Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer probably infected... random processes and warnings [Solved]

Started by Pawanhammers , Mar 22 2012 03:44 PM

  • This topic is locked This topic is locked

#1
Pawanhammers
Posted 22 March 2012 - 03:44 PM

Pawanhammers

    Member

  • Member
  • PipPipPip
  • 248 posts
Hi... Recently i've been getting loads of notifs from my antivirus ( microsoft security essentials ), that i have a virus, i click remove but alot of them keep on coming back, not sure if there the same.

Also, a few weird things in task mananager, for example it says Office.exe and microsoft office.exe when MS Office isn't even running, and a few more processes too. Need ya'll help
  • 0

Advertisements

#2
Essexboy
Posted 24 March 2012 - 09:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there :wave:

OK lets see what you have


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Pawanhammers
Posted 24 March 2012 - 11:41 AM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts

Hi there :wave:

OK lets see what you have


Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image


Thanks for replying essexboy, you are always first when I have a problem. Here is the otl.txt log#:

OTL logfile created on: 24/03/2012 17:18:59 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 44.22% Memory free
2.98 Gb Paging File | 2.37 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 21.62 Gb Free Space | 58.03% Space Free | Partition Type: NTFS
Drive E: | 29.77 Gb Total Space | 25.80 Gb Free Space | 86.68% Space Free | Partition Type: FAT32
Drive F: | 268.28 Gb Total Space | 161.88 Gb Free Space | 60.34% Space Free | Partition Type: NTFS

Computer Name: PSD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/24 17:17:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/03/12 20:55:59 | 000,742,264 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/03/10 09:21:44 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/02/27 14:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/02/07 23:11:44 | 000,451,856 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/02/07 23:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/06/12 21:00:42 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 15:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 14:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 09:21:42 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll
MOD - [2012/03/10 09:21:41 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
MOD - [2012/03/10 09:20:17 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\avutil-51.dll
MOD - [2012/03/10 09:20:16 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\avformat-53.dll
MOD - [2012/03/10 09:20:15 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
MOD - [2012/03/10 05:56:11 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
MOD - [2011/08/07 14:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2010/01/21 01:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 20:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/04/03 16:32:10 | 000,110,592 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2008/04/14 04:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/15 01:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/07 23:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2003/04/04 14:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/07 23:11:42 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/06/22 09:31:08 | 000,589,312 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2005/05/27 09:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 09:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/04/04 15:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1292428093-1383384898-842925246-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/12 21:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/12 18:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/03/21 18:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c1ndcu8q.default\extensions
[2012/03/12 20:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 20:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C1NDCU8Q.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C1NDCU8Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/12 20:55:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/16 14:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 11:08:43 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 10:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 11:08:43 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 11:08:43 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 11:08:43 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AutoReloader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahijjacooaofacadpjbfbmgekilcpjhj\1.9.6_0\
CHR - Extension: TimelineRemove = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.7.1_0\

O1 HOSTS File: ([2001/08/18 12:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\S-1-5-21-1292428093-1383384898-842925246-500..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1292428093-1383384898-842925246-500..\Run: [Office Update] C:\Documents and Settings\Administrator\Application Data\Office Update.exe ()
O4 - HKU\S-1-5-21-1292428093-1383384898-842925246-500..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - HKU\S-1-5-21-1292428093-1383384898-842925246-500..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FirewallUpdate.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MicrosoftUpdate.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Office Update.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-1383384898-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB53C317-01FF-4A4C-AAAA-43C8B8B20D9D}: DhcpNameServer = 192.168.5.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/12 18:06:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/07/15 21:34:52 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/24 17:17:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/24 11:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/03/22 21:04:05 | 001,177,600 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/03/22 21:04:05 | 000,264,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/03/22 21:04:05 | 000,264,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2012/03/22 21:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenSSL
[2012/03/22 21:03:59 | 000,000,000 | ---D | C] -- C:\OpenSSL-Win32
[2012/03/22 21:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Infinity
[2012/03/22 20:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dclogs
[2012/03/19 21:13:01 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Application Data\1.1.1.1.exe
[2012/03/19 16:11:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/03/18 15:12:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/03/18 15:12:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/03/18 15:12:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/03/18 15:10:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/18 15:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/03/18 15:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Net Tools
[2012/03/18 15:01:43 | 000,077,824 | ---- | C] (JVSoftware) -- C:\WINDOWS\System32\nmapwin.exe
[2012/03/18 15:01:34 | 000,114,688 | ---- | C] (Open Source Telecom) -- C:\WINDOWS\System32\CCGNU32.dll
[2012/03/18 15:01:18 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2012/03/18 15:01:13 | 000,939,224 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2012/03/18 15:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Net Tools
[2012/03/18 13:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2012/03/18 13:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/03/18 13:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/03/18 10:47:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/03/18 10:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/03/17 22:42:41 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/03/17 22:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2012/03/17 22:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/03/16 17:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WPRV3.58
[2012/03/16 17:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\wordpress
[2012/03/16 16:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Logitech-LS
[2012/03/15 21:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2012/03/15 21:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/03/15 21:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/03/15 21:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/03/15 21:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/03/15 21:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/03/15 21:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/03/15 21:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/03/15 21:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/03/15 21:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/03/15 21:48:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/03/15 21:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012/03/15 21:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/15 21:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/03/15 21:46:48 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/03/15 21:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2012/03/15 21:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
[2012/03/15 21:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/03/15 18:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\mIRC
[2012/03/15 18:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2012/03/15 17:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2012/03/15 16:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\X-Chat 2
[2012/03/14 21:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/03/14 21:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/03/14 21:30:11 | 000,029,795 | ---- | C] (Ingenient Technologies, Inc.) -- C:\WINDOWS\System32\ITIG726.acm
[2012/03/14 21:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/03/14 21:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Messenger Plus!
[2012/03/14 21:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/03/14 21:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2012/03/14 17:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2012/03/14 17:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012/03/14 17:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WiiBackUpManager
[2012/03/13 17:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2012/03/13 17:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing
[2012/03/13 16:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2012/03/12 22:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/03/12 21:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/03/12 21:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/12 21:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/03/12 21:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/12 21:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/12 21:26:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/12 21:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/12 21:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/03/12 21:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/03/12 21:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/12 21:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\jdk1.7.0_02_combo
[2012/03/12 21:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/03/12 21:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Paint.NET
[2012/03/12 21:17:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/03/12 21:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/03/12 21:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/03/12 21:15:23 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/03/12 21:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/03/12 21:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/03/12 21:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/03/12 21:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/03/12 21:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2012/03/12 21:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2012/03/12 21:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/03/12 21:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/03/12 21:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/12 21:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/03/12 21:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/03/12 21:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2012/03/12 21:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/03/12 21:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2012/03/12 21:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2012/03/12 21:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/03/12 21:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/03/12 20:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2012/03/12 20:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Spotify
[2012/03/12 20:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Spotify
[2012/03/12 20:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/03/12 20:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2012/03/12 20:57:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/12 20:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2012/03/12 20:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2012/03/12 20:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012/03/12 20:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/03/12 20:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/03/12 20:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/03/12 20:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/03/12 20:55:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/03/12 20:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/03/12 20:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/12 20:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/03/12 20:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/03/12 20:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/03/12 20:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/03/12 20:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/03/12 20:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/03/12 20:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/03/12 20:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Palringo
[2012/03/12 20:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Palringo
[2012/03/12 20:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/03/12 20:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/03/12 20:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2012/03/12 20:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2012/03/12 20:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/12 20:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/12 18:45:52 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/03/12 18:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/03/12 18:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/03/12 18:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/03/12 18:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/03/12 18:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/12 18:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012/03/12 18:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/12 18:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/03/12 18:27:34 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/03/12 18:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/03/12 18:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/03/12 18:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/03/12 18:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/03/12 18:17:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2012/03/12 18:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
[2012/03/12 18:13:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/03/12 18:13:44 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\System32\RtlUI2.exe
[2012/03/12 18:13:44 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\RtlUI2.exe
[2012/03/12 18:13:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina
[2012/03/12 18:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK
[2012/03/12 18:13:35 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/03/12 18:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/03/12 18:12:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/03/12 18:12:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/03/12 18:12:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/03/12 18:11:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/03/12 18:11:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/03/12 18:11:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/03/12 18:11:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/03/12 18:11:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/03/12 18:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/03/12 18:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/03/12 18:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/03/12 18:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/03/12 18:11:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/03/12 18:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/03/12 18:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/03/12 18:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/03/12 18:11:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/03/12 18:11:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/03/12 18:11:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/03/12 18:11:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/03/12 18:11:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/03/12 18:11:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/03/12 18:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/03/12 18:10:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/03/12 18:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/03/12 18:08:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/03/12 18:08:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/03/12 18:08:36 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/03/12 18:07:23 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/03/12 18:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/03/12 18:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/03/12 18:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/03/12 18:06:32 | 000,000,000 | ---D | C] -- C:\DELL
[2012/03/12 18:05:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/03/12 18:05:03 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/03/12 18:05:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/03/12 18:04:49 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/03/12 18:04:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/03/12 18:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/03/12 18:03:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/03/12 18:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/03/12 18:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/03/12 18:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/03/12 18:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/03/12 18:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/03/12 18:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/03/12 18:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/03/12 18:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/03/12 18:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/03/12 18:02:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/03/12 18:02:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/03/12 18:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/03/12 18:01:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/03/12 18:01:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/03/12 18:01:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/03/12 18:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/03/12 18:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/03/12 18:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/03/12 18:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/03/12 18:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/03/12 18:00:29 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/03/12 18:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/03/12 18:00:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/03/12 18:00:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/03/12 18:00:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/03/12 18:00:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/03/12 17:59:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/03/12 17:24:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/03/12 17:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/03/12 17:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/03/12 17:24:20 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/03/12 17:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/03/12 17:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/03/12 17:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/03/12 17:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/03/12 17:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/03/12 17:23:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/03/12 17:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/03/12 17:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/03/12 17:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/03/12 17:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/03/12 17:23:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/03/12 17:23:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/03/12 17:22:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/03/12 17:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/03/12 17:15:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/03/12 17:15:51 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/03/12 17:15:51 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/03/12 17:15:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/03/12 17:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/24 17:17:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/24 17:09:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500UA.job
[2012/03/24 16:29:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/24 16:24:58 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Office Update1.exe
[2012/03/24 16:24:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/24 11:45:51 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2012/03/24 11:17:05 | 000,021,277 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sony-Playstation.jpg
[2012/03/24 10:02:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/24 09:57:57 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\MicrosoftUpdate1.exe
[2012/03/23 23:46:05 | 985,071,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MathsWatch High.iso
[2012/03/23 21:09:01 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500Core.job
[2012/03/22 20:37:45 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\bs1.2crypted1.exe
[2012/03/22 20:37:33 | 000,538,112 | -H-- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Office Update.exe
[2012/03/22 20:37:33 | 000,538,112 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Office Update.exe
[2012/03/22 20:37:33 | 000,538,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\bs1.2crypted.exe
[2012/03/22 20:36:15 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\rundll321.exe
[2012/03/22 20:35:51 | 000,924,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\rundll32.exe
[2012/03/22 20:35:51 | 000,924,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MicrosoftUpdate.exe
[2012/03/20 22:21:46 | 000,435,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/20 22:21:46 | 000,068,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/20 15:59:27 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\FirewallUpdate1.exe
[2012/03/19 22:26:48 | 000,006,727 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Windows Firewall
[2012/03/19 21:24:01 | 000,001,768 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/19 21:13:11 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Administratorbs1.1.1.1crypt1.exe
[2012/03/19 21:12:45 | 000,543,744 | -H-- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FirewallUpdate.exe
[2012/03/19 21:12:45 | 000,543,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\FirewallUpdate.exe
[2012/03/19 21:12:45 | 000,543,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Administratorbs1.1.1.1crypt.exe
[2012/03/19 17:32:57 | 000,018,449 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\420634_10150688371849564_507899563_9007300_314980238_n.jpg
[2012/03/19 16:11:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 16:11:26 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 15:14:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 15:02:54 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NetTools.lnk
[2012/03/18 13:55:35 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/03/18 13:55:35 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/03/18 10:32:36 | 000,057,028 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/17 22:38:44 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/03/17 22:38:44 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/03/15 21:15:55 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2012/03/15 18:24:03 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/03/14 22:13:44 | 000,264,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/03/14 22:13:44 | 000,264,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2012/03/14 22:13:30 | 001,177,600 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/03/14 21:31:33 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2012/03/14 21:31:33 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Logitech Pictures.lnk
[2012/03/14 17:16:56 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JDownloader.lnk
[2012/03/14 16:45:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 22:38:20 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/03/13 22:38:20 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/12 21:28:01 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/12 21:27:30 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2012/03/12 21:27:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/12 21:26:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 21:19:46 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/03/12 21:08:35 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/03/12 21:08:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/12 21:06:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/12 21:03:15 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2012/03/12 21:01:07 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/03/12 20:59:21 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 20:58:35 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spotify.lnk
[2012/03/12 20:57:41 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/03/12 20:57:40 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/03/12 20:57:36 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/03/12 20:56:05 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinSCP.lnk
[2012/03/12 20:55:59 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/12 20:51:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/12 18:28:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 18:28:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/12 18:27:35 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/12 18:18:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/03/12 18:14:22 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 18:14:22 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 18:14:17 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/03/12 18:12:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/12 18:11:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/03/12 18:09:21 | 000,000,690 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/03/12 18:06:21 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/12 18:06:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/12 18:06:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/03/12 18:06:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/03/12 18:06:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/03/12 18:06:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/03/12 18:06:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/12 18:06:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/03/12 18:06:04 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/12 18:02:10 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/12 17:58:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/03/12 17:24:32 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/24 11:17:07 | 000,021,277 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sony-Playstation.jpg
[2012/03/23 17:24:14 | 985,071,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MathsWatch High.iso
[2012/03/23 15:37:45 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Office Update1.exe
[2012/03/23 15:37:45 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\MicrosoftUpdate1.exe
[2012/03/22 20:37:46 | 000,538,112 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Office Update.exe
[2012/03/22 20:37:46 | 000,538,112 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Office Update.exe
[2012/03/22 20:37:44 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\bs1.2crypted1.exe
[2012/03/22 20:37:42 | 000,538,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\bs1.2crypted.exe
[2012/03/22 20:36:16 | 000,924,160 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MicrosoftUpdate.exe
[2012/03/22 20:36:14 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\rundll321.exe
[2012/03/22 20:35:40 | 000,924,160 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\rundll32.exe
[2012/03/20 15:59:27 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\FirewallUpdate1.exe
[2012/03/20 15:59:24 | 000,543,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\FirewallUpdate.exe
[2012/03/19 21:13:33 | 000,006,727 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Windows Firewall
[2012/03/19 21:13:11 | 000,543,744 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FirewallUpdate.exe
[2012/03/19 21:13:10 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Administratorbs1.1.1.1crypt1.exe
[2012/03/19 21:13:05 | 000,543,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Administratorbs1.1.1.1crypt.exe
[2012/03/19 17:33:03 | 000,018,449 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\420634_10150688371849564_507899563_9007300_314980238_n.jpg
[2012/03/19 16:11:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 16:11:26 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 15:12:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 15:02:54 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NetTools.lnk
[2012/03/18 15:01:43 | 000,809,345 | ---- | C] () -- C:\WINDOWS\System32\nmap-os-fingerprints
[2012/03/18 15:01:43 | 000,557,444 | ---- | C] () -- C:\WINDOWS\System32\nmap-service-probes
[2012/03/18 15:01:43 | 000,482,123 | ---- | C] () -- C:\WINDOWS\System32\nmapwin.chm
[2012/03/18 15:01:43 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nmapserv.exe
[2012/03/18 15:01:43 | 000,225,546 | ---- | C] () -- C:\WINDOWS\System32\nmap-mac-prefixes
[2012/03/18 15:01:43 | 000,108,536 | ---- | C] () -- C:\WINDOWS\System32\nmap-services
[2012/03/18 15:01:43 | 000,021,552 | ---- | C] () -- C:\WINDOWS\System32\nmap.xsl
[2012/03/18 15:01:43 | 000,017,955 | ---- | C] () -- C:\WINDOWS\System32\nmap-rpc
[2012/03/18 15:01:43 | 000,006,318 | ---- | C] () -- C:\WINDOWS\System32\nmap-protocols
[2012/03/18 15:01:43 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\nmap_performance.reg
[2012/03/18 15:01:42 | 000,452,096 | ---- | C] () -- C:\WINDOWS\System32\nmap.exe
[2012/03/18 15:01:42 | 000,192,007 | ---- | C] () -- C:\WINDOWS\System32\CHANGELOG
[2012/03/18 15:01:42 | 000,025,611 | ---- | C] () -- C:\WINDOWS\System32\COPYING
[2012/03/18 15:01:13 | 000,010,348 | ---- | C] () -- C:\WINDOWS\System32\SubclassingSink.tlb
[2012/03/18 13:55:35 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/03/18 13:55:35 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/03/18 13:55:35 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/03/18 10:32:36 | 000,057,028 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/18 10:11:43 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2012/03/17 22:39:55 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/03/17 22:39:55 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/03/17 22:39:52 | 000,001,768 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/15 21:15:55 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2012/03/15 18:24:03 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/03/14 21:31:33 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2012/03/14 21:31:33 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Logitech Pictures.lnk
[2012/03/14 21:30:49 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2012/03/14 21:30:38 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/03/14 17:16:56 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JDownloader.lnk
[2012/03/14 17:16:48 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2012/03/14 17:16:48 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/03/14 17:16:47 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2012/03/14 16:19:54 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 22:38:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/13 17:48:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/12 21:32:53 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/12 21:28:03 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2012/03/12 21:28:01 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/12 21:27:30 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/12 21:26:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 21:19:46 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk
[2012/03/12 21:19:46 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/03/12 21:18:01 | 000,065,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/12 21:08:35 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/03/12 21:08:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/12 21:07:55 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/12 21:06:48 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/12 21:06:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/12 21:03:17 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2012/03/12 21:01:07 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/03/12 20:59:21 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 20:59:21 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 20:58:35 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Spotify.lnk
[2012/03/12 20:58:35 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spotify.lnk
[2012/03/12 20:57:40 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/03/12 20:57:40 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/03/12 20:57:36 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/03/12 20:56:07 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinSCP.lnk
[2012/03/12 20:56:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2012/03/12 20:55:59 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/12 20:52:36 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500UA.job
[2012/03/12 20:52:35 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500Core.job
[2012/03/12 20:52:32 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/03/12 20:51:59 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/12 18:28:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 18:28:43 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 18:28:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/12 18:27:35 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/12 18:18:12 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/03/12 18:14:22 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 18:14:22 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 18:14:13 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/03/12 18:13:37 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/03/12 18:12:19 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/12 18:12:10 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/03/12 18:12:06 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/03/12 18:11:54 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2012/03/12 18:11:53 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2012/03/12 18:11:45 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2012/03/12 18:11:44 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2012/03/12 18:11:31 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/03/12 18:11:31 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/03/12 18:11:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/03/12 18:09:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/12 18:08:30 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/03/12 18:08:11 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/03/12 18:08:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/03/12 18:08:03 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/03/12 18:08:01 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/03/12 18:07:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/03/12 18:07:41 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/03/12 18:07:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/03/12 18:07:26 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/03/12 18:06:21 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/12 18:06:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/03/12 18:06:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/03/12 18:06:21 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/03/12 18:06:21 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/03/12 18:06:17 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/12 18:06:17 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/03/12 18:06:15 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/03/12 18:04:48 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/03/12 18:04:32 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/03/12 18:04:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/03/12 18:04:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/03/12 18:04:05 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/03/12 18:03:12 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/03/12 18:02:11 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/03/12 18:02:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/12 18:01:37 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/03/12 18:01:05 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/03/12 18:01:05 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/03/12 18:01:05 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/03/12 18:01:04 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/03/12 18:01:04 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/03/12 18:01:04 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/03/12 18:01:04 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/03/12 18:01:04 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/03/12 18:01:04 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/03/12 18:01:04 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/03/12 18:01:03 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/03/12 18:01:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/03/12 18:01:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/03/12 18:00:58 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/03/12 18:00:51 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2012/03/12 17:24:32 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012/03/12 17:24:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/12 17:24:23 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/03/12 17:24:23 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/03/12 17:24:22 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/03/12 17:24:21 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/03/12 17:23:55 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/03/12 17:23:41 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/03/12 17:23:41 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/03/12 17:23:41 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/03/12 17:23:41 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/03/12 17:23:41 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/03/12 17:23:41 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/03/12 17:23:41 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/03/12 17:23:41 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/03/12 17:23:41 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/03/12 17:23:40 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/03/12 17:23:40 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/03/12 17:23:40 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/03/12 17:23:40 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/03/12 17:23:40 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/03/12 17:23:40 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/03/12 17:23:40 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/03/12 17:23:40 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/03/12 17:23:39 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/03/12 17:23:39 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/03/12 17:22:19 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2012/03/12 17:22:13 | 000,000,690 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2012/03/24 09:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dclogs
[2012/03/18 13:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/03/12 21:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/03/12 20:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spotify
[2012/03/12 19:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/03/19 20:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2012/03/24 17:23:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/03/15 16:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\X-Chat 2
[2012/03/14 21:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/03/24 16:29:33 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/14 04:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/31 13:14:48 | 000,182,856 | ---- | M] () MD5=A7E3170829C96C576ED08550902EA308 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/14 04:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/31 13:14:48 | 000,182,856 | ---- | M] () MD5=A7E3170829C96C576ED08550902EA308 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 04:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: PSD
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 37 GB Healthy System
Volume 2 F PAWAN STORA NTFS Partition 268 GB Healthy
Volume 3 E PAWAN FAT32 FAT32 Partition 30 GB Healthy

< End of report >

Here is the extras.txt log:

OTL Extras logfile created on: 24/03/2012 17:18:59 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 44.22% Memory free
2.98 Gb Paging File | 2.37 Gb Available in Paging File | 79.33% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 21.62 Gb Free Space | 58.03% Space Free | Partition Type: NTFS
Drive E: | 29.77 Gb Total Space | 25.80 Gb Free Space | 86.68% Space Free | Partition Type: FAT32
Drive F: | 268.28 Gb Total Space | 161.88 Gb Free Space | 60.34% Space Free | Partition Type: NTFS

Computer Name: PSD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1292428093-1383384898-842925246-500\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1542:TCP" = 1542:TCP:*:Enabled:Realtek WPS TCP Prot
"1542:UDP" = 1542:UDP:*:Enabled:Realtek WPS UDP Prot
"53:UDP" = 53:UDP:*:Enabled:Realtek AP UDP Prot

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe" = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe:*:Enabled:RtWlan -- (Realtek Semiconductor Corp.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Oracle Corporation)
"C:\Program Files\xchat\xchat.exe" = C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\Administrator\Desktop\PatchBlocker.exe" = C:\Documents and Settings\Administrator\Desktop\PatchBlocker.exe:*:Enabled:WindowsFormsApplication1 -- (Microsoft)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Net Tools\nettools5.exe" = C:\Program Files\Net Tools\nettools5.exe:*:Enabled:Net Tools by Mohammad Ahmadi Bidakhvidi -- (Mohammad Ahmadi Bidakhvidi)
"C:\Documents and Settings\Administrator\Application Data\1.1.1.1.exe" = C:\Documents and Settings\Administrator\Application Data\1.1.1.1.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Temp\plugtemp\Firewall.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\plugtemp\Firewall.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.2.exe" = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\1.2.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)
"C:\Documents and Settings\Administrator\Local Settings\Temp\plugtemp\Office.exe" = C:\Documents and Settings\Administrator\Local Settings\Temp\plugtemp\Office.exe:*:Enabled:Windows Messanger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1111706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2222706F-666A-4037-7777-202328764D10}" = JavaFX 2.0.2 SDK
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217002FF}" = Java™ 7 Update 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java™ SE Development Kit 7 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C049499-055C-4a0c-A916-1D8CA1FF45EB}" = REALTEK 11n USB Wireless LAN Driver and Utility
"{A08BAD08-9AA3-410F-98F3-C92C8EE37218}" = Safari
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"CCleaner" = CCleaner
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"mIRC" = mIRC
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"NetTools_is1" = NetTools 5.0
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenSSL Light (32-bit)_is1" = OpenSSL 1.0.1 Light (32-bit)
"Opera 11.61.1250" = Opera 11.61
"Palringo" = Palringo
"QcDrv" = Logitech® Camera Driver
"Sandboxie" = Sandboxie 3.64 (32-bit)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.0
"WinPcapInst" = WinPcap 3.0
"winscp3_is1" = WinSCP 4.3.7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1292428093-1383384898-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/03/2012 17:27:50 | Computer Name = PSD | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8402.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 13/03/2012 12:43:40 | Computer Name = PSD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 13/03/2012 13:06:42 | Computer Name = PSD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 13/03/2012 13:06:42 | Computer Name = PSD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 13/03/2012 13:06:42 | Computer Name = PSD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 13/03/2012 13:06:42 | Computer Name = PSD | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 13/03/2012 18:38:34 | Computer Name = PSD | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 17.0.963.79, faulting module
chrome.dll, version 17.0.963.79, fault address 0x000a9245.

Error - 22/03/2012 16:56:35 | Computer Name = PSD | Source = Application Error | ID = 1000
Description = Faulting application psn_infinity_v2.exe, version 0.0.0.0, faulting
module psn_infinity_v2.exe, version 0.0.0.0, fault address 0x0000c125.

Error - 23/03/2012 11:49:29 | Computer Name = PSD | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.8202.0, P3 1.123.62.0, P4 1.123.62.0, P5 backdoor_win32_fynloski.a, P6 NIL,
P7 NIL, P8 NIL, P9 NIL, P10 NIL.

Error - 23/03/2012 11:49:30 | Computer Name = PSD | Source = MPSampleSubmission | ID = 5000
Description = EventType avsubmit, P1 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P2 1.1.8202.0, P3 1.123.62.0, P4 1.123.62.0, P5 worm_win32_ainslot.a, P6 NIL, P7
NIL, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 12/03/2012 17:02:46 | Computer Name = PSD | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/03/2012 17:02:46 | Computer Name = PSD | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 12/03/2012 17:02:46 | Computer Name = PSD | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\Installer\MSI18E.tmp.
Reference
error message: The operation completed successfully. .

Error - 12/03/2012 17:02:48 | Computer Name = PSD | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC80.CRT could not be found and Last
Error was The referenced assembly is not installed on your system.

Error - 12/03/2012 17:02:48 | Computer Name = PSD | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error
message: The referenced assembly is not installed on your system. .

Error - 12/03/2012 17:02:48 | Computer Name = PSD | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\WINDOWS\Installer\MSI191.tmp.
Reference
error message: The operation completed successfully. .

Error - 21/03/2012 14:30:50 | Computer Name = PSD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\D, has a bad block.


< End of report >

The other program didn't work. Well when I clicked run scan, after 30 seconds it would crash and come up with a don't send thingy.
  • 0

#4
Essexboy
Posted 24 March 2012 - 12:45 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK once the OTL fix has run could you retry aswMBR please

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FirewallUpdate.exe ()
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MicrosoftUpdate.exe ()
    O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Office Update.exe ()
    [2012/03/19 21:13:01 | 001,172,472 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\Application Data\1.1.1.1.exe
    [2012/03/24 16:24:58 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Office Update1.exe
    [2012/03/24 09:57:57 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\MicrosoftUpdate1.exe
    [2012/03/22 20:37:45 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\bs1.2crypted1.exe
    [2012/03/22 20:37:33 | 000,538,112 | -H-- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Office Update.exe
    [2012/03/22 20:37:33 | 000,538,112 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\Office Update.exe
    [2012/03/22 20:37:33 | 000,538,112 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\bs1.2crypted.exe
    [2012/03/22 20:36:15 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\rundll321.exe
    [2012/03/22 20:35:51 | 000,924,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\Application Data\rundll32.exe
    [2012/03/22 20:35:51 | 000,924,160 | -H-- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MicrosoftUpdate.exe
    [2012/03/20 15:59:27 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\FirewallUpdate1.exe
    [2012/03/19 22:26:48 | 000,006,727 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Windows Firewall
    [2012/03/19 21:13:11 | 000,006,656 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Administratorbs1.1.1.1crypt1.exe
    [2012/03/19 21:12:45 | 000,543,744 | -H-- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FirewallUpdate.exe
    [2012/03/19 21:12:45 | 000,543,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\FirewallUpdate.exe
    [2012/03/19 21:12:45 | 000,543,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Administratorbs1.1.1.1crypt.exe
    [2012/03/23 15:37:45 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Office Update1.exe
    [2012/03/23 15:37:45 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\MicrosoftUpdate1.exe
    [2012/03/22 20:37:46 | 000,538,112 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Office Update.exe
    [2012/03/22 20:37:46 | 000,538,112 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\Office Update.exe
    [2012/03/22 20:37:44 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\bs1.2crypted1.exe
    [2012/03/22 20:37:42 | 000,538,112 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\bs1.2crypted.exe
    [2012/03/22 20:36:16 | 000,924,160 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MicrosoftUpdate.exe
    [2012/03/22 20:36:14 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\rundll321.exe
    [2012/03/22 20:35:40 | 000,924,160 | -H-- | C] () -- C:\Documents and Settings\Administrator\Application Data\rundll32.exe
    [2012/03/20 15:59:27 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\FirewallUpdate1.exe
    [2012/03/20 15:59:24 | 000,543,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\FirewallUpdate.exe
    [2012/03/19 21:13:33 | 000,006,727 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Windows Firewall
    [2012/03/19 21:13:11 | 000,543,744 | -H-- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FirewallUpdate.exe
    [2012/03/19 21:13:10 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Administratorbs1.1.1.1crypt1.exe
    [2012/03/19 21:13:05 | 000,543,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Administratorbs1.1.1.1crypt.exe

    :Files
    ipconfig /flushdns /c

    :Commands
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#5
Pawanhammers
Posted 25 March 2012 - 04:24 AM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
Okay so: I've done the fix on OTL, and I will now post the Quick Scan I done after I done the fix on OTL:


OTL logfile created on: 25/03/2012 10:56:14 - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.81 Gb Available Physical Memory | 64.89% Memory free
2.98 Gb Paging File | 2.70 Gb Available in Paging File | 90.66% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.40 Gb Free Space | 54.75% Space Free | Partition Type: NTFS
Drive E: | 29.77 Gb Total Space | 25.80 Gb Free Space | 86.68% Space Free | Partition Type: FAT32
Drive F: | 268.28 Gb Total Space | 161.88 Gb Free Space | 60.34% Space Free | Partition Type: NTFS

Computer Name: PSD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/24 18:17:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/02/27 15:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/02/08 00:11:44 | 000,451,856 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/02/08 00:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/01/03 14:10:46 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/06/12 22:00:42 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/07 15:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/04/03 17:32:10 | 000,110,592 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2007/12/15 02:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Running] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/08 00:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2003/04/04 15:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/08 00:11:42 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/06/22 10:31:08 | 000,589,312 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2005/05/27 10:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 10:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/04/04 16:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/12 22:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/12 19:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/03/21 19:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c1ndcu8q.default\extensions
[2012/03/12 21:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 21:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C1NDCU8Q.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C1NDCU8Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/12 21:55:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/16 15:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 12:08:43 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 12:08:43 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 12:08:43 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 12:08:43 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AutoReloader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahijjacooaofacadpjbfbmgekilcpjhj\1.9.6_0\
CHR - Extension: TimelineRemove = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.7.1_0\

O1 HOSTS File: ([2001/08/18 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Office Update] C:\Documents and Settings\Administrator\Application Data\Office Update.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB53C317-01FF-4A4C-AAAA-43C8B8B20D9D}: DhcpNameServer = 192.168.5.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/12 19:06:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/07/15 22:34:52 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/25 10:53:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/25 10:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/03/25 01:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MathsWatch
[2012/03/24 18:25:17 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/03/24 18:17:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/24 12:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/03/22 22:04:05 | 001,177,600 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/03/22 22:04:05 | 000,264,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/03/22 22:04:05 | 000,264,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2012/03/22 22:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenSSL
[2012/03/22 22:03:59 | 000,000,000 | ---D | C] -- C:\OpenSSL-Win32
[2012/03/22 22:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Infinity
[2012/03/22 21:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dclogs
[2012/03/19 17:11:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/03/18 16:12:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/03/18 16:12:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/03/18 16:12:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/03/18 16:10:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/18 16:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/03/18 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Net Tools
[2012/03/18 16:01:43 | 000,077,824 | ---- | C] (JVSoftware) -- C:\WINDOWS\System32\nmapwin.exe
[2012/03/18 16:01:34 | 000,114,688 | ---- | C] (Open Source Telecom) -- C:\WINDOWS\System32\CCGNU32.dll
[2012/03/18 16:01:18 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2012/03/18 16:01:13 | 000,939,224 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2012/03/18 16:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Net Tools
[2012/03/18 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2012/03/18 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/03/18 14:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/03/18 11:47:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/03/18 11:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/03/17 23:42:41 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/03/17 23:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2012/03/17 23:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/03/16 18:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WPRV3.58
[2012/03/16 18:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\wordpress
[2012/03/16 17:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Logitech-LS
[2012/03/15 22:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2012/03/15 22:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/03/15 22:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/03/15 22:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/03/15 22:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/03/15 22:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/03/15 22:48:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/03/15 22:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012/03/15 22:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/15 22:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/03/15 22:46:48 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/03/15 22:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2012/03/15 22:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
[2012/03/15 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/03/15 19:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\mIRC
[2012/03/15 19:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2012/03/15 18:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2012/03/15 17:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\X-Chat 2
[2012/03/14 22:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/03/14 22:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/03/14 22:30:11 | 000,029,795 | ---- | C] (Ingenient Technologies, Inc.) -- C:\WINDOWS\System32\ITIG726.acm
[2012/03/14 22:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/03/14 22:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Messenger Plus!
[2012/03/14 22:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/03/14 22:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2012/03/14 18:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2012/03/14 18:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012/03/14 18:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WiiBackUpManager
[2012/03/13 18:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2012/03/13 18:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing
[2012/03/13 17:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2012/03/12 23:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/03/12 22:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/03/12 22:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/12 22:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/03/12 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/12 22:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/12 22:26:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/12 22:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/12 22:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/03/12 22:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/03/12 22:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/12 22:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\jdk1.7.0_02_combo
[2012/03/12 22:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/03/12 22:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Paint.NET
[2012/03/12 22:17:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/03/12 22:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/03/12 22:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/03/12 22:15:23 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/03/12 22:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/03/12 22:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/03/12 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/03/12 22:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/03/12 22:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2012/03/12 22:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2012/03/12 22:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/03/12 22:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/03/12 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/12 22:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/03/12 22:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/03/12 22:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2012/03/12 22:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/03/12 22:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2012/03/12 22:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2012/03/12 22:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/03/12 22:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/03/12 21:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2012/03/12 21:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Spotify
[2012/03/12 21:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Spotify
[2012/03/12 21:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/03/12 21:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2012/03/12 21:57:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/12 21:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2012/03/12 21:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2012/03/12 21:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012/03/12 21:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/03/12 21:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/03/12 21:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/03/12 21:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/03/12 21:55:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/03/12 21:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/03/12 21:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/12 21:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/03/12 21:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/03/12 21:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/03/12 21:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/03/12 21:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/03/12 21:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/03/12 21:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/03/12 21:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Palringo
[2012/03/12 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Palringo
[2012/03/12 21:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/03/12 21:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/03/12 21:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2012/03/12 21:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2012/03/12 21:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/12 21:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/12 19:45:52 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/03/12 19:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/03/12 19:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/03/12 19:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/03/12 19:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/03/12 19:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/12 19:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012/03/12 19:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/12 19:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/03/12 19:27:34 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/03/12 19:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/03/12 19:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/03/12 19:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/03/12 19:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/03/12 19:17:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2012/03/12 19:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
[2012/03/12 19:13:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/03/12 19:13:44 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\System32\RtlUI2.exe
[2012/03/12 19:13:44 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\RtlUI2.exe
[2012/03/12 19:13:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina
[2012/03/12 19:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK
[2012/03/12 19:13:35 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/03/12 19:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/03/12 19:12:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/03/12 19:12:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/03/12 19:12:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/03/12 19:11:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/03/12 19:11:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/03/12 19:11:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/03/12 19:11:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/03/12 19:11:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/03/12 19:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/03/12 19:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/03/12 19:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/03/12 19:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/03/12 19:11:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/03/12 19:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/03/12 19:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/03/12 19:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/03/12 19:11:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/03/12 19:11:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/03/12 19:11:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/03/12 19:11:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/03/12 19:11:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/03/12 19:11:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/03/12 19:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/03/12 19:10:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/03/12 19:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/03/12 19:08:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/03/12 19:08:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/03/12 19:08:36 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/03/12 19:07:23 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/03/12 19:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/03/12 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/03/12 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/03/12 19:06:32 | 000,000,000 | ---D | C] -- C:\DELL
[2012/03/12 19:05:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/03/12 19:05:03 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/03/12 19:05:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/03/12 19:04:49 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/03/12 19:04:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/03/12 19:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/03/12 19:03:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/03/12 19:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/03/12 19:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/03/12 19:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/03/12 19:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/03/12 19:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/03/12 19:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/03/12 19:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/03/12 19:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/03/12 19:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/03/12 19:02:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/03/12 19:02:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/03/12 19:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/03/12 19:01:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/03/12 19:01:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/03/12 19:01:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/03/12 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/03/12 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/03/12 19:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/03/12 19:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/03/12 19:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/03/12 19:00:29 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/03/12 19:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/03/12 19:00:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/03/12 19:00:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/03/12 19:00:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/03/12 19:00:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/03/12 18:59:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/03/12 18:24:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/03/12 18:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/03/12 18:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/03/12 18:24:20 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/03/12 18:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/03/12 18:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/03/12 18:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/03/12 18:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/03/12 18:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/03/12 18:23:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/03/12 18:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/03/12 18:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/03/12 18:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/03/12 18:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/03/12 18:23:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/03/12 18:23:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/03/12 18:22:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/03/12 18:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/03/12 18:15:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/03/12 18:15:51 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/03/12 18:15:51 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/03/12 18:15:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/25 11:00:45 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/25 10:55:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/25 10:44:25 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/25 10:44:24 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/03/25 10:38:43 | 000,435,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/25 10:38:43 | 000,068,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/25 02:09:27 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500UA.job
[2012/03/25 00:55:34 | 985,071,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MathsWatch High.iso
[2012/03/24 22:09:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500Core.job
[2012/03/24 18:25:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/03/24 18:17:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/24 12:45:51 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2012/03/24 12:17:05 | 000,021,277 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sony-Playstation.jpg
[2012/03/24 11:02:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/19 22:24:01 | 000,001,768 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/19 18:32:57 | 000,018,449 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\420634_10150688371849564_507899563_9007300_314980238_n.jpg
[2012/03/19 17:11:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 17:11:26 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 16:14:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 16:02:54 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NetTools.lnk
[2012/03/18 14:55:35 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/03/18 14:55:35 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/03/18 11:32:36 | 000,057,028 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/17 23:38:44 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/03/17 23:38:44 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/03/15 22:15:55 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2012/03/15 19:24:03 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/03/14 23:13:44 | 000,264,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/03/14 23:13:44 | 000,264,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2012/03/14 23:13:30 | 001,177,600 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/03/14 22:31:33 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2012/03/14 22:31:33 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Logitech Pictures.lnk
[2012/03/14 18:16:56 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JDownloader.lnk
[2012/03/14 17:45:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/12 22:28:01 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/12 22:27:30 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2012/03/12 22:27:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/12 22:26:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 22:19:46 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/03/12 22:08:35 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/03/12 22:08:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/12 22:06:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/12 22:03:15 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2012/03/12 22:01:07 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/03/12 21:59:21 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 21:58:35 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spotify.lnk
[2012/03/12 21:57:41 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/03/12 21:57:40 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/03/12 21:57:36 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/03/12 21:56:05 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinSCP.lnk
[2012/03/12 21:55:59 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/12 21:51:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/12 19:28:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 19:28:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/12 19:27:35 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/12 19:18:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/03/12 19:14:22 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:22 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:17 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/03/12 19:12:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/12 19:11:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/03/12 19:09:21 | 000,000,690 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/03/12 19:06:21 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/12 19:06:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/12 19:06:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/03/12 19:06:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/03/12 19:06:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/12 19:06:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/03/12 19:06:04 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/12 19:02:10 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/12 18:58:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/03/12 18:24:32 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/24 12:17:07 | 000,021,277 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sony-Playstation.jpg
[2012/03/23 18:24:14 | 985,071,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MathsWatch High.iso
[2012/03/19 18:33:03 | 000,018,449 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\420634_10150688371849564_507899563_9007300_314980238_n.jpg
[2012/03/19 17:11:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 17:11:26 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 16:12:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 16:02:54 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NetTools.lnk
[2012/03/18 16:01:43 | 000,809,345 | ---- | C] () -- C:\WINDOWS\System32\nmap-os-fingerprints
[2012/03/18 16:01:43 | 000,557,444 | ---- | C] () -- C:\WINDOWS\System32\nmap-service-probes
[2012/03/18 16:01:43 | 000,482,123 | ---- | C] () -- C:\WINDOWS\System32\nmapwin.chm
[2012/03/18 16:01:43 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nmapserv.exe
[2012/03/18 16:01:43 | 000,225,546 | ---- | C] () -- C:\WINDOWS\System32\nmap-mac-prefixes
[2012/03/18 16:01:43 | 000,108,536 | ---- | C] () -- C:\WINDOWS\System32\nmap-services
[2012/03/18 16:01:43 | 000,021,552 | ---- | C] () -- C:\WINDOWS\System32\nmap.xsl
[2012/03/18 16:01:43 | 000,017,955 | ---- | C] () -- C:\WINDOWS\System32\nmap-rpc
[2012/03/18 16:01:43 | 000,006,318 | ---- | C] () -- C:\WINDOWS\System32\nmap-protocols
[2012/03/18 16:01:43 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\nmap_performance.reg
[2012/03/18 16:01:42 | 000,452,096 | ---- | C] () -- C:\WINDOWS\System32\nmap.exe
[2012/03/18 16:01:42 | 000,192,007 | ---- | C] () -- C:\WINDOWS\System32\CHANGELOG
[2012/03/18 16:01:42 | 000,025,611 | ---- | C] () -- C:\WINDOWS\System32\COPYING
[2012/03/18 16:01:13 | 000,010,348 | ---- | C] () -- C:\WINDOWS\System32\SubclassingSink.tlb
[2012/03/18 14:55:35 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/03/18 14:55:35 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/03/18 14:55:35 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/03/18 11:32:36 | 000,057,028 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/18 11:11:43 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2012/03/17 23:39:55 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/03/17 23:39:55 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/03/17 23:39:52 | 000,001,768 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/15 22:15:55 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2012/03/15 19:24:03 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/03/14 22:31:33 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2012/03/14 22:31:33 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Logitech Pictures.lnk
[2012/03/14 22:30:49 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2012/03/14 22:30:38 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/03/14 18:16:56 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JDownloader.lnk
[2012/03/14 18:16:48 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2012/03/14 18:16:48 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/03/14 18:16:47 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2012/03/14 17:19:54 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 23:38:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/13 18:48:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/12 22:32:53 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/12 22:28:03 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2012/03/12 22:28:01 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/12 22:27:30 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/12 22:26:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 22:19:46 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk
[2012/03/12 22:19:46 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/03/12 22:18:01 | 000,065,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/12 22:08:35 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/03/12 22:08:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/12 22:07:55 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/12 22:06:48 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/12 22:06:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/12 22:03:17 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2012/03/12 22:01:07 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/03/12 21:59:21 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 21:59:21 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 21:58:35 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Spotify.lnk
[2012/03/12 21:58:35 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spotify.lnk
[2012/03/12 21:57:40 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/03/12 21:57:40 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/03/12 21:57:36 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/03/12 21:56:07 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinSCP.lnk
[2012/03/12 21:56:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2012/03/12 21:55:59 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/12 21:52:36 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500UA.job
[2012/03/12 21:52:35 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500Core.job
[2012/03/12 21:52:32 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/03/12 21:51:59 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/12 19:28:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 19:28:43 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 19:28:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/12 19:27:35 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/12 19:18:12 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/03/12 19:14:22 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:22 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:13 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/03/12 19:13:37 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/03/12 19:12:19 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/12 19:12:10 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/03/12 19:12:06 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/03/12 19:11:54 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2012/03/12 19:11:53 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2012/03/12 19:11:45 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2012/03/12 19:11:44 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2012/03/12 19:11:31 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/03/12 19:11:31 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/03/12 19:11:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/03/12 19:09:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/12 19:08:30 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/03/12 19:08:11 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/03/12 19:08:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/03/12 19:08:03 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/03/12 19:08:01 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/03/12 19:07:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/03/12 19:07:41 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/03/12 19:07:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/03/12 19:07:26 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/03/12 19:06:21 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/12 19:06:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/03/12 19:06:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/03/12 19:06:17 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/12 19:06:17 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/03/12 19:06:15 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/03/12 19:04:48 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/03/12 19:04:32 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/03/12 19:04:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/03/12 19:04:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/03/12 19:04:05 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/03/12 19:03:12 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/03/12 19:02:11 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/03/12 19:02:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/12 19:01:37 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/03/12 19:01:05 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/03/12 19:01:05 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/03/12 19:01:05 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/03/12 19:01:04 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/03/12 19:01:04 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/03/12 19:01:04 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/03/12 19:01:04 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/03/12 19:01:04 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/03/12 19:01:04 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/03/12 19:01:04 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/03/12 19:01:03 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/03/12 19:01:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/03/12 19:01:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/03/12 19:00:58 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/03/12 19:00:51 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2012/03/12 18:24:32 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012/03/12 18:24:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/12 18:24:23 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/03/12 18:24:23 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/03/12 18:24:22 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/03/12 18:24:21 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/03/12 18:23:55 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/03/12 18:23:41 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/03/12 18:23:41 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/03/12 18:23:41 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/03/12 18:23:41 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/03/12 18:23:41 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/03/12 18:23:41 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/03/12 18:23:41 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/03/12 18:23:41 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/03/12 18:23:41 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/03/12 18:23:40 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/03/12 18:23:40 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/03/12 18:23:40 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/03/12 18:23:40 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/03/12 18:23:40 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/03/12 18:23:40 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/03/12 18:23:40 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/03/12 18:23:40 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/03/12 18:23:39 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/03/12 18:23:39 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/03/12 18:22:19 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2012/03/12 18:22:13 | 000,000,690 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2012/03/24 10:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dclogs
[2012/03/18 14:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/03/12 22:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/03/12 21:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spotify
[2012/03/12 20:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/03/19 21:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2012/03/25 10:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/03/15 17:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\X-Chat 2
[2012/03/14 22:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/03/25 11:00:45 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

The asw mbr worked, here is the log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-25 11:03:22
-----------------------------
11:03:22.531 OS Version: Windows 5.1.2600 Service Pack 3
11:03:22.531 Number of processors: 2 586 0x209
11:03:22.531 ComputerName: PSD UserName:
11:03:23.000 Initialize success
11:03:44.015 AVAST engine defs: 12032400
11:03:52.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
11:03:52.125 Disk 0 Vendor: FUJITSU_MHT2040AH 006C Size: 38154MB BusType: 3
11:03:52.140 Disk 0 MBR read successfully
11:03:52.156 Disk 0 MBR scan
11:03:52.265 Disk 0 Windows XP default MBR code
11:03:52.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38146 MB offset 63
11:03:52.265 Disk 0 scanning sectors +78124095
11:03:52.359 Disk 0 scanning C:\WINDOWS\system32\drivers
11:04:08.359 Service scanning
11:04:26.250 Service MpKsla91b9379 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB6F449E-F57B-447D-ADAE-737BF99A9FA8}\MpKsla91b9379.sys **LOCKED** 32
11:04:46.718 Modules scanning
11:04:53.234 Disk 0 trace - called modules:
11:04:53.250 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
11:04:53.250 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89793ab8]
11:04:53.250 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8974ed98]
11:04:53.687 AVAST engine scan C:\WINDOWS
11:04:59.093 AVAST engine scan C:\WINDOWS\system32
11:10:27.750 AVAST engine scan C:\WINDOWS\system32\drivers
11:10:46.656 AVAST engine scan C:\Documents and Settings\Administrator
11:15:36.109 File: C:\Documents and Settings\Administrator\Local Settings\Temp\bs1.2crypted.exe **INFECTED** MSIL:Dropper-TI [Drp]
11:16:54.984 File: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IHFFLJK7\bs1.2crypted[1].exe **INFECTED** MSIL:Dropper-TI [Drp]
11:17:03.171 AVAST engine scan C:\Documents and Settings\All Users
11:17:42.515 Scan finished successfully
11:20:53.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
11:20:53.234 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

Also, a file was made on my desktop called MBR.dat, however I won't delete that till I know that its useless. Also could you do me a favour;

I made a thread a couple of weeks ago, but I didn't need any help anymore so I needed it closed, so can you close it for me, here it is:

http://www.geekstogo..._1#entry2131949
  • 0

#6
Essexboy
Posted 25 March 2012 - 08:03 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run can you let me know what problems remain

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


    :Files
    ipconfig /flushdns /c
    C:\Documents and Settings\Administrator\Local Settings\Temp\bs1.2crypted.exe
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IHFFLJK7\bs1.2crypted[1].exe

    :Commands
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#7
Pawanhammers
Posted 25 March 2012 - 09:22 AM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
After I done the fix, when it rebooted it left a log which said:


All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\bs1.2crypted.exe moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IHFFLJK7\bs1.2crypted[1].exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 156738664 bytes
->Temporary Internet Files folder emptied: 57605043 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43934610 bytes
->Google Chrome cache emptied: 6148099 bytes
->Apple Safari cache emptied: 1256448 bytes
->Opera cache emptied: 7329696 bytes
->Flash cache emptied: 58046 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 82268 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2409090 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 227260 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 263.00 mb

Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.39.2 log created on 03252012_160554

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

The Quick Scan log after the fix after the reboot:

OTL logfile created on: 25/03/2012 16:12:43 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 61.43% Memory free
2.98 Gb Paging File | 2.67 Gb Available in Paging File | 89.39% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.63 Gb Free Space | 55.37% Space Free | Partition Type: NTFS
Drive E: | 29.77 Gb Total Space | 25.80 Gb Free Space | 86.68% Space Free | Partition Type: FAT32
Drive F: | 268.28 Gb Total Space | 161.88 Gb Free Space | 60.34% Space Free | Partition Type: NTFS

Computer Name: PSD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/24 18:17:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Program Files\Skype\Updater\Updater.exe
PRC - [2012/02/27 15:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/02/08 00:11:44 | 000,451,856 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/02/08 00:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2012/01/03 14:10:46 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/06/12 22:00:42 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/07 15:54:16 | 000,004,096 | ---- | M] () -- C:\Program Files\Yuna Software\Messenger Plus!\Detour32.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/04/03 17:32:10 | 000,110,592 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2008/04/14 05:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/15 02:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/08 00:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2003/04/04 15:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/25 11:03:23 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB6F449E-F57B-447D-ADAE-737BF99A9FA8}\MpKsla91b9379.sys -- (MpKsla91b9379)
DRV - [2012/02/08 00:11:42 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/06/22 10:31:08 | 000,589,312 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2005/05/27 10:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 10:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2003/04/04 16:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/12 22:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/12 19:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/03/21 19:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c1ndcu8q.default\extensions
[2012/03/12 21:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 21:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C1NDCU8Q.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C1NDCU8Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/12 21:55:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/16 15:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 12:08:43 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 12:08:43 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 12:08:43 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 12:08:43 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AutoReloader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahijjacooaofacadpjbfbmgekilcpjhj\1.9.6_0\
CHR - Extension: TimelineRemove = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.7.1_0\

O1 HOSTS File: ([2001/08/18 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKCU..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKCU..\Run: [Office Update] C:\Documents and Settings\Administrator\Application Data\Office Update.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB53C317-01FF-4A4C-AAAA-43C8B8B20D9D}: DhcpNameServer = 192.168.5.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\WINDOWS\SYSTEM32\RtlGina\RtlGina.DLL) - C:\WINDOWS\system32\RtlGina\RtlGina.dll (Realtek)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/12 19:06:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/07/15 22:34:52 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/25 15:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PsBase
[2012/03/25 10:53:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/25 10:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/03/25 01:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MathsWatch
[2012/03/24 18:25:17 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/03/24 18:17:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/24 12:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/03/22 22:04:05 | 001,177,600 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/03/22 22:04:05 | 000,264,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/03/22 22:04:05 | 000,264,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2012/03/22 22:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenSSL
[2012/03/22 22:03:59 | 000,000,000 | ---D | C] -- C:\OpenSSL-Win32
[2012/03/22 22:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Infinity
[2012/03/22 21:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dclogs
[2012/03/19 17:11:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/03/18 16:12:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/03/18 16:12:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/03/18 16:12:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/03/18 16:10:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/18 16:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinPcap
[2012/03/18 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Net Tools
[2012/03/18 16:01:52 | 000,434,252 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCRTD.DLL
[2012/03/18 16:01:52 | 000,061,493 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFCN42D.DLL
[2012/03/18 16:01:51 | 000,962,612 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC42D.DLL
[2012/03/18 16:01:43 | 000,077,824 | ---- | C] (JVSoftware) -- C:\WINDOWS\System32\nmapwin.exe
[2012/03/18 16:01:34 | 000,114,688 | ---- | C] (Open Source Telecom) -- C:\WINDOWS\System32\CCGNU32.dll
[2012/03/18 16:01:32 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSMAPI32.OCX
[2012/03/18 16:01:24 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2012/03/18 16:01:23 | 000,103,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMM32.OCX
[2012/03/18 16:01:20 | 001,009,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mschrt20.ocx
[2012/03/18 16:01:20 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mscomct2.ocx
[2012/03/18 16:01:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msado25.tlb
[2012/03/18 16:01:18 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2012/03/18 16:01:13 | 000,939,224 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2012/03/18 16:01:13 | 000,561,179 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dao360.dll
[2012/03/18 16:01:13 | 000,299,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDBRPTR.DLL
[2012/03/18 16:01:13 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSDERUN.DLL
[2012/03/18 16:01:13 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSSTDFMT.DLL
[2012/03/18 16:01:13 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mswinsck.ocx
[2012/03/18 16:01:13 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msado20.tlb
[2012/03/18 16:01:13 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wbemdisp.tlb
[2012/03/18 16:01:12 | 000,608,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comctl32.ocx
[2012/03/18 16:01:12 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx
[2012/03/18 16:01:12 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\richtx32.ocx
[2012/03/18 16:01:12 | 000,164,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comct232.ocx
[2012/03/18 16:01:12 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Comdlg32.ocx
[2012/03/18 16:01:12 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.ocx
[2012/03/18 16:01:08 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/03/18 16:01:08 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2012/03/18 16:01:08 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/03/18 16:01:05 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/03/18 16:01:03 | 002,000,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/03/18 16:00:58 | 011,082,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/03/18 16:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Net Tools
[2012/03/18 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2012/03/18 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/03/18 14:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/03/18 11:47:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/03/18 11:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/03/17 23:42:41 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/03/17 23:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2012/03/17 23:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/03/17 21:45:38 | 000,025,088 | ---- | C] (Microsoft) -- C:\Documents and Settings\Administrator\Desktop\PatchBlocker.exe
[2012/03/16 18:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WPRV3.58
[2012/03/16 18:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\wordpress
[2012/03/16 17:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Logitech-LS
[2012/03/15 22:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2012/03/15 22:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/03/15 22:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/03/15 22:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/03/15 22:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/03/15 22:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/03/15 22:48:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/03/15 22:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012/03/15 22:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/15 22:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/03/15 22:46:48 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/03/15 22:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2012/03/15 22:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
[2012/03/15 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/03/15 19:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\mIRC
[2012/03/15 19:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2012/03/15 18:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2012/03/15 17:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\X-Chat 2
[2012/03/15 17:07:44 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2012/03/15 17:07:39 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2012/03/15 17:07:37 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2012/03/15 17:07:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2012/03/15 17:07:36 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2012/03/15 17:07:34 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2012/03/15 17:07:31 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2012/03/15 17:07:28 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2012/03/15 17:07:26 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2012/03/15 17:06:44 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2012/03/15 17:06:44 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2012/03/15 17:06:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2012/03/15 17:06:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2012/03/15 17:06:43 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2012/03/15 17:06:43 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2012/03/15 17:06:43 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2012/03/15 17:06:43 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2012/03/15 17:06:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2012/03/15 17:06:41 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2012/03/14 22:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/03/14 22:31:31 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\capicom.dll
[2012/03/14 22:30:38 | 000,372,736 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll
[2012/03/14 22:30:38 | 000,106,496 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcoinst.dll
[2012/03/14 22:30:38 | 000,022,016 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2012/03/14 22:30:37 | 000,204,800 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll
[2012/03/14 22:30:37 | 000,204,800 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll
[2012/03/14 22:30:36 | 002,180,096 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVSVF2.sys
[2012/03/14 22:30:36 | 000,913,280 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LV302AV.SYS
[2012/03/14 22:30:36 | 000,007,136 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lv302af.sys
[2012/03/14 22:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/03/14 22:30:12 | 000,462,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LCamCpl.dll
[2012/03/14 22:30:12 | 000,282,624 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\camcpl.cpl
[2012/03/14 22:30:12 | 000,215,552 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lvkrn12n.dll
[2012/03/14 22:30:11 | 000,029,795 | ---- | C] (Ingenient Technologies, Inc.) -- C:\WINDOWS\System32\ITIG726.acm
[2012/03/14 22:30:08 | 000,192,512 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltscr12n.ocx
[2012/03/14 22:30:07 | 000,628,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltocx12n.ocx
[2012/03/14 22:30:05 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2012/03/14 22:30:05 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71u.dll
[2012/03/14 22:30:05 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71DEU.DLL
[2012/03/14 22:30:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2012/03/14 22:30:05 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ESP.DLL
[2012/03/14 22:30:05 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2012/03/14 22:30:05 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2012/03/14 22:30:05 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2012/03/14 22:30:05 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2012/03/14 22:30:05 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2012/03/14 22:30:04 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2012/03/14 22:30:04 | 000,086,016 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\vatee.ax
[2012/03/14 22:30:02 | 000,466,944 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\QCUI2.dll
[2012/03/14 22:30:01 | 000,856,064 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltwvc12n.dll
[2012/03/14 22:30:00 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn12n.dll
[2012/03/14 22:30:00 | 000,164,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimg12n.dll
[2012/03/14 22:29:59 | 000,259,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTDIS12n.dll
[2012/03/14 22:29:59 | 000,207,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltefx12n.dll
[2012/03/14 22:29:59 | 000,131,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil12n.DLL
[2012/03/14 22:29:57 | 000,141,312 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lftif12n.dll
[2012/03/14 22:29:57 | 000,078,336 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lffax12n.dll
[2012/03/14 22:29:56 | 000,328,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP12n.DLL
[2012/03/14 22:29:56 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfbmp12n.dll
[2012/03/14 22:29:52 | 000,090,112 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LQCUI2.dll
[2012/03/14 22:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/03/14 22:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Messenger Plus!
[2012/03/14 22:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/03/14 22:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2012/03/14 18:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2012/03/14 18:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012/03/14 18:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WiiBackUpManager
[2012/03/13 18:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2012/03/13 18:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing
[2012/03/13 17:26:10 | 000,237,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012/03/13 17:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2012/03/12 23:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/03/12 22:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/03/12 22:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/12 22:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/03/12 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/12 22:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/12 22:26:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/12 22:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/12 22:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/03/12 22:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/03/12 22:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/12 22:25:07 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/03/12 22:25:06 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/03/12 22:25:06 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/03/12 22:25:06 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/03/12 22:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\jdk1.7.0_02_combo
[2012/03/12 22:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/03/12 22:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Paint.NET
[2012/03/12 22:17:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/03/12 22:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/03/12 22:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/03/12 22:16:22 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/03/12 22:16:18 | 000,026,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spupdsvc.exe
[2012/03/12 22:16:13 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2012/03/12 22:16:13 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2012/03/12 22:16:13 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2012/03/12 22:16:13 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2012/03/12 22:16:12 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2012/03/12 22:16:12 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2012/03/12 22:15:23 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/03/12 22:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/03/12 22:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/03/12 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/03/12 22:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/03/12 22:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2012/03/12 22:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2012/03/12 22:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/03/12 22:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/03/12 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/12 22:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/03/12 22:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/03/12 22:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2012/03/12 22:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/03/12 22:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2012/03/12 22:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2012/03/12 22:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/03/12 22:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/03/12 21:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2012/03/12 21:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Spotify
[2012/03/12 21:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Spotify
[2012/03/12 21:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/03/12 21:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2012/03/12 21:57:25 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/03/12 21:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2012/03/12 21:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2012/03/12 21:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012/03/12 21:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/03/12 21:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/03/12 21:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/03/12 21:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/03/12 21:55:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/03/12 21:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/03/12 21:55:19 | 000,567,184 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/03/12 21:55:19 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/12 21:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/12 21:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/03/12 21:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/03/12 21:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/03/12 21:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/03/12 21:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/03/12 21:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/03/12 21:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/03/12 21:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Palringo
[2012/03/12 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Palringo
[2012/03/12 21:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/03/12 21:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/03/12 21:52:42 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/12 21:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2012/03/12 21:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2012/03/12 21:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/12 21:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/12 19:45:52 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2012/03/12 19:45:52 | 000,720,896 | ---- | C] (Sensaura Ltd) -- C:\WINDOWS\System32\a3d.dll
[2012/03/12 19:45:52 | 000,049,152 | ---- | C] (Analog Devices Inc.) -- C:\WINDOWS\System32\DSndUp.exe
[2012/03/12 19:45:52 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/03/12 19:45:52 | 000,003,744 | ---- | C] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smsens.sys
[2012/03/12 19:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/03/12 19:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/03/12 19:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/03/12 19:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/03/12 19:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/12 19:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012/03/12 19:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/12 19:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/03/12 19:27:34 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/03/12 19:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/03/12 19:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/03/12 19:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/03/12 19:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/03/12 19:17:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2012/03/12 19:16:03 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2012/03/12 19:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
[2012/03/12 19:13:46 | 000,589,312 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\drivers\RTL8192su.sys
[2012/03/12 19:13:46 | 000,026,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbstor.sys
[2012/03/12 19:13:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/03/12 19:13:44 | 000,614,400 | R--- | C] (Realtek Semiconductor Corp. ) -- C:\WINDOWS\Rtlihvs.dll
[2012/03/12 19:13:44 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\System32\RtlUI2.exe
[2012/03/12 19:13:44 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\RtlUI2.exe
[2012/03/12 19:13:44 | 000,188,416 | R--- | C] (Realtek Semiconductor Corp. ) -- C:\WINDOWS\RTLExtUI.dll
[2012/03/12 19:13:43 | 000,614,400 | R--- | C] (Realtek Semiconductor Corp. ) -- C:\WINDOWS\System32\Rtlihvs.dll
[2012/03/12 19:13:43 | 000,188,416 | R--- | C] (Realtek Semiconductor Corp. ) -- C:\WINDOWS\System32\RTLExtUI.dll
[2012/03/12 19:13:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina
[2012/03/12 19:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK
[2012/03/12 19:13:35 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/03/12 19:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/03/12 19:12:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/03/12 19:12:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/03/12 19:12:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/03/12 19:11:55 | 000,171,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jit.dll
[2012/03/12 19:11:55 | 000,046,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\setdebug.exe
[2012/03/12 19:11:54 | 000,139,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaee.dll
[2012/03/12 19:11:53 | 000,313,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dx3j.dll
[2012/03/12 19:11:44 | 000,286,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vmhelper.dll
[2012/03/12 19:11:44 | 000,171,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wjview.exe
[2012/03/12 19:11:44 | 000,021,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjdbc10.dll
[2012/03/12 19:11:43 | 000,172,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jview.exe
[2012/03/12 19:11:43 | 000,154,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msawt.dll
[2012/03/12 19:11:43 | 000,015,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\jdbgmgr.exe
[2012/03/12 19:11:42 | 000,404,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javart.dll
[2012/03/12 19:11:42 | 000,187,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javacypt.dll
[2012/03/12 19:11:42 | 000,063,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\javaprxy.dll
[2012/03/12 19:11:41 | 000,049,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clspack.exe
[2012/03/12 19:11:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/03/12 19:11:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/03/12 19:11:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/03/12 19:11:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/03/12 19:11:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/03/12 19:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/03/12 19:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/03/12 19:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/03/12 19:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/03/12 19:11:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/03/12 19:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/03/12 19:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/03/12 19:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/03/12 19:11:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/03/12 19:11:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/03/12 19:11:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/03/12 19:11:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/03/12 19:11:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/03/12 19:11:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/03/12 19:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/03/12 19:10:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/03/12 19:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/03/12 19:08:59 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2012/03/12 19:08:59 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2012/03/12 19:08:59 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2012/03/12 19:08:58 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2012/03/12 19:08:58 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2012/03/12 19:08:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2012/03/12 19:08:57 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2012/03/12 19:08:57 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2012/03/12 19:08:56 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wam51.dll
[2012/03/12 19:08:56 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamreg51.dll
[2012/03/12 19:08:56 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamps51.dll
[2012/03/12 19:08:55 | 000,364,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svc.dll
[2012/03/12 19:08:55 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ext.dll
[2012/03/12 19:08:55 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2012/03/12 19:08:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3svapi.dll
[2012/03/12 19:08:55 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w3ctrs51.dll
[2012/03/12 19:08:54 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2012/03/12 19:08:54 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2012/03/12 19:08:53 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2012/03/12 19:08:53 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2012/03/12 19:08:52 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uihelper.dll
[2012/03/12 19:08:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2012/03/12 19:08:51 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2012/03/12 19:08:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tools.dll
[2012/03/12 19:08:51 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2012/03/12 19:08:50 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2012/03/12 19:08:50 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2012/03/12 19:08:50 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2012/03/12 19:08:49 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2012/03/12 19:08:49 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2012/03/12 19:08:49 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2012/03/12 19:08:48 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\svcext51.dll
[2012/03/12 19:08:47 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspifilt.dll
[2012/03/12 19:08:47 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssinc51.dll
[2012/03/12 19:08:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\status.dll
[2012/03/12 19:08:46 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2012/03/12 19:08:45 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2012/03/12 19:08:44 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpincl.dll
[2012/03/12 19:08:44 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll
[2012/03/12 19:08:44 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpsmir.dll
[2012/03/12 19:08:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll
[2012/03/12 19:08:44 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2012/03/12 19:08:44 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmptrap.exe
[2012/03/12 19:08:44 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2012/03/12 19:08:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpmib.dll
[2012/03/12 19:08:43 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll
[2012/03/12 19:08:43 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmp.exe
[2012/03/12 19:08:43 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2012/03/12 19:08:42 | 000,236,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smi2smir.exe
[2012/03/12 19:08:42 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2012/03/12 19:08:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2012/03/12 19:08:42 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2012/03/12 19:08:42 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2012/03/12 19:08:42 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2012/03/12 19:08:42 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2012/03/12 19:08:42 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpapi.dll
[2012/03/12 19:08:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2012/03/12 19:08:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2012/03/12 19:08:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2012/03/12 19:08:41 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2012/03/12 19:08:41 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2012/03/12 19:08:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2012/03/12 19:08:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2012/03/12 19:08:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2012/03/12 19:08:41 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2012/03/12 19:08:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2012/03/12 19:08:41 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2012/03/12 19:08:38 | 000,221,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\seo.dll
[2012/03/12 19:08:38 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2012/03/12 19:08:37 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2012/03/12 19:08:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/03/12 19:08:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/03/12 19:08:36 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/03/12 19:08:36 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll
[2012/03/12 19:08:36 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwnh.dll
[2012/03/12 19:08:36 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcref.dll
[2012/03/12 19:08:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2012/03/12 19:08:35 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2012/03/12 19:08:35 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2012/03/12 19:08:34 | 000,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys
[2012/03/12 19:08:33 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2012/03/12 19:08:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2012/03/12 19:08:33 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2012/03/12 19:08:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pwsdata.dll
[2012/03/12 19:08:31 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2012/03/12 19:08:31 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2012/03/12 19:08:31 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2012/03/12 19:08:31 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2012/03/12 19:08:31 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2012/03/12 19:08:30 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2012/03/12 19:08:30 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2012/03/12 19:08:30 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2012/03/12 19:08:30 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\permchk.dll
[2012/03/12 19:08:29 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2012/03/12 19:08:29 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pagecnt.dll
[2012/03/12 19:08:29 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2012/03/12 19:08:29 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2012/03/12 19:08:29 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2012/03/12 19:08:26 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nsepm.dll
[2012/03/12 19:08:26 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2012/03/12 19:08:25 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nextlink.dll
[2012/03/12 19:08:24 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2012/03/12 19:08:24 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe
[2012/03/12 19:08:21 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiregmv.exe
[2012/03/12 19:08:20 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2012/03/12 19:08:20 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2012/03/12 19:08:15 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2012/03/12 19:08:15 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2012/03/12 19:08:15 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\metada51.dll
[2012/03/12 19:08:15 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe
[2012/03/12 19:08:14 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\md5filt.dll
[2012/03/12 19:08:14 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mdsync.dll
[2012/03/12 19:08:13 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2012/03/12 19:08:13 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lpdsvc.dll
[2012/03/12 19:08:13 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logscrpt.dll
[2012/03/12 19:08:13 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lprmon.dll
[2012/03/12 19:08:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lonsint.dll
[2012/03/12 19:08:12 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lmmib2.dll
[2012/03/12 19:08:11 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2012/03/12 19:08:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2012/03/12 19:08:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2012/03/12 19:08:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2012/03/12 19:08:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2012/03/12 19:08:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2012/03/12 19:08:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2012/03/12 19:08:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2012/03/12 19:08:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2012/03/12 19:08:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2012/03/12 19:08:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2012/03/12 19:08:09 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2012/03/12 19:08:09 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2012/03/12 19:08:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41a.dll
[2012/03/12 19:08:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlk41j.dll
[2012/03/12 19:08:09 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2012/03/12 19:08:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2012/03/12 19:08:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2012/03/12 19:08:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2012/03/12 19:08:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2012/03/12 19:08:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2012/03/12 19:08:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2012/03/12 19:08:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdibm02.dll
[2012/03/12 19:08:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdax2.dll
[2012/03/12 19:08:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2012/03/12 19:08:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2012/03/12 19:08:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2012/03/12 19:08:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2012/03/12 19:08:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2012/03/12 19:08:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2012/03/12 19:08:08 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2012/03/12 19:08:07 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2012/03/12 19:08:07 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iwrps.dll
[2012/03/12 19:08:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106n.dll
[2012/03/12 19:08:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2012/03/12 19:08:07 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101.dll
[2012/03/12 19:08:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2012/03/12 19:08:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2012/03/12 19:08:07 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2012/03/12 19:08:07 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2012/03/12 19:08:06 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iprip.dll
[2012/03/12 19:08:06 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iscomlog.dll
[2012/03/12 19:08:06 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isapips.dll
[2012/03/12 19:08:05 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2012/03/12 19:08:05 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infocomm.dll
[2012/03/12 19:08:05 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetin51.exe
[2012/03/12 19:08:05 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoctrs.dll
[2012/03/12 19:08:04 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2012/03/12 19:08:04 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2012/03/12 19:08:04 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2012/03/12 19:08:04 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2012/03/12 19:08:04 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2012/03/12 19:08:04 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2012/03/12 19:08:03 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2012/03/12 19:08:03 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2012/03/12 19:08:03 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2012/03/12 19:08:03 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2012/03/12 19:08:03 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2012/03/12 19:08:03 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2012/03/12 19:08:02 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2012/03/12 19:08:02 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2012/03/12 19:08:02 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2012/03/12 19:08:02 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2012/03/12 19:08:02 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2012/03/12 19:08:01 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2012/03/12 19:08:01 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2012/03/12 19:08:01 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2012/03/12 19:08:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2012/03/12 19:08:01 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iislog51.dll
[2012/03/12 19:08:01 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2012/03/12 19:08:01 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iissync.exe
[2012/03/12 19:08:01 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismui.dll
[2012/03/12 19:08:00 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iische51.dll
[2012/03/12 19:08:00 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisclex4.dll
[2012/03/12 19:08:00 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisadmin.dll
[2012/03/12 19:08:00 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iiscrmap.dll
[2012/03/12 19:08:00 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisfecnv.dll
[2012/03/12 19:07:54 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2012/03/12 19:07:43 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2012/03/12 19:07:43 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2012/03/12 19:07:43 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpod51.dll
[2012/03/12 19:07:43 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpmb51.dll
[2012/03/12 19:07:42 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hostmib.dll
[2012/03/12 19:07:41 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2012/03/12 19:07:41 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gzip.dll
[2012/03/12 19:07:40 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsst.dll
[2012/03/12 19:07:40 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsxp32.dll
[2012/03/12 19:07:40 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxstiff.dll
[2012/03/12 19:07:40 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssvc.exe
[2012/03/12 19:07:40 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxst30.dll
[2012/03/12 19:07:40 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxswzrd.dll
[2012/03/12 19:07:40 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsui.dll
[2012/03/12 19:07:39 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscomex.dll
[2012/03/12 19:07:39 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2012/03/12 19:07:39 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2012/03/12 19:07:39 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscom.dll
[2012/03/12 19:07:39 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsevent.dll
[2012/03/12 19:07:39 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2012/03/12 19:07:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsdrv.dll
[2012/03/12 19:07:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsmon.dll
[2012/03/12 19:07:39 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsext32.dll
[2012/03/12 19:07:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2012/03/12 19:07:39 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsperf.dll
[2012/03/12 19:07:39 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsres.dll
[2012/03/12 19:07:38 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsapi.dll
[2012/03/12 19:07:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclnt.exe
[2012/03/12 19:07:38 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsv251.dll
[2012/03/12 19:07:38 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2012/03/12 19:07:38 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpctrs2.dll
[2012/03/12 19:07:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpmib.dll
[2012/03/12 19:07:38 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2012/03/12 19:07:37 | 000,618,605 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4autl.dll
[2012/03/12 19:07:37 | 000,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe
[2012/03/12 19:07:37 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll
[2012/03/12 19:07:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2012/03/12 19:07:36 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntwin.exe
[2012/03/12 19:07:36 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2012/03/12 19:07:36 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\exstrace.dll
[2012/03/12 19:07:36 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\f3ahvoas.dll
[2012/03/12 19:07:35 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntagnt.dll
[2012/03/12 19:07:35 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2012/03/12 19:07:35 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2012/03/12 19:07:35 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2012/03/12 19:07:35 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2012/03/12 19:07:35 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\evntcmd.exe
[2012/03/12 19:07:34 | 000,514,587 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\edb500.dll
[2012/03/12 19:07:30 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2012/03/12 19:07:30 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\davcdata.exe
[2012/03/12 19:07:29 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2012/03/12 19:07:28 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2012/03/12 19:07:28 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\convlog.exe
[2012/03/12 19:07:28 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\controt.dll
[2012/03/12 19:07:28 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\counters.dll
[2012/03/12 19:07:27 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\compfilt.dll
[2012/03/12 19:07:26 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2012/03/12 19:07:26 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2012/03/12 19:07:26 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2012/03/12 19:07:26 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2012/03/12 19:07:25 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2012/03/12 19:07:25 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2012/03/12 19:07:24 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2012/03/12 19:07:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2012/03/12 19:07:24 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2012/03/12 19:07:24 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2012/03/12 19:07:24 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2012/03/12 19:07:23 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2012/03/12 19:07:23 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/03/12 19:07:22 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_g18030.dll
[2012/03/12 19:07:22 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2012/03/12 19:07:22 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2012/03/12 19:07:16 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browscap.dll
[2012/03/12 19:07:15 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asptxn.dll
[2012/03/12 19:07:15 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aspperf.dll
[2012/03/12 19:07:15 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\authfilt.dll
[2012/03/12 19:07:14 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\asp51.dll
[2012/03/12 19:07:14 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll
[2012/03/12 19:07:14 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2012/03/12 19:07:13 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\appconf.dll
[2012/03/12 19:07:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0804.dll
[2012/03/12 19:07:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0412.dll
[2012/03/12 19:07:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0411.dll
[2012/03/12 19:07:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll
[2012/03/12 19:07:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0404.dll
[2012/03/12 19:07:13 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll
[2012/03/12 19:07:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2012/03/12 19:07:11 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adrot.dll
[2012/03/12 19:07:11 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admexs.dll
[2012/03/12 19:07:11 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admxprox.dll
[2012/03/12 19:07:08 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2012/03/12 19:07:07 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2012/03/12 19:07:07 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2012/03/12 19:07:07 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2012/03/12 19:07:06 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2012/03/12 19:07:06 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2012/03/12 19:07:06 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2012/03/12 19:07:06 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2012/03/12 19:07:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2012/03/12 19:07:02 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2012/03/12 19:07:02 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2012/03/12 19:07:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2012/03/12 19:07:02 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2012/03/12 19:07:01 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2012/03/12 19:07:01 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2012/03/12 19:07:01 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2012/03/12 19:07:01 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2012/03/12 19:07:01 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2012/03/12 19:07:01 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2012/03/12 19:07:00 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2012/03/12 19:07:00 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2012/03/12 19:07:00 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2012/03/12 19:07:00 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2012/03/12 19:06:59 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2012/03/12 19:06:59 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2012/03/12 19:06:59 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2012/03/12 19:06:59 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2012/03/12 19:06:59 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2012/03/12 19:06:59 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2012/03/12 19:06:59 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2012/03/12 19:06:59 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2012/03/12 19:06:58 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2012/03/12 19:06:58 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2012/03/12 19:06:58 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2012/03/12 19:06:58 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2012/03/12 19:06:58 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2012/03/12 19:06:58 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2012/03/12 19:06:58 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2012/03/12 19:06:57 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2012/03/12 19:06:57 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2012/03/12 19:06:57 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2012/03/12 19:06:57 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2012/03/12 19:06:57 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2012/03/12 19:06:56 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2012/03/12 19:06:56 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2012/03/12 19:06:56 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2012/03/12 19:06:56 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2012/03/12 19:06:55 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2012/03/12 19:06:53 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2012/03/12 19:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/03/12 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/03/12 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/03/12 19:06:33 | 005,503,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJAVX86.EXE
[2012/03/12 19:06:32 | 000,000,000 | ---D | C] -- C:\DELL
[2012/03/12 19:06:04 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mapi32.dll
[2012/03/12 19:05:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/03/12 19:05:03 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/03/12 19:05:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/03/12 19:04:49 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/03/12 19:04:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/03/12 19:04:17 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\notiflag.exe
[2012/03/12 19:04:17 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\brpinfo.dll
[2012/03/12 19:04:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atrace.dll
[2012/03/12 19:04:17 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atrace.dll
[2012/03/12 19:04:16 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helphost.exe
[2012/03/12 19:04:16 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hcappres.dll
[2012/03/12 19:04:05 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srdiag.exe
[2012/03/12 19:04:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmevtmsg.dll
[2012/03/12 19:04:04 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmevtmsg.dll
[2012/03/12 19:04:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\acctres.dll
[2012/03/12 19:04:03 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\acctres.dll
[2012/03/12 19:04:03 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msinfo32.exe
[2012/03/12 19:04:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wb32.exe
[2012/03/12 19:04:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cb32.exe
[2012/03/12 19:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/03/12 19:03:59 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwres.dll
[2012/03/12 19:03:59 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trialoc.dll
[2012/03/12 19:03:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icfgnt5.dll
[2012/03/12 19:03:59 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icfgnt5.dll
[2012/03/12 19:03:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/03/12 19:03:58 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoap1.dll
[2012/03/12 19:03:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwtutor.exe
[2012/03/12 19:03:58 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wisc10.dll
[2012/03/12 19:03:58 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mssoapr.dll
[2012/03/12 19:03:58 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2012/03/12 19:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/03/12 19:03:57 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieinfo5.ocx
[2012/03/12 19:03:53 | 000,726,078 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchui.dll
[2012/03/12 19:03:53 | 000,058,434 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srchctls.dll
[2012/03/12 19:03:52 | 003,166,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msgr3en.dll
[2012/03/12 19:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/03/12 19:03:51 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\VGX.dll
[2012/03/12 19:03:50 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpband.dll
[2012/03/12 19:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/03/12 19:03:49 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup_wm.exe
[2012/03/12 19:03:49 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpvis.dll
[2012/03/12 19:03:49 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmpns.dll
[2012/03/12 19:03:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\custsat.dll
[2012/03/12 19:03:48 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migrate.exe
[2012/03/12 19:03:48 | 000,364,544 | ---- | C] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\WINDOWS\System32\dllcache\npdsplay.dll
[2012/03/12 19:03:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npdrmv2.dll
[2012/03/12 19:03:48 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmplayer.exe
[2012/03/12 19:03:48 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\npwmsdrm.dll
[2012/03/12 19:03:47 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2012/03/12 19:03:46 | 001,929,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng.dll
[2012/03/12 19:03:46 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wucltui.dll
[2012/03/12 19:03:46 | 000,327,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wucltui.dll
[2012/03/12 19:03:46 | 000,217,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaucpl.cpl
[2012/03/12 19:03:46 | 000,209,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuweb.dll
[2012/03/12 19:03:46 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuaueng1.dll
[2012/03/12 19:03:46 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuaueng1.dll
[2012/03/12 19:03:46 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuauclt1.exe
[2012/03/12 19:03:46 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt1.exe
[2012/03/12 19:03:46 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wups.dll
[2012/03/12 19:03:46 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wups.dll
[2012/03/12 19:03:46 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauserv.dll
[2012/03/12 19:03:45 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll
[2012/03/12 19:03:45 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuapi.dll
[2012/03/12 19:03:45 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgr.dll
[2012/03/12 19:03:45 | 000,053,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wuauclt.exe
[2012/03/12 19:03:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qmgrprxy.dll
[2012/03/12 19:03:45 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qmgrprxy.dll
[2012/03/12 19:03:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx2.dll
[2012/03/12 19:03:45 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx2.dll
[2012/03/12 19:03:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx4.dll
[2012/03/12 19:03:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2012/03/12 19:03:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bitsprx3.dll
[2012/03/12 19:03:45 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx3.dll
[2012/03/12 19:03:42 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2012/03/12 19:03:42 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2012/03/12 19:03:41 | 004,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2012/03/12 19:03:41 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2012/03/12 19:03:41 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2012/03/12 19:03:41 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2012/03/12 19:03:41 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2012/03/12 19:03:41 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2012/03/12 19:03:39 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2012/03/12 19:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/03/12 19:03:21 | 000,565,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobmain.dll
[2012/03/12 19:03:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobdl.dll
[2012/03/12 19:03:20 | 000,122,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobcomm.dll
[2012/03/12 19:03:20 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oobebaln.exe
[2012/03/12 19:03:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobshel.dll
[2012/03/12 19:03:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoobe.exe
[2012/03/12 19:03:20 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msobweb.dll
[2012/03/12 19:03:16 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uploadm.exe
[2012/03/12 19:03:16 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrslv.dll
[2012/03/12 19:03:16 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrslv.dll
[2012/03/12 19:03:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrcdlg.dll
[2012/03/12 19:03:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrcdlg.dll
[2012/03/12 19:03:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\racpldlg.dll
[2012/03/12 19:03:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\racpldlg.dll
[2012/03/12 19:03:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\safrdm.dll
[2012/03/12 19:03:16 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\safrdm.dll
[2012/03/12 19:03:15 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchshell.dll
[2012/03/12 19:03:15 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pchsvc.dll
[2012/03/12 19:03:12 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconfig.exe
[2012/03/12 19:03:12 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hscupd.exe
[2012/03/12 19:03:11 | 000,769,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpctr.exe
[2012/03/12 19:03:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2012/03/12 19:03:10 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rstrui.exe
[2012/03/12 19:03:10 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\srrstr.dll
[2012/03/12 19:03:10 | 000,239,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srrstr.dll
[2012/03/12 19:03:10 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srsvc.dll
[2012/03/12 19:03:10 | 000,129,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmgr.sys
[2012/03/12 19:03:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fltMc.exe
[2012/03/12 19:03:10 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltmc.exe
[2012/03/12 19:03:10 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fltlib.dll
[2012/03/12 19:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/03/12 19:03:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ils.dll
[2012/03/12 19:03:09 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ils.dll
[2012/03/12 19:03:09 | 000,073,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sr.sys
[2012/03/12 19:03:09 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srclient.dll
[2012/03/12 19:03:08 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msconf.dll
[2012/03/12 19:03:08 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msconf.dll
[2012/03/12 19:03:08 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcap32.dll
[2012/03/12 19:03:08 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mnmdd.dll
[2012/03/12 19:03:08 | 000,034,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmdd.dll
[2012/03/12 19:03:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mnmsrvc.exe
[2012/03/12 19:03:08 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\isrdbg32.dll
[2012/03/12 19:03:08 | 000,032,768 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\dllcache\isrdbg32.dll
[2012/03/12 19:03:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\nmmkcert.dll
[2012/03/12 19:03:08 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmmkcert.dll
[2012/03/12 19:03:07 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\callcont.dll
[2012/03/12 19:03:07 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmas.dll
[2012/03/12 19:03:07 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rrcm.dll
[2012/03/12 19:03:07 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmasnt.dll
[2012/03/12 19:03:06 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst120.dll
[2012/03/12 19:03:06 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nac.dll
[2012/03/12 19:03:06 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmcom.dll
[2012/03/12 19:03:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mst123.dll
[2012/03/12 19:03:06 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\h323cc.dll
[2012/03/12 19:03:06 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\confmrsl.dll
[2012/03/12 19:03:05 | 000,188,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmwb.dll
[2012/03/12 19:03:05 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmoldwb.dll
[2012/03/12 19:03:05 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmft.dll
[2012/03/12 19:03:05 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nmchat.dll
[2012/03/12 19:03:04 | 001,032,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\conf.exe
[2012/03/12 19:03:04 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoeacct.dll
[2012/03/12 19:03:04 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeacct.dll
[2012/03/12 19:03:04 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msoert2.dll
[2012/03/12 19:03:04 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoert2.dll
[2012/03/12 19:03:04 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2012/03/12 19:03:04 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2012/03/12 19:03:04 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2012/03/12 19:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/03/12 19:03:03 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32.dll
[2012/03/12 19:03:03 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab32res.dll
[2012/03/12 19:03:03 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\directdb.dll
[2012/03/12 19:03:03 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2012/03/12 19:03:03 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetres.dll
[2012/03/12 19:03:03 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetres.dll
[2012/03/12 19:03:02 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2012/03/12 19:03:02 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2012/03/12 19:03:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2012/03/12 19:03:00 | 002,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2012/03/12 19:03:00 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2012/03/12 19:03:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2012/03/12 19:02:59 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstask.dll
[2012/03/12 19:02:59 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\schedsvc.dll
[2012/03/12 19:02:59 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2012/03/12 19:02:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mstinit.exe
[2012/03/12 19:02:59 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstinit.exe
[2012/03/12 19:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/03/12 19:02:58 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcfg.dll
[2012/03/12 19:02:58 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcfg.dll
[2012/03/12 19:02:58 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll
[2012/03/12 19:02:58 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll
[2012/03/12 19:02:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwdial.dll
[2012/03/12 19:02:58 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdial.dll
[2012/03/12 19:02:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\icwphbk.dll
[2012/03/12 19:02:58 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwphbk.dll
[2012/03/12 19:02:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn.dll
[2012/03/12 19:02:57 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwutil.dll
[2012/03/12 19:02:57 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwdl.dll
[2012/03/12 19:02:57 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwrmind.exe
[2012/03/12 19:02:56 | 000,554,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dao360.dll
[2012/03/12 19:02:56 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn1.exe
[2012/03/12 19:02:56 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwhelp.dll
[2012/03/12 19:02:56 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icwconn2.exe
[2012/03/12 19:02:56 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetwiz.exe
[2012/03/12 19:02:55 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sqlxmlx.dll
[2012/03/12 19:02:55 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32r.dll
[2012/03/12 19:02:54 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oledb32.dll
[2012/03/12 19:02:54 | 000,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaps.dll
[2012/03/12 19:02:54 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatl3.dll
[2012/03/12 19:02:54 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaosp.dll
[2012/03/12 19:02:54 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxactps.dll
[2012/03/12 19:02:54 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdatt.dll
[2012/03/12 19:02:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasqlr.dll
[2012/03/12 19:02:54 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaurl.dll
[2012/03/12 19:02:53 | 000,315,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasql.dll
[2012/03/12 19:02:53 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaora.dll
[2012/03/12 19:02:53 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadox.dll
[2012/03/12 19:02:53 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadomd.dll
[2012/03/12 19:02:53 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msjro.dll
[2012/03/12 19:02:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado27.tlb
[2012/03/12 19:02:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado26.tlb
[2012/03/12 19:02:53 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado25.tlb
[2012/03/12 19:02:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado21.tlb
[2012/03/12 19:02:53 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado20.tlb
[2012/03/12 19:02:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadrh15.dll
[2012/03/12 19:02:53 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msador15.dll
[2012/03/12 19:02:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaorar.dll
[2012/03/12 19:02:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdasc.dll
[2012/03/12 19:02:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaer.dll
[2012/03/12 19:02:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaenum.dll
[2012/03/12 19:02:53 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdadc.dll
[2012/03/12 19:02:52 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msado15.dll
[2012/03/12 19:02:52 | 000,200,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprst.dll
[2012/03/12 19:02:52 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdarem.dll
[2012/03/12 19:02:52 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdfmap.dll
[2012/03/12 19:02:52 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msader15.dll
[2012/03/12 19:02:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaremr.dll
[2012/03/12 19:02:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdaprsr.dll
[2012/03/12 19:02:51 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2012/03/12 19:02:51 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadds.dll
[2012/03/12 19:02:51 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadco.dll
[2012/03/12 19:02:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcf.dll
[2012/03/12 19:02:51 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcs.dll
[2012/03/12 19:02:51 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaddsr.dll
[2012/03/12 19:02:51 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcer.dll
[2012/03/12 19:02:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcor.dll
[2012/03/12 19:02:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadcfr.dll
[2012/03/12 19:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/03/12 19:02:50 | 000,638,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2012/03/12 19:02:50 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hmmapi.dll
[2012/03/12 19:02:50 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedw.exe
[2012/03/12 19:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/03/12 19:02:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/03/12 19:02:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/03/12 19:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/03/12 19:01:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/03/12 19:01:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/03/12 19:01:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/03/12 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/03/12 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/03/12 19:01:26 | 000,042,577 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgzm.exe
[2012/03/12 19:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/03/12 19:01:25 | 001,817,687 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckgres.dll
[2012/03/12 19:01:25 | 000,082,501 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bckg.dll
[2012/03/12 19:01:25 | 000,042,574 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvsezm.exe
[2012/03/12 19:01:24 | 002,178,131 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlres.dll
[2012/03/12 19:01:24 | 001,175,635 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzres.dll
[2012/03/12 19:01:24 | 000,780,885 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrres.dll
[2012/03/12 19:01:24 | 000,753,236 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvseres.dll
[2012/03/12 19:01:24 | 000,066,113 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvl.dll
[2012/03/12 19:01:24 | 000,048,706 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rvse.dll
[2012/03/12 19:01:24 | 000,042,575 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkrzm.exe
[2012/03/12 19:01:24 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shvlzm.exe
[2012/03/12 19:01:24 | 000,042,573 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtzzm.exe
[2012/03/12 19:01:24 | 000,040,515 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chkr.dll
[2012/03/12 19:01:23 | 000,057,409 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hrtz.dll
[2012/03/12 19:01:23 | 000,041,029 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zcorem.dll
[2012/03/12 19:01:23 | 000,032,339 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniansi.dll
[2012/03/12 19:01:23 | 000,013,894 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zonelibm.dll
[2012/03/12 19:01:23 | 000,004,677 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zeeverm.dll
[2012/03/12 19:01:22 | 001,039,955 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnresm.dll
[2012/03/12 19:01:22 | 000,217,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmnclim.dll
[2012/03/12 19:01:22 | 000,113,222 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zoneclim.dll
[2012/03/12 19:01:22 | 000,029,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\znetm.dll
[2012/03/12 19:01:21 | 000,036,937 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\zclientm.exe
[2012/03/12 19:01:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\write.exe
[2012/03/12 19:01:21 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\write.exe
[2012/03/12 19:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/03/12 19:01:12 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndvol32.exe
[2012/03/12 19:01:12 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndvol32.exe
[2012/03/12 19:01:12 | 000,044,544 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hticons.dll
[2012/03/12 19:01:11 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avtapi.dll
[2012/03/12 19:01:11 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avtapi.dll
[2012/03/12 19:01:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avwav.dll
[2012/03/12 19:01:11 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avwav.dll
[2012/03/12 19:01:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\avmeter.dll
[2012/03/12 19:01:11 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\avmeter.dll
[2012/03/12 19:01:11 | 000,013,312 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\dllcache\htrn_jis.dll
[2012/03/12 19:01:10 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winchat.exe
[2012/03/12 19:01:10 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winchat.exe
[2012/03/12 19:01:02 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\getuname.dll
[2012/03/12 19:01:02 | 000,605,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\getuname.dll
[2012/03/12 19:01:02 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\calc.exe
[2012/03/12 19:01:02 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\calc.exe
[2012/03/12 19:01:02 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\charmap.exe
[2012/03/12 19:01:02 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\charmap.exe
[2012/03/12 19:01:01 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mshearts.exe
[2012/03/12 19:01:01 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshearts.exe
[2012/03/12 19:01:01 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\winmine.exe
[2012/03/12 19:01:01 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmine.exe
[2012/03/12 19:01:01 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sol.exe
[2012/03/12 19:01:01 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sol.exe
[2012/03/12 19:01:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\freecell.exe
[2012/03/12 19:01:00 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\freecell.exe
[2012/03/12 19:01:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsshutdn.exe
[2012/03/12 19:01:00 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsshutdn.exe
[2012/03/12 19:01:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tskill.exe
[2012/03/12 19:01:00 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tskill.exe
[2012/03/12 19:01:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsdiscon.exe
[2012/03/12 19:01:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsdiscon.exe
[2012/03/12 19:01:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscon.exe
[2012/03/12 19:01:00 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscon.exe
[2012/03/12 19:01:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\reset.exe
[2012/03/12 19:01:00 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\reset.exe
[2012/03/12 19:00:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regini.exe
[2012/03/12 19:00:59 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\regini.exe
[2012/03/12 19:00:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qwinsta.exe
[2012/03/12 19:00:59 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qwinsta.exe
[2012/03/12 19:00:59 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msg.exe
[2012/03/12 19:00:59 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msg.exe
[2012/03/12 19:00:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qappsrv.exe
[2012/03/12 19:00:59 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qappsrv.exe
[2012/03/12 19:00:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwinsta.exe
[2012/03/12 19:00:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rwinsta.exe
[2012/03/12 19:00:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cdmodem.dll
[2012/03/12 19:00:59 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cdmodem.dll
[2012/03/12 19:00:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\logoff.exe
[2012/03/12 19:00:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logoff.exe
[2012/03/12 19:00:59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\shadow.exe
[2012/03/12 19:00:59 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shadow.exe
[2012/03/12 19:00:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpcfgex.dll
[2012/03/12 19:00:59 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpcfgex.dll
[2012/03/12 19:00:58 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtsadmin.tlb
[2012/03/12 19:00:57 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmi2xml.dll
[2012/03/12 19:00:54 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipicmp.dll
[2012/03/12 19:00:54 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmimsg.dll
[2012/03/12 19:00:54 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmitimep.dll
[2012/03/12 19:00:53 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\updprov.dll
[2012/03/12 19:00:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmplprov.dll
[2012/03/12 19:00:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.tlb
[2012/03/12 19:00:53 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\trnsprov.dll
[2012/03/12 19:00:53 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.tlb
[2012/03/12 19:00:53 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unsecapp.exe
[2012/03/12 19:00:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmtr.dll
[2012/03/12 19:00:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winmgmt.exe
[2012/03/12 19:00:53 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemads.dll
[2012/03/12 19:00:52 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msiprov.dll
[2012/03/12 19:00:52 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dsprov.dll
[2012/03/12 19:00:52 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fwdprov.dll
[2012/03/12 19:00:52 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpcons.dll
[2012/03/12 19:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/03/12 19:00:29 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/03/12 19:00:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\accwiz.exe
[2012/03/12 19:00:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\accwiz.exe
[2012/03/12 19:00:29 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sndrec32.exe
[2012/03/12 19:00:29 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sndrec32.exe
[2012/03/12 19:00:29 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\access.cpl
[2012/03/12 19:00:29 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\access.cpl
[2012/03/12 19:00:28 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dialer.exe
[2012/03/12 19:00:28 | 000,347,136 | ---- | C] (Hilgraeve, Inc.) -- C:\WINDOWS\System32\hypertrm.dll
[2012/03/12 19:00:28 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mplay32.exe
[2012/03/12 19:00:28 | 000,123,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mplay32.exe
[2012/03/12 19:00:27 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mspaint.exe
[2012/03/12 19:00:27 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mspaint.exe
[2012/03/12 19:00:27 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clipbrd.exe
[2012/03/12 19:00:27 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clipbrd.exe
[2012/03/12 19:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/03/12 19:00:26 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spider.exe
[2012/03/12 19:00:26 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spider.exe
[2012/03/12 19:00:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/03/12 19:00:25 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2012/03/12 19:00:25 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rhttpaa.dll
[2012/03/12 19:00:25 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2012/03/12 19:00:25 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tscfgwmi.dll
[2012/03/12 19:00:25 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tscfgwmi.dll
[2012/03/12 19:00:25 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2012/03/12 19:00:25 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsgqec.dll
[2012/03/12 19:00:25 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdtcp.sys
[2012/03/12 19:00:25 | 000,012,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdpipe.sys
[2012/03/12 19:00:24 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aaclient.dll
[2012/03/12 19:00:24 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2012/03/12 19:00:23 | 002,061,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstscx.dll
[2012/03/12 19:00:23 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lhmstsc.exe
[2012/03/12 19:00:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdshost.exe
[2012/03/12 19:00:23 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdshost.exe
[2012/03/12 19:00:23 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\remotepg.dll
[2012/03/12 19:00:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdsaddin.exe
[2012/03/12 19:00:23 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdsaddin.exe
[2012/03/12 19:00:22 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\termsrv.dll
[2012/03/12 19:00:22 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdchost.dll
[2012/03/12 19:00:22 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdchost.dll
[2012/03/12 19:00:22 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sessmgr.exe
[2012/03/12 19:00:22 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpwsx.dll
[2012/03/12 19:00:22 | 000,087,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwsx.dll
[2012/03/12 19:00:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpclip.exe
[2012/03/12 19:00:22 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpclip.exe
[2012/03/12 19:00:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rdpsnd.dll
[2012/03/12 19:00:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpsnd.dll
[2012/03/12 19:00:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcuiu.dll
[2012/03/12 19:00:21 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcuiu.dll
[2012/03/12 19:00:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxoci.dll
[2012/03/12 19:00:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgbkend.dll
[2012/03/12 19:00:21 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cfgbkend.dll
[2012/03/12 19:00:21 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qprocess.exe
[2012/03/12 19:00:21 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\qprocess.exe
[2012/03/12 19:00:21 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icaapi.dll
[2012/03/12 19:00:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/03/12 19:00:20 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtctm.dll
[2012/03/12 19:00:20 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtctm.dll
[2012/03/12 19:00:20 | 000,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtcprx.dll
[2012/03/12 19:00:20 | 000,427,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtcprx.dll
[2012/03/12 19:00:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xolehlp.dll
[2012/03/12 19:00:20 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xolehlp.dll
[2012/03/12 19:00:19 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msdtclog.dll
[2012/03/12 19:00:19 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtclog.dll
[2012/03/12 19:00:19 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msdtc.exe
[2012/03/12 19:00:18 | 000,195,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comadmin.dll
[2012/03/12 19:00:18 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.dll
[2012/03/12 19:00:18 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comrepl.dll
[2012/03/12 19:00:18 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2012/03/12 19:00:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxlegih.dll
[2012/03/12 19:00:18 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxlegih.dll
[2012/03/12 19:00:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxdm.dll
[2012/03/12 19:00:18 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxdm.dll
[2012/03/12 19:00:18 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comaddin.dll
[2012/03/12 19:00:18 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comaddin.dll
[2012/03/12 19:00:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrepl.exe
[2012/03/12 19:00:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dcomcnfg.exe
[2012/03/12 19:00:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dcomcnfg.exe
[2012/03/12 19:00:18 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comrereg.exe
[2012/03/12 19:00:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mtxex.dll
[2012/03/12 19:00:18 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtxex.dll
[2012/03/12 19:00:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/03/12 19:00:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatex.dll
[2012/03/12 19:00:17 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\clbcatex.dll
[2012/03/12 19:00:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvps.dll
[2012/03/12 19:00:17 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\catsrvps.dll
[2012/03/12 19:00:17 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\stclient.dll
[2012/03/12 19:00:17 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stclient.dll
[2012/03/12 19:00:16 | 000,625,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrvut.dll
[2012/03/12 19:00:16 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\catsrv.dll
[2012/03/12 19:00:15 | 001,267,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsvcs.dll
[2012/03/12 19:00:15 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comuid.dll
[2012/03/12 19:00:15 | 000,539,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comuid.dll
[2012/03/12 19:00:15 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comsnap.dll
[2012/03/12 19:00:15 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsnap.dll
[2012/03/12 19:00:14 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\clbcatq.dll
[2012/03/12 19:00:12 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmisvc.dll
[2012/03/12 19:00:12 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprov.dll
[2012/03/12 19:00:12 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipdskq.dll
[2012/03/12 19:00:12 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiutils.dll
[2012/03/12 19:00:12 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipjobj.dll
[2012/03/12 19:00:12 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipiprt.dll
[2012/03/12 19:00:12 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipsess.dll
[2012/03/12 19:00:11 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmic.exe
[2012/03/12 19:00:11 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemess.dll
[2012/03/12 19:00:11 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemupgd.dll
[2012/03/12 19:00:11 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiadap.exe
[2012/03/12 19:00:11 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmipcima.dll
[2012/03/12 19:00:11 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmidcprv.dll
[2012/03/12 19:00:11 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapsrv.exe
[2012/03/12 19:00:11 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemtest.exe
[2012/03/12 19:00:11 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiaprpl.dll
[2012/03/12 19:00:11 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmicookr.dll
[2012/03/12 19:00:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemsvc.dll
[2012/03/12 19:00:11 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemprox.dll
[2012/03/12 19:00:11 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiapres.dll
[2012/03/12 19:00:10 | 000,531,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcore.dll
[2012/03/12 19:00:10 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcomn.dll
[2012/03/12 19:00:10 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcntl.dll
[2012/03/12 19:00:10 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemdisp.dll
[2012/03/12 19:00:10 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\viewprov.dll
[2012/03/12 19:00:10 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\stdprov.dll
[2012/03/12 19:00:10 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wbemcons.dll
[2012/03/12 19:00:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\provthrd.dll
[2012/03/12 19:00:09 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntevt.dll
[2012/03/12 19:00:09 | 000,178,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\repdrvfs.dll
[2012/03/12 19:00:09 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\policman.dll
[2012/03/12 19:00:09 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\scrcons.exe
[2012/03/12 19:00:08 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\framedyn.dll
[2012/03/12 19:00:08 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofd.dll
[2012/03/12 19:00:08 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ncprov.dll
[2012/03/12 19:00:08 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\krnlprov.dll
[2012/03/12 19:00:08 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mofcomp.exe
[2012/03/12 19:00:07 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\esscli.dll
[2012/03/12 19:00:06 | 001,358,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cimwin32.dll
[2012/03/12 19:00:06 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\servdeps.dll
[2012/03/12 19:00:06 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\servdeps.dll
[2012/03/12 19:00:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmfutil.dll
[2012/03/12 19:00:06 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mmfutil.dll
[2012/03/12 19:00:05 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cmprops.dll
[2012/03/12 19:00:05 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmprops.dll
[2012/03/12 19:00:05 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\licwmi.dll
[2012/03/12 19:00:05 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licwmi.dll
[2012/03/12 19:00:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/03/12 18:59:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/03/12 18:27:57 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\portcls.sys
[2012/03/12 18:27:57 | 000,146,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\portcls.sys
[2012/03/12 18:27:57 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksproxy.ax
[2012/03/12 18:27:57 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksproxy.ax
[2012/03/12 18:27:57 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\drmk.sys
[2012/03/12 18:27:57 | 000,060,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\drmk.sys
[2012/03/12 18:27:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksuser.dll
[2012/03/12 18:27:57 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksuser.dll
[2012/03/12 18:26:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\usbui.dll
[2012/03/12 18:24:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/03/12 18:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/03/12 18:24:24 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcommon.dll
[2012/03/12 18:24:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spcplui.dll
[2012/03/12 18:24:22 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spttseng.dll
[2012/03/12 18:24:21 | 000,155,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.cpl
[2012/03/12 18:24:21 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapisvr.exe
[2012/03/12 18:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/03/12 18:24:20 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sapi.dll
[2012/03/12 18:24:20 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/03/12 18:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/03/12 18:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/03/12 18:24:18 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0408.dll
[2012/03/12 18:24:18 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040e.dll
[2012/03/12 18:24:18 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt041f.dll
[2012/03/12 18:24:18 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0419.dll
[2012/03/12 18:24:18 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0415.dll
[2012/03/12 18:24:17 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0405.dll
[2012/03/12 18:24:15 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuq.dll
[2012/03/12 18:24:15 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtuf.dll
[2012/03/12 18:24:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuq.dll
[2012/03/12 18:24:15 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtuf.dll
[2012/03/12 18:24:15 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdazel.dll
[2012/03/12 18:24:15 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdazel.dll
[2012/03/12 18:24:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbduzb.dll
[2012/03/12 18:24:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdtat.dll
[2012/03/12 18:24:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdmon.dll
[2012/03/12 18:24:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkyr.dll
[2012/03/12 18:24:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkaz.dll
[2012/03/12 18:24:13 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdaze.dll
[2012/03/12 18:24:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbduzb.dll
[2012/03/12 18:24:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdtat.dll
[2012/03/12 18:24:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdmon.dll
[2012/03/12 18:24:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkyr.dll
[2012/03/12 18:24:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkaz.dll
[2012/03/12 18:24:13 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdaze.dll
[2012/03/12 18:24:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycc.dll
[2012/03/12 18:24:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdur.dll
[2012/03/12 18:24:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru1.dll
[2012/03/12 18:24:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdru.dll
[2012/03/12 18:24:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbu.dll
[2012/03/12 18:24:12 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdblr.dll
[2012/03/12 18:24:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycc.dll
[2012/03/12 18:24:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdur.dll
[2012/03/12 18:24:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru1.dll
[2012/03/12 18:24:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdru.dll
[2012/03/12 18:24:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdbu.dll
[2012/03/12 18:24:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdblr.dll
[2012/03/12 18:24:10 | 000,008,192 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhept.dll
[2012/03/12 18:24:10 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhept.dll
[2012/03/12 18:24:10 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela3.dll
[2012/03/12 18:24:10 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela3.dll
[2012/03/12 18:24:10 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhela2.dll
[2012/03/12 18:24:10 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdgkl.dll
[2012/03/12 18:24:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhela2.dll
[2012/03/12 18:24:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgkl.dll
[2012/03/12 18:24:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe319.dll
[2012/03/12 18:24:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe220.dll
[2012/03/12 18:24:10 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhe.dll
[2012/03/12 18:24:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe319.dll
[2012/03/12 18:24:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe220.dll
[2012/03/12 18:24:10 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhe.dll
[2012/03/12 18:24:08 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv1.dll
[2012/03/12 18:24:08 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlv.dll
[2012/03/12 18:24:08 | 000,006,144 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdest.dll
[2012/03/12 18:24:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv1.dll
[2012/03/12 18:24:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlv.dll
[2012/03/12 18:24:08 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdest.dll
[2012/03/12 18:24:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt1.dll
[2012/03/12 18:24:08 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdlt.dll
[2012/03/12 18:24:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt1.dll
[2012/03/12 18:24:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdlt.dll
[2012/03/12 18:24:05 | 000,007,168 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz.dll
[2012/03/12 18:24:05 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz.dll
[2012/03/12 18:24:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdycl.dll
[2012/03/12 18:24:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl1.dll
[2012/03/12 18:24:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdsl.dll
[2012/03/12 18:24:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl.dll
[2012/03/12 18:24:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu.dll
[2012/03/12 18:24:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz2.dll
[2012/03/12 18:24:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcz1.dll
[2012/03/12 18:24:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdcr.dll
[2012/03/12 18:24:05 | 000,006,656 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\KBDAL.DLL
[2012/03/12 18:24:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdycl.dll
[2012/03/12 18:24:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl1.dll
[2012/03/12 18:24:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsl.dll
[2012/03/12 18:24:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl.dll
[2012/03/12 18:24:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu.dll
[2012/03/12 18:24:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz2.dll
[2012/03/12 18:24:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcz1.dll
[2012/03/12 18:24:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdcr.dll
[2012/03/12 18:24:05 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdal.dll
[2012/03/12 18:24:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdro.dll
[2012/03/12 18:24:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpl1.dll
[2012/03/12 18:24:05 | 000,005,632 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdhu1.dll
[2012/03/12 18:24:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdro.dll
[2012/03/12 18:24:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdpl1.dll
[2012/03/12 18:24:05 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhu1.dll
[2012/03/12 18:23:58 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dllcache\dgrpsetu.dll
[2012/03/12 18:23:58 | 000,176,157 | ---- | C] (Digi International, Inc.) -- C:\WINDOWS\System32\dgrpsetu.dll
[2012/03/12 18:23:58 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\EqnClass.Dll
[2012/03/12 18:23:58 | 000,103,424 | ---- | C] (Equinox Systems Inc.) -- C:\WINDOWS\System32\dllcache\eqnclass.dll
[2012/03/12 18:23:58 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dllcache\dgsetup.dll
[2012/03/12 18:23:58 | 000,085,020 | ---- | C] (Digi International) -- C:\WINDOWS\System32\dgsetup.dll
[2012/03/12 18:23:58 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2012/03/12 18:23:58 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2012/03/12 18:23:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2012/03/12 18:23:58 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2012/03/12 18:23:57 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLESVR.DLL
[2012/03/12 18:23:57 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TAPI.DLL
[2012/03/12 18:23:57 | 000,013,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WFWNET.DRV
[2012/03/12 18:23:57 | 000,009,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VER.DLL
[2012/03/12 18:23:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SHELL.DLL
[2012/03/12 18:23:57 | 000,004,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\TIMER.DRV
[2012/03/12 18:23:57 | 000,003,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SYSTEM.DRV
[2012/03/12 18:23:57 | 000,002,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\VGA.DRV
[2012/03/12 18:23:57 | 000,001,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\SOUND.DRV
[2012/03/12 18:23:56 | 000,126,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MSVIDEO.DLL
[2012/03/12 18:23:56 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\OLECLI.DLL
[2012/03/12 18:23:56 | 000,073,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIAVI.DRV
[2012/03/12 18:23:56 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCIWAVE.DRV
[2012/03/12 18:23:56 | 000,025,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MCISEQ.DRV
[2012/03/12 18:23:56 | 000,009,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\LZEXPAND.DLL
[2012/03/12 18:23:56 | 000,002,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MOUSE.DRV
[2012/03/12 18:23:56 | 000,002,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\KEYBOARD.DRV
[2012/03/12 18:23:56 | 000,001,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMTASK.TSK
[2012/03/12 18:23:55 | 000,109,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVIFILE.DLL
[2012/03/12 18:23:55 | 000,069,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\AVICAP.DLL
[2012/03/12 18:23:55 | 000,032,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\COMMDLG.DLL
[2012/03/12 18:23:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\TASKMAN.EXE
[2012/03/12 18:23:55 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\taskman.exe
[2012/03/12 18:23:54 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\WINSPOOL.DRV
[2012/03/12 18:23:54 | 000,068,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System\MMSYSTEM.DLL
[2012/03/12 18:23:54 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irenum.sys
[2012/03/12 18:23:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\batt.dll
[2012/03/12 18:23:54 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\batt.dll
[2012/03/12 18:23:53 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\storprop.dll
[2012/03/12 18:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/03/12 18:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/03/12 18:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/03/12 18:23:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/03/12 18:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/03/12 18:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/03/12 18:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/03/12 18:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/03/12 18:23:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/03/12 18:23:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/03/12 18:22:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/03/12 18:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/03/12 18:15:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/03/12 18:15:51 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/03/12 18:15:51 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/03/12 18:15:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 30 Days ==========

[2012/03/25 16:16:52 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/25 16:11:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/25 16:09:02 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500UA.job
[2012/03/25 12:17:09 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2012/03/25 11:20:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/03/25 10:44:25 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/25 10:44:24 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/03/25 10:38:43 | 000,435,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/25 10:38:43 | 000,068,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/25 00:55:34 | 985,071,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MathsWatch High.iso
[2012/03/24 22:09:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500Core.job
[2012/03/24 18:25:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/03/24 18:17:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/24 12:17:05 | 000,021,277 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sony-Playstation.jpg
[2012/03/24 11:02:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/19 22:24:01 | 000,001,768 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/19 18:32:57 | 000,018,449 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\420634_10150688371849564_507899563_9007300_314980238_n.jpg
[2012/03/19 17:11:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 17:11:26 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 16:14:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 16:02:54 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NetTools.lnk
[2012/03/18 14:55:35 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/03/18 14:55:35 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/03/18 11:32:36 | 000,057,028 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/17 23:38:44 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/03/17 23:38:44 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/03/15 22:15:55 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2012/03/15 19:24:03 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/03/14 23:13:44 | 000,264,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/03/14 23:13:44 | 000,264,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2012/03/14 23:13:30 | 001,177,600 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/03/14 22:31:33 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2012/03/14 22:31:33 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Logitech Pictures.lnk
[2012/03/14 18:16:56 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JDownloader.lnk
[2012/03/14 17:45:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/12 22:33:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/12 22:28:01 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/12 22:27:30 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2012/03/12 22:27:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/12 22:26:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 22:24:43 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/03/12 22:24:43 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/03/12 22:19:46 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/03/12 22:08:35 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/03/12 22:08:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/12 22:06:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/12 22:03:15 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2012/03/12 22:01:07 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/03/12 21:59:21 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 21:58:35 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spotify.lnk
[2012/03/12 21:57:41 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/03/12 21:57:40 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/03/12 21:57:36 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/03/12 21:56:05 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinSCP.lnk
[2012/03/12 21:55:59 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/12 21:51:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/12 19:28:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 19:28:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/12 19:27:35 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/12 19:18:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/03/12 19:14:22 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:22 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:17 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/03/12 19:12:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/12 19:11:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/03/12 19:09:21 | 000,000,690 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/03/12 19:06:21 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/12 19:06:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/12 19:06:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/03/12 19:06:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/03/12 19:06:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/12 19:06:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/03/12 19:06:04 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/12 19:02:10 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/12 18:58:58 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/03/12 18:24:32 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

========== Files Created - No Company Name ==========

[2012/03/25 11:20:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/03/24 12:17:07 | 000,021,277 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sony-Playstation.jpg
[2012/03/23 18:24:14 | 985,071,616 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MathsWatch High.iso
[2012/03/19 18:33:03 | 000,018,449 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\420634_10150688371849564_507899563_9007300_314980238_n.jpg
[2012/03/19 17:11:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 17:11:26 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 16:12:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 16:02:54 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NetTools.lnk
[2012/03/18 16:01:43 | 000,809,345 | ---- | C] () -- C:\WINDOWS\System32\nmap-os-fingerprints
[2012/03/18 16:01:43 | 000,557,444 | ---- | C] () -- C:\WINDOWS\System32\nmap-service-probes
[2012/03/18 16:01:43 | 000,482,123 | ---- | C] () -- C:\WINDOWS\System32\nmapwin.chm
[2012/03/18 16:01:43 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nmapserv.exe
[2012/03/18 16:01:43 | 000,225,546 | ---- | C] () -- C:\WINDOWS\System32\nmap-mac-prefixes
[2012/03/18 16:01:43 | 000,108,536 | ---- | C] () -- C:\WINDOWS\System32\nmap-services
[2012/03/18 16:01:43 | 000,021,552 | ---- | C] () -- C:\WINDOWS\System32\nmap.xsl
[2012/03/18 16:01:43 | 000,017,955 | ---- | C] () -- C:\WINDOWS\System32\nmap-rpc
[2012/03/18 16:01:43 | 000,006,318 | ---- | C] () -- C:\WINDOWS\System32\nmap-protocols
[2012/03/18 16:01:43 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\nmap_performance.reg
[2012/03/18 16:01:42 | 000,452,096 | ---- | C] () -- C:\WINDOWS\System32\nmap.exe
[2012/03/18 16:01:42 | 000,192,007 | ---- | C] () -- C:\WINDOWS\System32\CHANGELOG
[2012/03/18 16:01:42 | 000,025,611 | ---- | C] () -- C:\WINDOWS\System32\COPYING
[2012/03/18 16:01:13 | 000,010,348 | ---- | C] () -- C:\WINDOWS\System32\SubclassingSink.tlb
[2012/03/18 14:55:35 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/03/18 14:55:35 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/03/18 14:55:35 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/03/18 11:32:36 | 000,057,028 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/18 11:11:43 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2012/03/17 23:39:55 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/03/17 23:39:55 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/03/17 23:39:52 | 000,001,768 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/15 22:15:55 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2012/03/15 19:24:03 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/03/14 22:31:33 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2012/03/14 22:31:33 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Logitech Pictures.lnk
[2012/03/14 22:30:49 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2012/03/14 22:30:38 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/03/14 18:16:56 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JDownloader.lnk
[2012/03/14 18:16:48 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2012/03/14 18:16:48 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/03/14 18:16:47 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2012/03/14 17:19:54 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 23:38:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/13 18:48:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/12 22:32:53 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/12 22:28:03 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2012/03/12 22:28:01 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/12 22:27:30 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/12 22:26:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 22:19:46 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk
[2012/03/12 22:19:46 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/03/12 22:18:01 | 000,065,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/12 22:08:35 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/03/12 22:08:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/12 22:07:55 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/12 22:06:48 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/12 22:06:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/12 22:03:17 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2012/03/12 22:01:07 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/03/12 21:59:21 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 21:59:21 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 21:58:35 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Spotify.lnk
[2012/03/12 21:58:35 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spotify.lnk
[2012/03/12 21:57:40 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/03/12 21:57:40 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/03/12 21:57:36 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/03/12 21:56:07 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinSCP.lnk
[2012/03/12 21:56:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2012/03/12 21:55:59 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/12 21:52:36 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500UA.job
[2012/03/12 21:52:35 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500Core.job
[2012/03/12 21:52:32 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/03/12 21:51:59 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/12 19:28:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 19:28:43 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 19:28:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/12 19:27:35 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/12 19:18:12 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/03/12 19:14:22 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:22 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:13 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/03/12 19:13:37 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/03/12 19:12:19 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/12 19:12:10 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/03/12 19:12:06 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/03/12 19:11:54 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2012/03/12 19:11:53 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2012/03/12 19:11:45 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2012/03/12 19:11:44 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2012/03/12 19:11:31 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/03/12 19:11:31 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/03/12 19:11:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/03/12 19:09:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/12 19:08:30 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/03/12 19:08:11 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/03/12 19:08:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/03/12 19:08:03 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/03/12 19:08:01 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/03/12 19:07:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/03/12 19:07:41 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/03/12 19:07:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/03/12 19:07:26 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/03/12 19:06:21 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/12 19:06:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/03/12 19:06:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/03/12 19:06:17 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/12 19:06:17 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/03/12 19:06:15 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/03/12 19:04:48 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/03/12 19:04:32 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/03/12 19:04:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/03/12 19:04:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/03/12 19:04:05 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/03/12 19:03:12 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/03/12 19:02:11 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/03/12 19:02:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/12 19:01:37 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/03/12 19:01:05 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/03/12 19:01:05 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/03/12 19:01:05 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/03/12 19:01:04 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/03/12 19:01:04 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/03/12 19:01:04 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/03/12 19:01:04 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/03/12 19:01:04 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/03/12 19:01:04 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/03/12 19:01:04 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/03/12 19:01:03 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/03/12 19:01:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/03/12 19:01:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/03/12 19:00:58 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/03/12 19:00:51 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2012/03/12 18:24:32 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012/03/12 18:24:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/12 18:24:23 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/03/12 18:24:23 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/03/12 18:24:22 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/03/12 18:24:21 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/03/12 18:23:55 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/03/12 18:23:41 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/03/12 18:23:41 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/03/12 18:23:41 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/03/12 18:23:41 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/03/12 18:23:41 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/03/12 18:23:41 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/03/12 18:23:41 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/03/12 18:23:41 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/03/12 18:23:41 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/03/12 18:23:40 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/03/12 18:23:40 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/03/12 18:23:40 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/03/12 18:23:40 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/03/12 18:23:40 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/03/12 18:23:40 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/03/12 18:23:40 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/03/12 18:23:40 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/03/12 18:23:39 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/03/12 18:23:39 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/03/12 18:22:19 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2012/03/12 18:22:13 | 000,000,690 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

< End of report >

Thanks, just sometimes MSE pops up with random virus alerts and stuff
  • 0

#8
Essexboy
Posted 25 March 2012 - 09:33 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you getting them at the moment ?

What files are referenced ?
  • 0

#9
Pawanhammers
Posted 25 March 2012 - 09:57 AM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
Nope I having been getting any, ever since I just done that fix I done 30 minutes ago. However they might come back, i'll tell you if they do.

The Referenced Files:

file:C:\Documents and Settings\Administrator\Application Data\rundll32.exe
file:C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\MicrosoftUpdate.exe
startup:c:\documents and settings\administrator\Start Menu\Programs\Startup\MicrosoftUpdate.exe
file:C:\Documents and Settings\Administrator\Application Data\Administratorbs1.1.1.1crypt.exe
file:C:\Documents and Settings\Administrator\Application Data\FirewallUpdate.exe
file:C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FirewallUpdate.exe
startup:c:\documents and settings\administrator\Start Menu\Programs\Startup\FirewallUpdate.exe
file:C:\Documents and Settings\Administrator\Application Data\MicrosoftUpdate.exe
regkey:HKCU@S-1-5-21-1292428093-1383384898-842925246-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\MicrosoftUpdate
runkey:HKCU@S-1-5-21-1292428093-1383384898-842925246-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\MicrosoftUpdate
file:C:\System Volume Information\_restore{55AF2840-5EEE-4393-82FA-D4CC57815BA8}\RP25\A0004783.exe
file:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IHFFLJK7\hc[1].exe
file:C:\Documents and Settings\Administrator\Local Settings\Temp\hc.exe
file:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hc.exe
  • 0

#10
Essexboy
Posted 25 March 2012 - 10:27 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets now sweep for orphans

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

Advertisements

#11
Pawanhammers
Posted 25 March 2012 - 10:40 AM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
Okay, so I was running the scan, and MSE popped up and said:

1 potential threat:

Virtool:MSIL/Injector.M
Category: Tool

Description: This program is used to create viruses, worms or other malware.

Recommended action: Remove this software immediately.

Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the Allow action and click Apply actions. If this option is not available, log on as administrator or ask the security administrator for help.

Items:
file:C:\Documents and Settings\Administratorbs1.1.1.1crypt.exe

MBAM FINISHED:


Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.25.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: PSD [administrator]

25/03/2012 17:37:19
mbam-log-2012-03-25 (17-37-19).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173193
Time elapsed: 5 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\Software\DC3_FEXEC (Malware.Trace) -> Quarantined and deleted successfully.
HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by Pawanhammers, 25 March 2012 - 10:43 AM.

  • 0

#12
Essexboy
Posted 25 March 2012 - 11:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK I had already removed that

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#13
Pawanhammers
Posted 25 March 2012 - 01:14 PM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
ComboFix 12-03-22.01 - Administrator 25/03/2012 18:20:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1278.682 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\SYSTEM32\RtlGina\RtlGina.DLL
c:\windows\system32\wpcap.dll
F:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-02-25 to 2012-03-25 )))))))))))))))))))))))))))))))
.
.
2012-03-25 09:53 . 2012-03-25 09:53 -------- d-----w- C:\_OTL
2012-03-22 21:03 . 2012-03-22 21:04 -------- d-----w- C:\OpenSSL-Win32
2012-03-17 22:42 . 2012-03-17 22:42 -------- d-----r- C:\Sandbox
2012-03-15 21:46 . 2012-03-15 21:46 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 14:55 . 2012-03-12 18:28 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-06-29 . 600D58665D16BFBB776EFEFB0E80532D . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-07 451856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
REALTEK 11n USB Wireless LAN Utility.lnk - c:\program files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe [2012-3-12 933888]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\REALTEK\\11n USB Wireless LAN Utility\\RtWLan.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\PatchBlocker.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [3/12/2012 7:13 PM 589312]
S1 MpKsla91b9379;MpKsla91b9379;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB6F449E-F57B-447D-ADAE-737BF99A9FA8}\MpKsla91b9379.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB6F449E-F57B-447D-ADAE-737BF99A9FA8}\MpKsla91b9379.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 9:50 AM 158856]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [1/21/2010 6:51 PM 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-03-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 06:15]
.
2012-03-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 06:15]
.
2012-03-25 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 15:39]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.5.1
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c1ndcu8q.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-25 20:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Sandboxie\SbieSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2012-03-25 20:05:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-25 19:05
.
Pre-Run: 22,989,496,320 bytes free
Post-Run: 22,885,167,104 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3650E56109A0A3079925F1352E9F2B8F

Yeah, my computer is running okay, but still worried that there might be another virus warning/pop-up from MSE lol. Have you verified on my system that there is no more virus'?
  • 0

#14
Essexboy
Posted 25 March 2012 - 01:27 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Combofix removed nothing of real import

Could you run OTL again please - selecting all users as I want to ensure that the bad file has not returned
  • 0

#15
Pawanhammers
Posted 25 March 2012 - 01:49 PM

Pawanhammers

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 248 posts
Yh, ok, running now.


OTL logfile created on: 25/03/2012 20:43:43 - Run 4
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.25 Gb Total Physical Memory | 0.47 Gb Available Physical Memory | 37.34% Memory free
2.98 Gb Paging File | 2.26 Gb Available in Paging File | 75.77% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 21.33 Gb Free Space | 57.27% Space Free | Partition Type: NTFS
Drive E: | 29.77 Gb Total Space | 25.80 Gb Free Space | 86.68% Space Free | Partition Type: FAT32
Drive F: | 268.28 Gb Total Space | 169.29 Gb Free Space | 63.10% Space Free | Partition Type: NTFS

Computer Name: PSD | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/24 18:17:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/03/21 13:21:14 | 001,049,072 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/02/27 15:43:07 | 000,801,792 | ---- | M] (Yuna Software) -- C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
PRC - [2012/02/08 00:11:44 | 000,451,856 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2012/02/08 00:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2011/10/13 10:58:04 | 003,256,408 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe
PRC - [2011/06/15 16:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/06/12 22:00:42 | 000,933,888 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005/07/19 18:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/06/08 16:14:44 | 000,217,088 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\LogiTray.exe
PRC - [2005/06/08 15:44:56 | 000,192,512 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Video\FxSvr2.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/21 13:21:12 | 000,429,040 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppgooglenaclpluginchrome.dll
MOD - [2012/03/21 13:21:11 | 003,772,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
MOD - [2012/03/21 13:19:37 | 000,122,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\avutil-51.dll
MOD - [2012/03/21 13:19:35 | 000,220,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\avformat-53.dll
MOD - [2012/03/21 13:19:34 | 001,747,456 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\avcodec-53.dll
MOD - [2012/03/21 08:44:18 | 008,593,056 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
MOD - [2010/01/21 02:34:10 | 008,793,952 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/01/09 21:18:18 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/04/03 17:32:10 | 000,110,592 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\EnumDevLib.dll
MOD - [2008/04/14 05:42:04 | 001,288,192 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/14 05:42:04 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/14 05:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 05:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/12/15 02:30:54 | 001,167,360 | ---- | M] () -- C:\Program Files\REALTEK\11n USB Wireless LAN Utility\acAuth.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/02/29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/08 00:11:42 | 000,074,512 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2011/04/27 16:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/21 18:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DB6F449E-F57B-447D-ADAE-737BF99A9FA8}\MpKsla91b9379.sys -- (MpKsla91b9379)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/02/08 00:11:42 | 000,133,392 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2009/06/22 10:31:08 | 000,589,312 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2005/05/27 10:46:22 | 000,913,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302AV.SYS -- (PID_08A0) QuickCam IM(PID_08A0)
DRV - [2005/05/27 10:38:00 | 000,007,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005/05/27 10:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1292428093-1383384898-842925246-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.2.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.2.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/12 22:08:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/03/12 19:42:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/03/21 19:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c1ndcu8q.default\extensions
[2012/03/12 21:55:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/12 21:55:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C1NDCU8Q.DEFAULT\EXTENSIONS\{888D99E7-E8B5-46A3-851E-1EC45DA1E644}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C1NDCU8Q.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/03/12 21:55:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/16 15:55:34 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/16 12:08:43 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/02/16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/16 12:08:43 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/16 12:08:43 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/16 12:08:43 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - plugin: Java™ Platform SE 7 U2 (Enabled) = C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\new_plugin\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.20.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AutoReloader = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ahijjacooaofacadpjbfbmgekilcpjhj\1.9.6_0\
CHR - Extension: TimelineRemove = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.7.1_0\

O1 HOSTS File: ([2012/03/25 20:01:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\S-1-5-21-1292428093-1383384898-842925246-500..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-1292428093-1383384898-842925246-500..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk = C:\Program Files\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1292428093-1383384898-842925246-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1292428093-1383384898-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1292428093-1383384898-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1292428093-1383384898-842925246-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BB53C317-01FF-4A4C-AAAA-43C8B8B20D9D}: DhcpNameServer = 192.168.5.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/12 19:06:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/07/15 22:34:52 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/25 18:19:32 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/03/25 18:16:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/03/25 18:16:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/03/25 18:16:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/03/25 18:16:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/25 18:16:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/03/25 18:16:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/25 18:16:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Videos
[2012/03/25 18:16:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/03/25 18:14:53 | 004,443,082 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/03/25 15:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PsBase
[2012/03/25 10:53:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/25 10:52:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/03/25 01:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\MathsWatch
[2012/03/24 18:25:17 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/03/24 18:17:54 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/24 12:39:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/03/22 22:04:05 | 001,177,600 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/03/22 22:04:05 | 000,264,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/03/22 22:04:05 | 000,264,704 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2012/03/22 22:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenSSL
[2012/03/22 22:03:59 | 000,000,000 | ---D | C] -- C:\OpenSSL-Win32
[2012/03/22 22:01:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Infinity
[2012/03/22 21:36:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\dclogs
[2012/03/19 17:11:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/03/18 16:12:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/03/18 16:12:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/03/18 16:12:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/03/18 16:10:32 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/03/18 16:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Net Tools
[2012/03/18 16:01:43 | 000,077,824 | ---- | C] (JVSoftware) -- C:\WINDOWS\System32\nmapwin.exe
[2012/03/18 16:01:34 | 000,114,688 | ---- | C] (Open Source Telecom) -- C:\WINDOWS\System32\CCGNU32.dll
[2012/03/18 16:01:18 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2012/03/18 16:01:13 | 000,939,224 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\Flash.ocx
[2012/03/18 16:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\Net Tools
[2012/03/18 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2012/03/18 14:55:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/03/18 14:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2012/03/18 11:47:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/03/18 11:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2012/03/17 23:42:41 | 000,000,000 | R--D | C] -- C:\Sandbox
[2012/03/17 23:38:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sandboxie
[2012/03/17 23:38:41 | 000,000,000 | ---D | C] -- C:\Program Files\Sandboxie
[2012/03/16 18:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WPRV3.58
[2012/03/16 18:57:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\wordpress
[2012/03/16 17:22:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Logitech-LS
[2012/03/15 22:58:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
[2012/03/15 22:58:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/03/15 22:57:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/03/15 22:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012/03/15 22:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2012/03/15 22:50:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/03/15 22:49:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2012/03/15 22:48:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/03/15 22:48:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012/03/15 22:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/03/15 22:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/03/15 22:46:48 | 000,000,000 | R--D | C] -- C:\MSOCache
[2012/03/15 22:16:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2012/03/15 22:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamSpeak 3 Client
[2012/03/15 22:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client
[2012/03/15 19:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\mIRC
[2012/03/15 19:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2012/03/15 18:18:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2012/03/15 17:26:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\X-Chat 2
[2012/03/14 22:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Logitech
[2012/03/14 22:30:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logitech
[2012/03/14 22:30:11 | 000,029,795 | ---- | C] (Ingenient Technologies, Inc.) -- C:\WINDOWS\System32\ITIG726.acm
[2012/03/14 22:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/03/14 22:18:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Messenger Plus!
[2012/03/14 22:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/03/14 22:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2012/03/14 18:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2012/03/14 18:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2012/03/14 18:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\WiiBackUpManager
[2012/03/13 18:01:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Received Files
[2012/03/13 18:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing
[2012/03/13 17:21:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2012/03/12 23:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/03/12 22:28:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2012/03/12 22:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/03/12 22:27:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/03/12 22:26:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/12 22:26:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/03/12 22:26:48 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/03/12 22:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/12 22:25:53 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle
[2012/03/12 22:25:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/03/12 22:25:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/12 22:22:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\jdk1.7.0_02_combo
[2012/03/12 22:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\Paint.NET
[2012/03/12 22:19:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Paint.NET
[2012/03/12 22:17:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/03/12 22:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/03/12 22:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/03/12 22:15:23 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/03/12 22:14:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/03/12 22:08:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/03/12 22:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/03/12 22:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/03/12 22:08:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2012/03/12 22:08:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2012/03/12 22:07:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2012/03/12 22:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/03/12 22:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/03/12 22:07:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/03/12 22:06:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/03/12 22:02:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2012/03/12 22:02:47 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/03/12 22:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Live
[2012/03/12 22:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2012/03/12 22:01:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/03/12 22:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/03/12 21:59:07 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2012/03/12 21:58:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Spotify
[2012/03/12 21:58:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Spotify
[2012/03/12 21:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/03/12 21:57:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2012/03/12 21:57:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2012/03/12 21:56:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinSCP
[2012/03/12 21:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinSCP
[2012/03/12 21:56:01 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012/03/12 21:56:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2012/03/12 21:55:59 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/03/12 21:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/03/12 21:55:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/03/12 21:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/03/12 21:55:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/03/12 21:54:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/03/12 21:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/03/12 21:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/03/12 21:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/03/12 21:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/03/12 21:54:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/03/12 21:54:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/03/12 21:54:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Palringo
[2012/03/12 21:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Palringo
[2012/03/12 21:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2012/03/12 21:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/03/12 21:52:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Google Chrome
[2012/03/12 21:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2012/03/12 21:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/03/12 21:51:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/03/12 19:45:52 | 000,045,056 | ---- | C] (adi) -- C:\WINDOWS\System32\CleanUp.exe
[2012/03/12 19:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\Analog Devices
[2012/03/12 19:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/03/12 19:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/03/12 19:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/03/12 19:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/12 19:27:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012/03/12 19:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/03/12 19:27:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/03/12 19:27:34 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/03/12 19:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/03/12 19:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/03/12 19:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 7
[2012/03/12 19:18:10 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/03/12 19:17:23 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\UserData
[2012/03/12 19:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\REALTEK 11n USB Wireless LAN Utility
[2012/03/12 19:13:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2012/03/12 19:13:44 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\System32\RtlUI2.exe
[2012/03/12 19:13:44 | 000,380,928 | R--- | C] (Realtek) -- C:\WINDOWS\RtlUI2.exe
[2012/03/12 19:13:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RtlGina
[2012/03/12 19:13:37 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK
[2012/03/12 19:13:35 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/03/12 19:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/03/12 19:12:06 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/03/12 19:12:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/03/12 19:12:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Music
[2012/03/12 19:11:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/03/12 19:11:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/03/12 19:11:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/03/12 19:11:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/03/12 19:11:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/03/12 19:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/03/12 19:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/03/12 19:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/03/12 19:11:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/03/12 19:11:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/03/12 19:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/03/12 19:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/03/12 19:11:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/03/12 19:11:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/03/12 19:11:30 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/03/12 19:11:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/03/12 19:11:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/03/12 19:11:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/03/12 19:11:03 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/03/12 19:11:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/03/12 19:10:59 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/03/12 19:10:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/03/12 19:08:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/03/12 19:08:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/03/12 19:08:36 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/03/12 19:07:23 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/03/12 19:06:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/03/12 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/03/12 19:06:51 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/03/12 19:06:32 | 000,000,000 | ---D | C] -- C:\DELL
[2012/03/12 19:05:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/03/12 19:05:03 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2012/03/12 19:05:02 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/03/12 19:04:49 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/03/12 19:04:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/03/12 19:04:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/03/12 19:03:59 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/03/12 19:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/03/12 19:03:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/03/12 19:03:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/03/12 19:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/03/12 19:03:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/03/12 19:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/03/12 19:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/03/12 19:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/03/12 19:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/03/12 19:02:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/03/12 19:02:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/03/12 19:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/03/12 19:01:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/03/12 19:01:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/03/12 19:01:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/03/12 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/03/12 19:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/03/12 19:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/03/12 19:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/03/12 19:00:30 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/03/12 19:00:29 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/03/12 19:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/03/12 19:00:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/03/12 19:00:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/03/12 19:00:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/03/12 19:00:02 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/03/12 18:59:35 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2012/03/12 18:24:27 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/03/12 18:24:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/03/12 18:24:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/03/12 18:24:20 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/03/12 18:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/03/12 18:24:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/03/12 18:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/03/12 18:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/03/12 18:23:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/03/12 18:23:41 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/03/12 18:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/03/12 18:23:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/03/12 18:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/03/12 18:23:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/03/12 18:23:17 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/03/12 18:23:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/03/12 18:22:47 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/03/12 18:22:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/03/12 18:15:51 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/03/12 18:15:51 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/03/12 18:15:51 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/03/12 18:15:51 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/03/12 18:15:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025

========== Files - Modified Within 30 Days ==========

[2012/03/25 20:09:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500UA.job
[2012/03/25 20:06:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/25 20:01:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/03/25 20:01:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/25 18:19:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/03/25 18:15:09 | 004,443,082 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2012/03/25 12:17:09 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2012/03/25 10:44:25 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/25 10:44:24 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/03/25 10:38:43 | 000,435,568 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/25 10:38:43 | 000,068,272 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/24 22:09:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500Core.job
[2012/03/24 18:25:35 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/03/24 18:17:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/03/24 11:02:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/19 22:24:01 | 000,001,768 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/19 17:11:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 17:11:26 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 16:14:06 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 16:02:54 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\NetTools.lnk
[2012/03/18 14:55:35 | 000,001,510 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/03/18 14:55:35 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/03/18 11:32:36 | 000,057,028 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/17 23:38:44 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/03/17 23:38:44 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/03/15 22:15:55 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2012/03/15 19:24:03 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/03/14 23:13:44 | 000,264,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2012/03/14 23:13:44 | 000,264,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2012/03/14 23:13:30 | 001,177,600 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2012/03/14 22:31:33 | 000,001,644 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2012/03/14 22:31:33 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\My Logitech Pictures.lnk
[2012/03/14 18:16:56 | 000,001,694 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JDownloader.lnk
[2012/03/14 17:45:18 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/12 22:28:01 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/03/12 22:27:30 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2012/03/12 22:27:01 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/12 22:26:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 22:19:46 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/03/12 22:08:35 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/03/12 22:08:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/12 22:06:48 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/12 22:03:15 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2012/03/12 22:01:07 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/03/12 21:59:21 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 21:58:35 | 000,001,914 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spotify.lnk
[2012/03/12 21:57:41 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/03/12 21:57:40 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/03/12 21:57:36 | 000,002,356 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/03/12 21:56:05 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinSCP.lnk
[2012/03/12 21:55:59 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/12 21:51:59 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/12 19:28:43 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 19:28:43 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/12 19:27:35 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/12 19:18:12 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/03/12 19:14:22 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:22 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:17 | 000,376,832 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/03/12 19:12:19 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/12 19:11:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/03/12 19:09:21 | 000,000,690 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/03/12 19:06:21 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/12 19:06:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/12 19:06:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/03/12 19:06:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/03/12 19:06:17 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/12 19:06:17 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/03/12 19:06:04 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/12 19:02:10 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/12 18:58:58 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2012/03/12 18:24:32 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF

========== Files Created - No Company Name ==========

[2012/03/25 18:19:37 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/03/25 18:19:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/03/25 18:16:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/03/25 18:16:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/03/25 18:16:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/03/25 18:16:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/03/25 18:16:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/03/19 17:11:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/19 17:11:26 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/18 16:12:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/03/18 16:02:54 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\NetTools.lnk
[2012/03/18 16:01:43 | 000,809,345 | ---- | C] () -- C:\WINDOWS\System32\nmap-os-fingerprints
[2012/03/18 16:01:43 | 000,557,444 | ---- | C] () -- C:\WINDOWS\System32\nmap-service-probes
[2012/03/18 16:01:43 | 000,482,123 | ---- | C] () -- C:\WINDOWS\System32\nmapwin.chm
[2012/03/18 16:01:43 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nmapserv.exe
[2012/03/18 16:01:43 | 000,225,546 | ---- | C] () -- C:\WINDOWS\System32\nmap-mac-prefixes
[2012/03/18 16:01:43 | 000,108,536 | ---- | C] () -- C:\WINDOWS\System32\nmap-services
[2012/03/18 16:01:43 | 000,021,552 | ---- | C] () -- C:\WINDOWS\System32\nmap.xsl
[2012/03/18 16:01:43 | 000,017,955 | ---- | C] () -- C:\WINDOWS\System32\nmap-rpc
[2012/03/18 16:01:43 | 000,006,318 | ---- | C] () -- C:\WINDOWS\System32\nmap-protocols
[2012/03/18 16:01:43 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\nmap_performance.reg
[2012/03/18 16:01:42 | 000,452,096 | ---- | C] () -- C:\WINDOWS\System32\nmap.exe
[2012/03/18 16:01:42 | 000,192,007 | ---- | C] () -- C:\WINDOWS\System32\CHANGELOG
[2012/03/18 16:01:42 | 000,025,611 | ---- | C] () -- C:\WINDOWS\System32\COPYING
[2012/03/18 16:01:13 | 000,010,348 | ---- | C] () -- C:\WINDOWS\System32\SubclassingSink.tlb
[2012/03/18 14:55:35 | 000,001,510 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2012/03/18 14:55:35 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2012/03/18 14:55:35 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2012/03/18 11:32:36 | 000,057,028 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/18 11:11:43 | 000,002,193 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Safari.lnk
[2012/03/17 23:39:55 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Sandboxed Web Browser.lnk
[2012/03/17 23:39:55 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Sandboxed Web Browser.lnk
[2012/03/17 23:39:52 | 000,001,768 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2012/03/15 22:15:55 | 000,000,837 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamSpeak 3 Client.lnk
[2012/03/15 19:24:03 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\mIRC.lnk
[2012/03/14 22:31:33 | 000,001,644 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Logitech QuickCam.lnk
[2012/03/14 22:31:33 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\My Logitech Pictures.lnk
[2012/03/14 22:30:49 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2012/03/14 22:30:38 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2012/03/14 18:16:56 | 000,001,694 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JDownloader.lnk
[2012/03/14 18:16:48 | 000,001,658 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader.lnk
[2012/03/14 18:16:48 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Uninstaller.lnk
[2012/03/14 18:16:47 | 000,001,581 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader Update.lnk
[2012/03/14 17:19:54 | 000,032,768 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 23:38:20 | 000,002,322 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/13 18:48:13 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/12 22:32:53 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/12 22:28:03 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2012/03/12 22:28:01 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/03/12 22:27:30 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/03/12 22:26:51 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/12 22:19:46 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Paint.NET.lnk
[2012/03/12 22:19:46 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2012/03/12 22:18:01 | 000,065,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/03/12 22:08:35 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2012/03/12 22:08:01 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/12 22:07:55 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/03/12 22:06:48 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/12 22:06:48 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/12 22:03:17 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows Live Messenger .lnk
[2012/03/12 22:01:07 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/03/12 21:59:21 | 000,000,825 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 21:59:21 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Audacity 1.3 Beta (Unicode).lnk
[2012/03/12 21:58:35 | 000,001,920 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Spotify.lnk
[2012/03/12 21:58:35 | 000,001,914 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spotify.lnk
[2012/03/12 21:57:40 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2012/03/12 21:57:40 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[2012/03/12 21:57:36 | 000,002,356 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2012/03/12 21:56:07 | 000,001,512 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinSCP.lnk
[2012/03/12 21:56:07 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2012/03/12 21:55:59 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\µTorrent.lnk
[2012/03/12 21:52:36 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500UA.job
[2012/03/12 21:52:35 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1292428093-1383384898-842925246-500Core.job
[2012/03/12 21:52:32 | 000,002,344 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2012/03/12 21:51:59 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2012/03/12 19:28:43 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/12 19:28:43 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/12 19:28:43 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2012/03/12 19:27:35 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/03/12 19:18:12 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 7.lnk
[2012/03/12 19:14:22 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:22 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\REALTEK 11n USB Wireless LAN Utility.lnk
[2012/03/12 19:14:13 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2012/03/12 19:13:37 | 000,451,072 | ---- | C] () -- C:\WINDOWS\System32\ISSRemoveSP.exe
[2012/03/12 19:12:19 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/03/12 19:12:10 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/03/12 19:12:06 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/03/12 19:11:54 | 000,007,315 | ---- | C] () -- C:\WINDOWS\System32\javasup.vxd
[2012/03/12 19:11:53 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2012/03/12 19:11:45 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedon.reg
[2012/03/12 19:11:44 | 000,000,113 | ---- | C] () -- C:\WINDOWS\System32\zonedoff.reg
[2012/03/12 19:11:31 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2012/03/12 19:11:31 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/03/12 19:11:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/03/12 19:09:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/12 19:08:30 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/03/12 19:08:11 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/03/12 19:08:04 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/03/12 19:08:03 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/03/12 19:08:01 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/03/12 19:07:48 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/03/12 19:07:41 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/03/12 19:07:37 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/03/12 19:07:26 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/03/12 19:06:21 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/03/12 19:06:21 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/03/12 19:06:21 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/03/12 19:06:21 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/03/12 19:06:17 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/03/12 19:06:17 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/03/12 19:06:15 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/03/12 19:04:48 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/03/12 19:04:32 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/03/12 19:04:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/03/12 19:04:13 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/03/12 19:04:05 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/03/12 19:03:12 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/03/12 19:02:11 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/03/12 19:02:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/12 19:01:37 | 000,001,986 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
[2012/03/12 19:01:05 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/03/12 19:01:05 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/03/12 19:01:05 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/03/12 19:01:04 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/03/12 19:01:04 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/03/12 19:01:04 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/03/12 19:01:04 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/03/12 19:01:04 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/03/12 19:01:04 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/03/12 19:01:04 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/03/12 19:01:03 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/03/12 19:01:00 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/03/12 19:01:00 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/03/12 19:00:58 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/03/12 19:00:51 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2012/03/12 18:24:32 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012/03/12 18:24:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/12 18:24:23 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/03/12 18:24:23 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/03/12 18:24:22 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/03/12 18:24:21 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/03/12 18:23:55 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/03/12 18:23:41 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/03/12 18:23:41 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/03/12 18:23:41 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/03/12 18:23:41 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/03/12 18:23:41 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/03/12 18:23:41 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/03/12 18:23:41 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/03/12 18:23:41 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/03/12 18:23:41 | 000,007,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/03/12 18:23:40 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/03/12 18:23:40 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/03/12 18:23:40 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/03/12 18:23:40 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/03/12 18:23:40 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/03/12 18:23:40 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/03/12 18:23:40 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/03/12 18:23:40 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/03/12 18:23:39 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/03/12 18:23:39 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/03/12 18:22:19 | 000,000,327 | RHS- | C] () -- C:\boot.ini
[2012/03/12 18:22:13 | 000,000,690 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf

========== LOP Check ==========

[2012/03/24 10:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\dclogs
[2012/03/18 14:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2012/03/12 22:25:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Oracle
[2012/03/12 21:58:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spotify
[2012/03/12 20:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2012/03/19 21:13:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TS3Client
[2012/03/25 10:38:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/03/15 17:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\X-Chat 2
[2012/03/14 22:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
[2012/03/25 20:06:41 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP