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\replace.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-m..ommandlineutilities_31bf3856ad364e35_6.1.7600.16385_none_7cf343cac8a829ec\subst.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Bears.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Garden.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Green Bubbles.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Hand Prints.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Orange Circles.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Peacock.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Roses.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Shades of Blue.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Soft Blue.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7601.17514_none_f35f9773adf74c06\Stars.htm is infected by VBS:Agent-KZ [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-makecab_31bf3856ad364e35_6.1.7600.16385_none_f0a5d809ca926e4f\makecab.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-mapi_31bf3856ad364e35_6.1.7601.17514_none_ad54ab3a7801c830\fixmapi.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-mediaplayer-setup_31bf3856ad364e35_6.1.7601.17514_none_affb336d34ccf2f8\unregmp2.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\x86_microsoft-windows-migrationengine_31bf3856ad364e35_6.1.7601.17514_none_5aaf419e398215df\mighost.exe is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-openfiles_31bf3856ad364e35_6.1.7600.16385_none_e6fcbd244bb7bf74\openfiles.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-optionalfeatures_31bf3856ad364e35_6.1.7600.16385_none_663d506d4f028574\OptionalFeatures.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-osk_31bf3856ad364e35_6.1.7600.16385_none_aa93298fbb4246f2\osk.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.1.7601.17514_none_0d6fabd7def3be93\PushPrinterConnections.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_632ae4bc5d173763\diskperf.exe is infected by Win32:Virut-AMD
File E:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_632ae4bc5d173763\logman.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_632ae4bc5d173763\relog.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-p..ncetoolscommandline_31bf3856ad364e35_6.1.7601.17514_none_632ae4bc5d173763\typeperf.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-packagemanager_31bf3856ad364e35_6.1.7601.17514_none_eedf2e0751865eb2\PkgMgr.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-photoscreensaver_31bf3856ad364e35_6.1.7601.17514_none_6dd5e8c3b6b81894\PhotoScreensaver.scr is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_a907fb2af12e5dc6\PATHPING.EXE is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-ping-utilities_31bf3856ad364e35_6.1.7600.16385_none_a907fb2af12e5dc6\TRACERT.EXE is infected by Win32:Patched-XP [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.1.7601.17514_none_29ce61c2f0a740f4\proquota.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-r..-commandline-editor_31bf3856ad364e35_6.1.7600.16385_none_316a8a208c030e56\reg.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-r..eak-diagnostic-core_31bf3856ad364e35_6.1.7600.16385_none_5ae7f926deb5de01\rdrleakdiag.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.1.7600.16385_none_6f1d25ec0a04d811\rasdial.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-rasclienttools_31bf3856ad364e35_6.1.7600.16385_none_6f1d25ec0a04d811\rasphone.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-recover_31bf3856ad364e35_6.1.7600.16385_none_85e9a3f215ee94e3\recover.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\x86_microsoft-windows-regini_31bf3856ad364e35_6.1.7600.16385_none_0c2c92921b2478ef\regini.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-regsvr32_31bf3856ad364e35_6.1.7600.16385_none_782d737490d72da3\regsvr32.exe is infected by Win32:Virut-AEO
File E:\Windows\winsxs\x86_microsoft-windows-restartmanager_31bf3856ad364e35_6.1.7600.16385_none_800bbdee85723191\RmClient.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-ribbons_31bf3856ad364e35_6.1.7601.17514_none_8abc4ded863e0452\Ribbons.scr is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-robocopy_31bf3856ad364e35_6.1.7601.17514_none_c90e996c4aa655c4\Robocopy.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\x86_microsoft-windows-rpc-ping_31bf3856ad364e35_6.1.7600.16385_none_9d906433a20c1949\RpcPing.exe is infected by Win32:Patched-YH [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-runlegacycplelevated_31bf3856ad364e35_6.1.7600.16385_none_10e2654156a06b06\RunLegacyCPLElevated.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-runonce_31bf3856ad364e35_6.1.7601.17514_none_17c23e881d4a0b0b\runonce.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7600.16385_none_0935b76c289e0fd5\PkgMgr.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17514_none_0b66cb34258c936f\PkgMgr.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\PkgMgr.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_0b0e4b4025cf4049\SvcIni.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-shell-previewhost_31bf3856ad364e35_6.1.7601.21663_none_45975bf37867d112\prevhost.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-snmp-evntcmd_31bf3856ad364e35_6.1.7600.16385_none_b8db1dc46558b805\evntcmd.exe is infected by Win32:Patched-YH [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-snmp-evntwin_31bf3856ad364e35_6.1.7600.16385_none_b6a71a3466cfbde7\evntwin.exe is infected by Win32:Patched-AFV [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-sysinfo_31bf3856ad364e35_6.1.7600.16385_none_ef2b073e59e262f6\systeminfo.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-systempropertiesremote_31bf3856ad364e35_6.1.7600.16385_none_94ab98ac6d213009\SystemPropertiesRemote.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-systray_31bf3856ad364e35_6.1.7600.16385_none_f327d2f6575da8ce\systray.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-takeown_31bf3856ad364e35_6.1.7601.17514_none_fbf2cfb573e03306\takeown.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-taskkill_31bf3856ad364e35_6.1.7600.16385_none_25545528bd642170\taskkill.exe is infected by Win32:Virut-AFB
File E:\Windows\winsxs\x86_microsoft-windows-tasklist_31bf3856ad364e35_6.1.7600.16385_none_28198854bba53a00\tasklist.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-taskmgr_31bf3856ad364e35_6.1.7601.17514_none_16699919077609d2\taskmgr.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\x86_microsoft-windows-taskscheduler-engine_31bf3856ad364e35_6.1.7601.17514_none_e7b3b71a1d1c8662\taskeng.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_34ce5d95ad203bbe\ARP.EXE is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_34ce5d95ad203bbe\finger.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_34ce5d95ad203bbe\HOSTNAME.EXE is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_34ce5d95ad203bbe\MRINFO.EXE is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_34ce5d95ad203bbe\NETSTAT.EXE is infected by Win32:Virut-AGQ
File E:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_34ce5d95ad203bbe\ROUTE.EXE is infected by Win32:Virut-AKB
File E:\Windows\winsxs\x86_microsoft-windows-tcpip-utility_31bf3856ad364e35_6.1.7601.17514_none_34ce5d95ad203bbe\TCPSVCS.EXE is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-terminalservices-theme_31bf3856ad364e35_6.1.7600.16385_none_d5bc65ffdc22ec35\TSTheme.exe is infected by Win32:Virut-AKB
File E:\Windows\winsxs\x86_microsoft-windows-time-tool_31bf3856ad364e35_6.1.7601.17514_none_ef1085419a309311\w32tm.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft-windows-timeout_31bf3856ad364e35_6.1.7600.16385_none_8c3ac2e4279846be\timeout.exe is infected by Win32:Virut-AEF [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-tpm-adminsnapin_31bf3856ad364e35_6.1.7600.16385_none_77536d124094b997\TpmInit.exe is infected by Win32:Crypt-KOW [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-u..ountcontrolsettings_31bf3856ad364e35_6.1.7601.17514_none_85ac7bd736dda285\UserAccountControlSettings.exe is infected by Win32:Patched-AFR [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe is infected by Win32:Virut-AFX
File E:\Windows\winsxs\x86_microsoft-windows-utilman_31bf3856ad364e35_6.1.7600.16385_none_028006129290e443\Utilman.exe is infected by Win32:Patched-AFY [Trj]
File E:\Windows\winsxs\x86_microsoft-windows-winhstb_31bf3856ad364e35_6.1.7600.16385_none_28dc647c6aba6742\winhlp32.exe is infected by Win32:Virut-AGW
File E:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8\msvcr80.dll is infected by Win32:Ramnit-E
File E:\Windows\winsxs\x86_msbuild_b03f5f7f11d50a3a_6.1.7601.17514_none_558f74866ddb8017\MSBuild.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\x86_regasm_b03f5f7f11d50a3a_6.1.7601.17514_none_eb70808bd228319e\RegAsm.exe is infected by Win32:Virtu-A
File E:\Windows\winsxs\x86_regsvcs_b03f5f7f11d50a3a_6.1.7601.17514_none_be8bab32249b2a4e\RegSvcs.exe is infected by Win32:Virtu-A
File E:\Windows\_MSRSTRT.EXE is infected by Win32:Patched-AFV [Trj]
Number of searched folders: 46257
Number of tested files: 1528956
Number of infected files: 1505

Edited by roadran, 10 March 2012 - 05:12 PM.

  • 0

#8
RKinner
Posted 10 March 2012 - 05:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The Avast log is scary. Both Ramnit and Virut showing. I would run the boot-time scan again and see if you can get it to come up clean.
  • 0

#9
roadran
Posted 10 March 2012 - 07:10 PM

roadran

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Well there is only the old log file, but in the UI there is a new log... I see "VBS:Agent-KZ" and "Win32:Sality" a few "Win32:Injected-BA"
  • 0

#10
RKinner
Posted 10 March 2012 - 07:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If it is still finding stuff then you are still infected. You can try it again. I had one guy had to run it three times to get clean.

Also you might want to try
the AVG Rescue Disk.
http://www.geekstogo...ystem-tutorial/

Best to make it on a friend's clean computer but if that is not a possibility then make it on yours.
  • 0

Advertisements

#11
roadran
Posted 10 March 2012 - 09:24 PM

roadran

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
I ran avast boot scans 4 times, now there is nothing.
  • 0

#12
roadran
Posted 10 March 2012 - 09:29 PM

roadran

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
NO! Sality on my USB Flashdrive it took FOREVER to install of these apps. There has be a way to de-infect them.

(Running Kaspersky Sality Cure for USB, seems to be doing it... I'll let edit this when it's done to say the results)

Edited by roadran, 10 March 2012 - 09:48 PM.

  • 0

#13
roadran
Posted 10 March 2012 - 10:22 PM

roadran

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
Most were cured but there are still 3 files left that aren't cured... pxcay.exe keeps regenerating and is the Win32:StubOfSality [Trj]

Eject.exe and Skype.exe (Both for Skype Portable) have Win32:Sality
  • 0

#14
RKinner
Posted 10 March 2012 - 10:29 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Have you let Avast scan the drive?
  • 0

#15
roadran
Posted 11 March 2012 - 06:04 AM

roadran

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 142 posts
After running it again it seems to have deleted all of it. (I'm running AVAST, MBAM, SuperAntiSpyware, and Spybot if you need logs please ask)

Edited by roadran, 11 March 2012 - 08:08 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP