Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hidden folders - want to remove attribute


  • Please log in to reply

#1
paulsiam

paulsiam

    Member

  • Member
  • PipPipPip
  • 122 posts
Runni ng Windows XP Pro, SP3.
With drive c partitioned for data (=drive d) and external disk (=drive e)
On both drive d & e, some of the folders are hidden attribute, others are not.
How can I remove all the Hidden Attributes?

In folders view, I have already unchecked the hidden folder,s system folders, etc.

I can see all the folders as administrator, buyt how can I make all the folders unhidden so that I can take the external, for exmaple. to any computer and still be able to see all the folders ok?

Thansk

PaulBut I cannot get the folders
  • 0

Advertisements


#2
paulsiam

paulsiam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
i ran Malwarebytes and there are no malware on drives c d e
  • 0

#3
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Hello and welcome to Geekstogo!

We apologize for the delay in responding to your request for help.
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

If you haven't done so yet, please go to Malware and Spyware Cleaning Guide and follow the steps instructed there. If you have already done this, we still need a new log to see what has changed since you originally posted your problem.

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.
  • 0

#4
paulsiam

paulsiam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
thank you for your help. i post here the two files. Paul
_____________________________

OTL logfile created on: 4/17/2012 07:11:29 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 76.13% Memory free
5.29 Gb Paging File | 4.45 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 172.79 Gb Total Space | 138.17 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 125.43 Gb Free Space | 42.81% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 130.73 Gb Free Space | 43.86% Space Free | Partition Type: NTFS

Computer Name: JESUITS-A7A3CC2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/17 07:10:54 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2012/04/11 13:49:21 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/04/11 13:42:59 | 000,885,616 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2012/03/13 11:39:04 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/01 06:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
PRC - [2009/12/16 19:02:16 | 000,045,056 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/09/30 19:02:50 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 19:02:48 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag\oodag.exe
PRC - [2008/07/03 18:38:24 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/04 13:43:08 | 000,638,976 | R--- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/04/14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Pearson\Q Local System 2\SSEE\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/01/03 22:47:12 | 001,282,048 | ---- | M] () -- C:\Program Files\MsgPopupEN\MsgPopup.exe
PRC - [2003/04/01 12:01:08 | 000,491,520 | ---- | M] () -- C:\Program Files\MightyFax\MFNTCTL.EXE


========== Modules (No Company Name) ==========

MOD - [2012/04/14 12:05:21 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
MOD - [2012/04/11 09:37:46 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MOD - [2012/04/11 09:37:30 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MOD - [2012/04/11 09:37:26 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2012/03/13 11:39:07 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/04/24 23:13:30 | 007,008,656 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtgui4.dll
MOD - [2011/04/24 23:13:28 | 000,192,912 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtsql4.dll
MOD - [2011/04/24 23:13:26 | 001,270,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtscript4.dll
MOD - [2011/04/24 23:13:26 | 000,758,160 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtnetwork4.dll
MOD - [2011/04/24 23:13:24 | 002,118,032 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtcore4.dll
MOD - [2011/04/24 23:13:24 | 002,089,360 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\qtdeclarative4.dll
MOD - [2011/04/20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\imageformats\qgif4.dll
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2008/04/14 19:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006/10/27 15:35:18 | 000,436,512 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
MOD - [2006/10/26 21:30:42 | 000,065,312 | ---- | M] () -- C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
MOD - [2006/10/26 13:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2006/01/03 22:47:12 | 001,282,048 | ---- | M] () -- C:\Program Files\MsgPopupEN\MsgPopup.exe
MOD - [2004/03/06 07:21:32 | 000,059,904 | ---- | M] () -- C:\Program Files\MsgPopupEN\msgpopup.dll
MOD - [2003/04/01 12:01:08 | 000,491,520 | ---- | M] () -- C:\Program Files\MightyFax\MFNTCTL.EXE


========== Win32 Services (SafeList) ==========

SRV - [2012/04/14 12:05:21 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/11 13:49:21 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/11 10:47:24 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/01 06:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/25 08:47:04 | 008,176,640 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/09/26 07:50:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\Apache2.2.21\bin\httpd.exe -- (wampapache)
SRV - [2011/04/24 23:15:02 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe -- (AVP)
SRV - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/16 19:02:16 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/09/30 19:02:50 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 19:02:48 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/09/12 00:34:12 | 001,488,128 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (O&O Defrag)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/04/14 10:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Pearson\Q Local System 2\SSEE\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$QLOCALINSTANCE) SQL Server (QLOCALINSTANCE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/14 13:24:37 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/04/11 12:08:33 | 000,565,552 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2012/04/11 10:56:04 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2012/04/11 10:00:03 | 000,024,944 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2012/04/11 09:59:31 | 000,017,488 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2011/03/10 18:34:46 | 000,034,608 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2011/03/04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2011/03/04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (KL1)
DRV - [2010/04/27 11:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/03/26 17:21:26 | 005,883,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/03/08 17:41:48 | 000,220,112 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009/11/18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/02 20:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009/09/17 11:54:14 | 000,041,088 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2009/08/18 19:50:49 | 000,009,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\dumpdrv.sys -- (DumpDrv)
DRV - [2008/03/04 13:43:08 | 000,984,832 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005/07/28 08:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2005/07/20 18:08:28 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2005/07/20 18:08:26 | 000,327,808 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\S-1-5-21-2000478354-920026266-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?...c=US&opt=0&st=2
IE - HKU\S-1-5-21-2000478354-920026266-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2000478354-920026266-1801674531-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 12 7C 7A FC 96 17 CD 01 [binary data]
IE - HKU\S-1-5-21-2000478354-920026266-1801674531-500\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-2000478354-920026266-1801674531-500\..\SearchScopes,DefaultScope = {638D0035-661E-43e1-B0B7-FDBA9B119C2E}
IE - HKU\S-1-5-21-2000478354-920026266-1801674531-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2000478354-920026266-1801674531-500\..\SearchScopes\{638D0035-661E-43e1-B0B7-FDBA9B119C2E}: "URL" = http://search.yahoo....icevm&type=IEBD
IE - HKU\S-1-5-21-2000478354-920026266-1801674531-500\..\SearchScopes\{CF8DCFCA-0EA7-4de8-8A6B-D2EFCCA3AB39}: "URL" = http://www.google.co...q={searchTerms}
IE - HKU\S-1-5-21-2000478354-920026266-1801674531-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.radioswis...ch/en/webradio"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/04/16 14:54:03 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/04/11 14:09:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\[email protected] [2012/04/11 14:09:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/16 13:37:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/04/16 13:37:02 | 000,000,000 | ---D | M]

[2012/04/11 10:58:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2012/04/14 08:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/04/14 08:21:01 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/03/13 11:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/10 00:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/03/13 11:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/13 11:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/04/16 07:17:11 | 000,001,269 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk = C:\Program Files\MightyFax\MFNTCTL.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MsgPopup.lnk = C:\Program Files\MsgPopupEN\MsgPopup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2000478354-920026266-1801674531-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-920026266-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F7767106-36B7-4C24-A72B-568A37C27772}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\WINDOWS\system32\klogon.dll) - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O20 - Winlogon\Notify\RailNotification: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/11 09:45:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/17 07:00:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2012/04/16 13:53:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2012/04/16 13:36:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/04/16 13:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/04/16 13:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/16 13:35:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple
[2012/04/16 13:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/04/16 13:35:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2012/04/16 13:29:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Apple Computer
[2012/04/16 13:16:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Laridian
[2012/04/16 13:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Laridian
[2012/04/16 13:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Laridian
[2012/04/16 08:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/04/16 08:43:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe Mini Bridge CS5
[2012/04/16 08:17:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Kindle Content
[2012/04/16 08:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Amazon
[2012/04/16 08:17:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Amazon
[2012/04/16 08:17:27 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2012/04/16 07:18:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2012/04/16 07:17:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WampServer
[2012/04/16 07:16:47 | 000,000,000 | ---D | C] -- C:\wamp
[2012/04/15 13:57:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/04/15 08:41:05 | 000,000,000 | ---D | C] -- C:\Program Files\Biblesoft
[2012/04/14 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/14 14:55:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/04/14 14:45:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2012/04/14 14:45:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012/04/14 13:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2012/04/14 13:57:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[2012/04/14 13:57:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/14 13:24:37 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2012/04/14 13:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2012/04/14 13:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/04/14 09:30:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\NVIDIA
[2012/04/14 09:17:19 | 000,000,000 | ---D | C] -- C:\NVTech Download Modules
[2012/04/14 08:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\skypePM
[2012/04/14 08:44:04 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/04/14 08:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/04/14 07:07:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller
[2012/04/14 07:06:25 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2012/04/14 06:49:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/04/13 07:24:44 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/04/13 07:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/13 07:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/13 07:24:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/04/13 06:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ACD Systems
[2012/04/13 06:57:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2012/04/12 09:41:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Bible
[2012/04/12 09:24:28 | 000,229,376 | ---- | C] (Wintertree Software Inc.) -- C:\WINDOWS\System32\ssce5532.dll
[2012/04/12 09:24:28 | 000,102,400 | ---- | C] (Info-ZIP) -- C:\WINDOWS\System32\unzip32.dll
[2012/04/12 09:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\BibleWorks 8
[2012/04/12 09:16:49 | 000,000,000 | ---D | C] -- C:\Program Files\Crosswire Thai
[2012/04/12 09:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\ThaiBible2003
[2012/04/12 09:08:30 | 001,044,480 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2012/04/12 09:08:30 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2012/04/12 08:44:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/04/12 07:32:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2012/04/12 06:52:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2012/04/12 06:36:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sun
[2012/04/11 16:02:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2012/04/11 16:01:41 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2012/04/11 16:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2012/04/11 16:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2012/04/11 16:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2012/04/11 16:01:37 | 000,000,000 | R--D | C] -- C:\Program Files
[2012/04/11 16:01:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2012/04/11 16:01:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2012/04/11 16:01:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu
[2012/04/11 16:01:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2012/04/11 16:01:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2012/04/11 16:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012/04/11 16:01:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2012/04/11 16:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2012/04/11 16:00:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2012/04/11 16:00:51 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2012/04/11 16:00:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\All Users\Application Data
[2012/04/11 16:00:34 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/04/11 16:00:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2012/04/11 15:56:40 | 000,000,000 | --SD | C] -- C:\WINDOWS\Offline Web Pages
[2012/04/11 15:56:40 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2012/04/11 15:56:40 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2012/04/11 15:56:40 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2012/04/11 15:56:40 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2012/04/11 15:56:40 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\NLDRV
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Network Diagnostic
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\L2Schemas
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2012/04/11 15:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2012/04/11 14:28:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oodag
[2012/04/11 13:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2012/04/11 13:56:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
[2012/04/11 13:53:55 | 000,065,536 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2012/04/11 13:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2012/04/11 13:53:05 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2012/04/11 13:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/04/11 13:50:17 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/04/11 13:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2012/04/11 13:50:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/04/11 13:48:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2012/04/11 13:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FileZilla FTP Client
[2012/04/11 13:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2012/04/11 13:47:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2012/04/11 13:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2012/04/11 13:45:35 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012/04/11 13:44:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Winamp
[2012/04/11 13:44:17 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2012/04/11 13:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2012/04/11 13:44:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2012/04/11 13:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/04/11 13:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/04/11 13:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\calibre
[2012/04/11 13:41:00 | 000,000,000 | ---D | C] -- C:\Program Files\Calibre2
[2012/04/11 13:41:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\calibre - E-book Management
[2012/04/11 13:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skype
[2012/04/11 13:37:05 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/11 13:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2012/04/11 13:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Universalis
[2012/04/11 13:25:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2012/04/11 13:07:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/04/11 13:01:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/04/11 12:57:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe-Photoshop-CS5
[2012/04/11 12:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wisdom-soft ScreenHunter
[2012/04/11 12:57:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Wisdom-soft ScreenHunter
[2012/04/11 12:57:18 | 000,000,000 | ---D | C] -- C:\Program Files\Wisdom-soft ScreenHunter
[2012/04/11 12:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012/04/11 12:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Kaspersky Anti-Virus 2012
[2012/04/11 12:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2012/04/11 12:08:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2012/04/11 12:08:33 | 000,565,552 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/04/11 11:52:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2012/04/11 11:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2012/04/11 11:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/04/11 11:38:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2012/04/11 11:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WinZip
[2012/04/11 11:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/04/11 11:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012/04/11 11:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\MsgPopupEN
[2012/04/11 11:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MessagePopup
[2012/04/11 11:35:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2012/04/11 11:35:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Intuit
[2012/04/11 11:33:49 | 004,194,304 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2012/04/11 11:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2012/04/11 11:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/04/11 11:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Intuit
[2012/04/11 11:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2012/04/11 11:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Intuit
[2012/04/11 11:32:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2012/04/11 11:32:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/04/11 11:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/04/11 11:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Intuit
[2012/04/11 11:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\SYSTRAN
[2012/04/11 11:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SYSTRAN
[2012/04/11 11:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ApplicationHistory
[2012/04/11 11:28:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SYSTRAN
[2012/04/11 11:27:15 | 000,000,000 | ---D | C] -- C:\Program Files\SYSTRAN
[2012/04/11 11:25:47 | 000,144,896 | R--- | C] (SYSTRAN) -- C:\WINDOWS\System32\libsyslic1.original.dll
[2012/04/11 11:25:47 | 000,057,344 | R--- | C] (NGEN TEAM) -- C:\WINDOWS\System32\libsyslic1.dll
[2012/04/11 11:23:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\O&O
[2012/04/11 11:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\O&O Software
[2012/04/11 11:23:30 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2012/04/11 11:21:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Ahead
[2012/04/11 11:21:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero 7 Ultra Edition
[2012/04/11 11:21:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ahead
[2012/04/11 11:21:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2012/04/11 11:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2012/04/11 11:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nero
[2012/04/11 11:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ahead
[2012/04/11 11:18:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MightyFax
[2012/04/11 11:18:49 | 000,117,248 | ---- | C] (TurboPower Software Company) -- C:\WINDOWS\System32\APFAXCNV.DLL
[2012/04/11 11:18:49 | 000,012,288 | ---- | C] (TurboPower Software Company) -- C:\WINDOWS\System32\APFMON40.DLL
[2012/04/11 11:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\MightyFax
[2012/04/11 11:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\dictionary
[2012/04/11 11:16:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\BookletCreator.com
[2012/04/11 11:15:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2012/04/11 11:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\BookletCreator
[2012/04/11 11:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\BookletCreator
[2012/04/11 11:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sync App Settings
[2012/04/11 11:14:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2012/04/11 11:14:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Allway Sync
[2012/04/11 11:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Allway Sync
[2012/04/11 11:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/11 11:12:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Auslogics
[2012/04/11 11:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2012/04/11 11:12:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ACD Systems
[2012/04/11 11:12:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2012/04/11 11:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ACD Systems
[2012/04/11 11:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\ACD Systems
[2012/04/11 11:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations
[2012/04/11 11:10:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NVTech
[2012/04/11 11:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\NVTech
[2012/04/11 11:08:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/04/11 11:08:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/04/11 11:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/11 11:08:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2012/04/11 11:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
[2012/04/11 11:07:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/04/11 11:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/04/11 11:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
[2012/04/11 11:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\FileHippo.com
[2012/04/11 10:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2012/04/11 10:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2012/04/11 10:58:44 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/04/11 10:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Screen-Hunter
[2012/04/11 10:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2012/04/11 10:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2012/04/11 10:56:07 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache
[2012/04/11 10:56:06 | 000,685,056 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\hardlock.sys
[2012/04/11 10:56:06 | 000,100,096 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\aksusb.sys
[2012/04/11 10:56:05 | 000,327,808 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\akshasp.sys
[2012/04/11 10:56:05 | 000,104,576 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\drivers\aksclass.sys
[2012/04/11 10:56:05 | 000,007,168 | ---- | C] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\akscoinst.dll
[2012/04/11 10:56:04 | 000,047,616 | ---- | C] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys
[2012/04/11 10:56:04 | 000,006,656 | ---- | C] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll
[2012/04/11 10:56:00 | 002,164,411 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\System32\haspds_windows.dll
[2012/04/11 10:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2012/04/11 10:55:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2012/04/11 10:52:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/04/11 10:51:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Q Local 2
[2012/04/11 10:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\Pearson
[2012/04/11 10:50:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pearson
[2012/04/11 10:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2012/04/11 10:47:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2012/04/11 10:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2012/04/11 10:47:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2012/04/11 10:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012/04/11 10:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012/04/11 10:44:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2012/04/11 10:41:22 | 000,155,648 | R--- | C] (Zenographics) -- C:\WINDOWS\System32\HP2600IR.dll
[2012/04/11 10:41:22 | 000,086,016 | R--- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZSPOOL.DLL
[2012/04/11 10:41:22 | 000,086,016 | R--- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zlhp2600.dll
[2012/04/11 10:41:22 | 000,028,672 | R--- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\zlm.dll
[2012/04/11 10:41:22 | 000,028,672 | R--- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\IMF32.DLL
[2012/04/11 10:41:22 | 000,024,576 | R--- | C] (Zenographics, Inc.) -- C:\WINDOWS\System32\ZTAG32.DLL
[2012/04/11 10:41:22 | 000,000,000 | -H-D | C] -- C:\Program Files\Zenographics
[2012/04/11 10:41:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2012/04/11 10:40:52 | 000,000,000 | ---D | C] -- C:\clj2600n printing system
[2012/04/11 10:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2012/04/11 10:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2012/04/11 10:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2012/04/11 10:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/04/11 10:29:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/04/11 10:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/04/11 10:26:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012/04/11 10:26:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/04/11 10:26:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help
[2012/04/11 10:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012/04/11 10:26:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2012/04/11 10:26:03 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/04/11 10:22:03 | 000,196,608 | R--- | C] (Motorola Inc.) -- C:\WINDOWS\System32\sm56co6a.dll
[2012/04/11 10:22:02 | 000,984,832 | R--- | C] (Motorola Inc.) -- C:\WINDOWS\System32\drivers\smserial.sys
[2012/04/11 10:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2012/04/11 09:59:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2012/04/11 09:56:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\GIGABYTE
[2012/04/11 09:56:48 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012/04/11 09:54:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2012/04/11 09:54:14 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE
[2012/04/11 09:53:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2012/04/11 09:53:50 | 000,358,944 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2012/04/11 09:53:48 | 000,129,568 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2012/04/11 09:53:13 | 002,815,520 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2012/04/11 09:53:12 | 001,691,480 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2012/04/11 09:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012/04/11 09:53:09 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2012/04/11 09:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2012/04/11 09:52:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent
[2012/04/11 09:50:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2012/04/11 09:50:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012/04/11 09:50:51 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2012/04/11 09:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012/04/11 09:50:41 | 000,000,000 | ---D | C] -- C:\Intel
[2012/04/11 09:50:28 | 000,000,000 | -H-D | C] -- C:\Program Files\DeviceVM
[2012/04/11 09:49:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Identities
[2012/04/11 09:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/04/11 09:48:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2012/04/11 09:48:28 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2012/04/11 09:48:15 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2012/04/11 09:48:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2012/04/11 09:48:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2012/04/11 09:48:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2012/04/11 09:48:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2012/04/11 09:48:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\My Documents
[2012/04/11 09:48:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Favorites
[2012/04/11 09:48:15 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2012/04/11 09:48:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2012/04/11 09:48:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2012/04/11 09:48:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2012/04/11 09:48:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2012/04/11 09:48:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2012/04/11 09:48:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2012/04/11 09:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2012/04/11 09:48:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2012/04/11 09:48:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2012/04/11 09:48:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2012/04/11 09:48:01 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2012/04/11 09:46:30 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2012/04/11 09:46:30 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2012/04/11 09:46:30 | 000,029,184 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2012/04/11 09:45:52 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2012/04/11 09:45:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2012/04/11 09:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/04/11 09:45:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2012/04/11 09:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2012/04/11 09:45:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/04/11 09:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\DefaultFolder
[2012/04/11 09:45:25 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2012/04/11 09:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/04/11 09:43:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2012/04/11 09:43:34 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2012/04/11 09:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2012/04/11 09:43:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2012/04/11 09:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2012/04/11 09:42:47 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2012/04/11 09:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2012/04/11 09:42:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2012/04/11 09:42:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2012/04/11 09:42:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2012/04/11 09:42:32 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2012/04/11 09:42:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2012/04/11 09:42:24 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2012/04/11 09:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2012/04/11 09:42:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2012/04/11 09:42:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2012/04/11 09:40:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2012/04/11 09:40:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2012/04/11 09:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012/04/11 09:36:58 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2012/04/11 09:36:42 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2012/04/11 09:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2012/04/11 09:36:25 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2012/04/11 09:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2012/04/11 09:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2012/04/11 09:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2012/04/11 09:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/04/11 09:34:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012/04/11 09:34:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/04/11 09:34:35 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/04/11 09:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2012/04/11 09:33:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRM
[2012/04/11 09:33:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\BitLockerDiscoveryVolumeContents
[2012/04/11 09:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2012/04/11 09:32:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/04/11 09:32:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2012/04/11 09:31:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2012/04/11 09:31:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/04/11 09:31:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2012/04/11 09:31:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012/04/11 09:31:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\WindowsPowerShell
[2012/04/11 09:31:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012/04/11 09:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2012/04/11 09:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2012/04/11 09:30:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2012/04/11 09:30:56 | 000,281,088 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2012/04/11 09:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2012/04/11 09:30:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2012/04/11 09:30:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2012/04/11 09:30:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/04/11 09:30:14 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/17 07:05:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/17 06:49:45 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/17 06:29:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/17 06:29:42 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/17 06:29:40 | 003,662,592 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/17 06:28:53 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2012/04/17 06:28:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/17 06:28:41 | 000,049,764 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2012/04/16 14:17:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/16 13:29:22 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2012/04/16 13:29:22 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2012/04/16 13:23:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\PCSB.ERR
[2012/04/16 13:06:17 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/04/16 12:41:44 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/04/16 11:45:04 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/16 07:17:11 | 000,001,269 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/15 13:39:26 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/04/15 09:28:23 | 000,000,754 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HighLight Dictionary.LNK
[2012/04/15 09:00:55 | 000,002,461 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2007.lnk
[2012/04/14 13:57:44 | 000,001,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2012/04/14 13:21:53 | 000,572,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/14 13:21:53 | 000,112,926 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/14 08:48:19 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/04/14 06:51:55 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/04/12 06:57:52 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2012/04/12 06:36:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/12 06:33:01 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/12 06:33:01 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/12 06:32:13 | 000,293,992 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/11 16:01:46 | 000,004,444 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2012/04/11 14:09:23 | 000,115,369 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/04/11 14:09:23 | 000,097,961 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/04/11 13:54:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/04/11 13:18:16 | 000,235,289 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012/04/11 13:06:32 | 000,000,860 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS5.lnk
[2012/04/11 13:03:43 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JESUITS-A7A3CC2-Administrator.job
[2012/04/11 12:58:32 | 000,000,870 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ScreenHunter 4.0 Free.lnk
[2012/04/11 12:10:26 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db
[2012/04/11 12:08:33 | 000,565,552 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2012/04/11 11:47:32 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/11 11:43:42 | 000,000,092 | ---- | M] () -- C:\WINDOWS\MFPD.INI
[2012/04/11 11:36:59 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MsgPopup.lnk
[2012/04/11 11:33:51 | 000,000,095 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/04/11 11:28:36 | 000,000,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2012/04/11 11:26:54 | 000,878,080 | ---- | M] () -- C:\WINDOWS\System32\iconv.dll
[2012/04/11 11:26:54 | 000,721,920 | ---- | M] () -- C:\WINDOWS\System32\libxml2.dll
[2012/04/11 11:26:54 | 000,170,432 | ---- | M] () -- C:\WINDOWS\System32\libsyslic1.pd
[2012/04/11 11:26:54 | 000,150,016 | ---- | M] () -- C:\WINDOWS\System32\libxslt.dll
[2012/04/11 11:26:54 | 000,051,200 | ---- | M] () -- C:\WINDOWS\System32\libexslt.dll
[2012/04/11 11:26:54 | 000,000,192 | ---- | M] () -- C:\WINDOWS\System32\libsyslic1.ls
[2012/04/11 11:18:54 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk
[2012/04/11 10:56:04 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\Haspnt.sys
[2012/04/11 10:56:04 | 000,006,656 | ---- | M] (Aladdin Knowledge Systems.) -- C:\WINDOWS\System32\haspvdd.dll
[2012/04/11 10:56:04 | 000,002,620 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/11 10:56:04 | 000,000,383 | ---- | M] () -- C:\WINDOWS\System32\haspdos.sys
[2012/04/11 10:29:19 | 000,001,493 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/04/11 10:19:23 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2012/04/11 10:00:03 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2012/04/11 09:59:44 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012/04/11 09:59:44 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012/04/11 09:49:56 | 000,000,010 | ---- | M] () -- C:\WINDOWS\GSetup.ini
[2012/04/11 09:48:53 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/11 09:46:52 | 000,000,689 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/04/11 09:45:00 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\config.hsp
[2012/04/11 09:45:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/04/11 09:45:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/04/11 09:45:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2012/04/11 09:45:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/04/11 09:44:58 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/04/11 09:44:58 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/04/11 09:44:51 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/04/11 09:44:19 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2012/04/11 09:36:41 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/16 13:35:37 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2012/04/16 13:29:22 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2012/04/16 13:29:22 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/04/16 11:45:04 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/04/15 14:05:43 | 003,662,592 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/15 09:28:23 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\HighLight Dictionary.LNK
[2012/04/15 08:30:36 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype.lnk
[2012/04/14 08:48:19 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2012/04/13 06:59:45 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/12 09:24:28 | 000,181,760 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2012/04/12 09:24:28 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\bwplay.exe
[2012/04/12 09:24:28 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2012/04/12 09:24:27 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\patchw.dll
[2012/04/12 09:24:27 | 000,058,280 | ---- | C] () -- C:\WINDOWS\System32\bwntsend.dll
[2012/04/12 09:24:27 | 000,058,280 | ---- | C] () -- C:\WINDOWS\System32\bwnthook.dll
[2012/04/12 09:24:26 | 007,533,568 | ---- | C] () -- C:\WINDOWS\System32\bwbits80.dll
[2012/04/12 09:14:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCSB.ERR
[2012/04/12 09:08:17 | 000,291,840 | ---- | C] () -- C:\Program Files\Common Files\PCSBoff.exe
[2012/04/12 09:08:17 | 000,090,112 | ---- | C] () -- C:\Program Files\Common Files\PCSBclean.exe
[2012/04/12 07:31:38 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/12 06:57:51 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2012/04/12 06:31:59 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/11 16:01:46 | 000,004,444 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2012/04/11 16:01:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/04/11 16:01:39 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2012/04/11 16:01:39 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2012/04/11 16:01:38 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2012/04/11 16:01:38 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2012/04/11 16:01:21 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2012/04/11 16:01:06 | 002,144,487 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2012/04/11 16:01:06 | 001,296,669 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP3.CAT
[2012/04/11 16:01:06 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2012/04/11 16:01:06 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2012/04/11 16:01:06 | 000,144,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\netfx.cat
[2012/04/11 16:01:06 | 000,112,918 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tabletpc.cat
[2012/04/11 16:01:06 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2012/04/11 16:01:06 | 000,034,747 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mediactr.cat
[2012/04/11 16:01:06 | 000,034,063 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2012/04/11 16:01:06 | 000,026,991 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2012/04/11 16:01:06 | 000,016,535 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2012/04/11 16:01:06 | 000,014,433 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2012/04/11 16:01:06 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2012/04/11 16:01:06 | 000,012,363 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2012/04/11 16:01:06 | 000,010,027 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2012/04/11 16:01:06 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2012/04/11 16:01:06 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2012/04/11 16:01:06 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2012/04/11 16:01:05 | 000,522,220 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2012/04/11 15:59:33 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2012/04/11 15:59:29 | 000,000,689 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2012/04/11 13:54:50 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/04/11 13:54:50 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/04/11 13:54:50 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/04/11 13:54:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012/04/11 13:53:54 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/04/11 13:53:54 | 000,007,843 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012/04/11 13:45:37 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2012/04/11 13:28:01 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Universalis.lnk
[2012/04/11 13:06:32 | 000,000,860 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Photoshop CS5.lnk
[2012/04/11 13:03:42 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JESUITS-A7A3CC2-Administrator.job
[2012/04/11 12:58:32 | 000,000,870 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ScreenHunter 4.0 Free.lnk
[2012/04/11 12:10:24 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WebpageIcons.db
[2012/04/11 12:09:34 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2012/04/11 12:09:34 | 000,097,961 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2012/04/11 11:47:32 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2012/04/11 11:45:18 | 000,002,533 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2012/04/11 11:45:12 | 000,002,461 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Publisher 2007.lnk
[2012/04/11 11:45:05 | 000,002,491 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2012/04/11 11:40:19 | 000,049,764 | ---- | C] () -- C:\WINDOWS\System32\oodbs.lor
[2012/04/11 11:39:21 | 001,168,672 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/04/11 11:36:59 | 000,000,708 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MsgPopup.lnk
[2012/04/11 11:32:06 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/04/11 11:28:36 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2012/04/11 11:26:54 | 000,878,080 | ---- | C] () -- C:\WINDOWS\System32\iconv.dll
[2012/04/11 11:26:54 | 000,721,920 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2012/04/11 11:26:54 | 000,170,432 | ---- | C] () -- C:\WINDOWS\System32\libsyslic1.pd
[2012/04/11 11:26:54 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\libxslt.dll
[2012/04/11 11:26:54 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\libexslt.dll
[2012/04/11 11:26:54 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\libsyslic1.ls
[2012/04/11 11:18:54 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk
[2012/04/11 11:18:53 | 000,000,092 | ---- | C] () -- C:\WINDOWS\MFPD.INI
[2012/04/11 11:16:50 | 000,000,754 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\HighLight Dictionary.LNK
[2012/04/11 11:07:43 | 000,000,900 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/11 11:07:42 | 000,000,896 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/11 11:00:32 | 000,001,638 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Update Checker.lnk
[2012/04/11 10:58:46 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/04/11 10:56:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TempFile
[2012/04/11 10:56:04 | 000,002,577 | ---- | C] () -- C:\WINDOWS\System32\config.hsp
[2012/04/11 10:56:04 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2012/04/11 10:47:03 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 9 Pro.lnk
[2012/04/11 10:41:22 | 011,194,368 | R--- | C] () -- C:\WINDOWS\System32\zhhp_res.dll
[2012/04/11 10:41:22 | 000,805,928 | R--- | C] () -- C:\WINDOWS\System32\hp2600n.img
[2012/04/11 10:41:22 | 000,749,568 | R--- | C] () -- C:\WINDOWS\System32\agissi.dll
[2012/04/11 10:41:22 | 000,282,624 | R--- | C] () -- C:\WINDOWS\System32\zshp2600.exe
[2012/04/11 10:41:22 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\zhhp2600.exe
[2012/04/11 10:41:22 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\vshp2600.dll
[2012/04/11 10:28:09 | 000,001,493 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Explorer.lnk
[2012/04/11 10:28:02 | 000,001,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Calculator.lnk
[2012/04/11 10:19:04 | 000,019,495 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2012/04/11 10:00:03 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2012/04/11 10:00:03 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\GVTunner.ref
[2012/04/11 09:59:44 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2012/04/11 09:59:44 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2012/04/11 09:54:22 | 000,080,416 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012/04/11 09:54:15 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe
[2012/04/11 09:54:14 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
[2012/04/11 09:50:34 | 000,001,164 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Social Games.lnk
[2012/04/11 09:49:56 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2012/04/11 09:49:56 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2012/04/11 09:48:53 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2012/04/11 09:48:51 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk
[2012/04/11 09:48:29 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk
[2012/04/11 09:48:15 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2012/04/11 09:46:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/04/11 09:46:27 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2012/04/11 09:46:18 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2012/04/11 09:46:14 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2012/04/11 09:46:14 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2012/04/11 09:46:13 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2012/04/11 09:46:05 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2012/04/11 09:46:02 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2012/04/11 09:46:00 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2012/04/11 09:45:54 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2012/04/11 09:45:00 | 000,002,620 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/04/11 09:45:00 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/04/11 09:45:00 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/04/11 09:45:00 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2012/04/11 09:45:00 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2012/04/11 09:44:53 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2012/04/11 09:44:53 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2012/04/11 09:44:51 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2012/04/11 09:43:13 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2012/04/11 09:42:57 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2012/04/11 09:42:57 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2012/04/11 09:42:51 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2012/04/11 09:42:30 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2012/04/11 09:40:26 | 000,001,625 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\BitLocker To Go Reader.lnk
[2012/04/11 09:36:41 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/04/11 09:32:55 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2012/04/11 09:32:55 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2012/04/11 09:32:54 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2012/04/11 09:32:54 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2012/04/11 09:32:54 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2012/04/11 09:32:54 | 000,004,640 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.h
[2012/04/11 09:32:54 | 000,003,100 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.h
[2012/04/11 09:32:54 | 000,002,590 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.h
[2012/04/11 09:31:35 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\winrmprov.mof
[2012/04/11 09:31:34 | 000,201,184 | ---- | C] () -- C:\WINDOWS\System32\winrm.vbs
[2012/04/11 09:31:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\winrm.cmd
[2012/04/11 09:31:33 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\WsmTxt.xsl
[2012/04/11 09:31:33 | 000,001,559 | ---- | C] () -- C:\WINDOWS\System32\WsmPty.xsl
[2012/04/11 09:31:16 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2012/04/11 09:31:16 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2012/04/11 09:31:16 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2012/04/11 09:31:16 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2012/04/11 09:31:16 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2012/04/11 09:31:15 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2012/04/11 09:31:15 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2012/04/11 09:31:15 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2012/04/11 09:31:15 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2012/04/11 09:31:15 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2012/04/11 09:31:15 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2012/04/11 09:31:11 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2012/04/11 09:31:11 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2012/04/11 09:31:10 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2012/04/11 09:31:05 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011/06/17 05:29:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/03/11 12:43:54 | 000,029,763 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat

========== LOP Check ==========

[2012/04/13 06:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ACD Systems
[2012/04/11 13:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2012/04/11 13:42:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\calibre
[2012/04/14 14:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2012/04/14 13:57:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure
[2012/04/16 12:57:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FileZilla
[2012/04/16 13:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Laridian
[2012/04/14 13:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ParetoLogic
[2012/04/16 08:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/04/11 11:14:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sync App Settings
[2012/04/11 11:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SYSTRAN
[2012/04/17 07:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2012/04/11 09:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2012/04/12 08:44:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2012/04/11 11:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACD Systems
[2012/04/14 08:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2012/04/11 11:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/04/14 14:05:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2012/04/11 11:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2012/04/11 11:32:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/04/14 14:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2012/04/11 10:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pearson
[2012/04/11 13:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/04/13 08:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2012/04/11 11:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sync App Settings
[2012/04/15 14:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/04/11 11:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B

< End of report >

OTL Extras logfile created on: 4/17/2012 07:11:29 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.46 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 76.13% Memory free
5.29 Gb Paging File | 4.45 Gb Available in Paging File | 84.04% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 172.79 Gb Total Space | 138.17 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive D: | 292.97 Gb Total Space | 125.43 Gb Free Space | 42.81% Space Free | Partition Type: NTFS
Drive E: | 298.09 Gb Total Space | 130.73 Gb Free Space | 43.86% Space Free | Partition Type: NTFS

Computer Name: JESUITS-A7A3CC2 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-2000478354-920026266-1801674531-500\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2010\QBDBMgrN.exe:*:Enabled:QuickBooks 2010 Data Manager -- (Intuit, Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:?Torrent -- (BitTorrent, Inc.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0363D88C-A222-4715-AE00-76AC8DB8C377}" = Q Local System 2
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A424-40A5-BD20-04BF618CA0F9}" = QuickBooks Premier Edition 2010
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10A7EE48-2F86-42E8-8DA1-30BFD67F7830}" = PocketBible for Windows
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java™ 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java™ 7 Update 3
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (QLOCALINSTANCE)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C94F105-81D0-4AFC-8F0A-38949DC07F65}" = SYSTRAN
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}" = Microsoft SQL Server Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{654977DB-0001-0002-0000-EABD228DDE8B}" = Microsoft Download Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9CF03DAA-5A19-4FFB-A196-762BD7FCA13D}" = PocketBible Life Application NT Commentary (LANTC)
"{A1BC7068-C1BA-410F-8B9A-DB807C803DE2}" = Adobe Creative Suite 5 Design Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
"{AC76BA86-1048-8780-7760-000000000004}_951" = Adobe Acrobat 9.5.1 - CPSID_83708
"{AC76BA86-1048-8780-7760-000000000004}{AC76BA86-1048-8780-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Russian
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B038A58E-EAF0-44CB-ADCA-3895ECD0812D}" = BibleWorks 8
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}" = Microsoft SQL Server VSS Writer
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C6}" = WinZip 16.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Ultra Edition
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC67EE67-AE97-11D6-A70C-0050DA19147B}" = Task Force ImageGALLERY
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ED6C5ECD-5AA4-4054-BF67-8F49526E5765}" = O&O Defrag Professional
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDE8FDFF-7B95-4235-BB3F-AE63397864C9}" = calibre
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Allway Sync_is1" = Allway Sync version 11.4.0
"Amazon Kindle" = Amazon Kindle
"BookletCreator" = BookletCreator
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Crosswire Thai" = Crosswire Thai 1.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"HP-Color LaserJet 2600n" = Color LaserJet 2600n
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.0521.1
"InstallShield_{4C94F105-81D0-4AFC-8F0A-38949DC07F65}" = SYSTRAN
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B09.1014.2
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Anti-Virus 2012
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.6.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MessagePopup II_is1" = MessagePopup
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MightyFax" = MightyFax
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"PC Study Bible" = PC Study Bible (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.93
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"ST6UNST #1" = HighLight Dictionary 3.00 (2010)
"ST6UNST #2" = Thai Bible 2003 Version 1.1
"Universalis" = Universalis Liturgy of the Hours
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.0.1
"WampServer 2_is1" = WampServer 2.2
"Winamp" = Winamp
"Wisdom-soft ScreenHunter 4.0 Free" = Wisdom-soft ScreenHunter 4.0 Free

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-920026266-1801674531-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2012 01:55:36 | Computer Name = JESUITS-A7A3CC2 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 4/14/2012 01:55:36 | Computer Name = JESUITS-A7A3CC2 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 4/14/2012 01:55:36 | Computer Name = JESUITS-A7A3CC2 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 4/14/2012 02:10:25 | Computer Name = JESUITS-A7A3CC2 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 4/14/2012 02:10:25 | Computer Name = JESUITS-A7A3CC2 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 4/14/2012 02:10:25 | Computer Name = JESUITS-A7A3CC2 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 4/14/2012 02:10:25 | Computer Name = JESUITS-A7A3CC2 | Source = QuickBooks | ID = 4
Description = An unexpected error has occured in "QuickBooks": Returning NULL QBWinInstance
Hand

Error - 4/14/2012 02:21:08 | Computer Name = JESUITS-A7A3CC2 | Source = Application Error | ID = 1000
Description = Faulting application dtlite.exe, version 4.45.4.314, faulting module
mshtml.dll, version 8.0.6001.23181, fault address 0x00209e30.

Error - 4/14/2012 02:21:35 | Computer Name = JESUITS-A7A3CC2 | Source = Application Error | ID = 1000
Description = Faulting application dtlite.exe, version 4.45.4.314, faulting module
mshtml.dll, version 8.0.6001.23181, fault address 0x00209e30.

Error - 4/14/2012 02:24:15 | Computer Name = JESUITS-A7A3CC2 | Source = Application Error | ID = 1000
Description = Faulting application dtlite.exe, version 4.45.4.314, faulting module
mshtml.dll, version 8.0.6001.23181, fault address 0x00209e30.

[ System Events ]
Error - 4/14/2012 03:16:32 | Computer Name = JESUITS-A7A3CC2 | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/14/2012 03:16:32 | Computer Name = JESUITS-A7A3CC2 | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 4/14/2012 03:16:32 | Computer Name = JESUITS-A7A3CC2 | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 4/14/2012 03:16:32 | Computer Name = JESUITS-A7A3CC2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AppleCharger Fips intelppm IPSec kl2 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip

Error - 4/14/2012 03:17:23 | Computer Name = JESUITS-A7A3CC2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/14/2012 03:18:11 | Computer Name = JESUITS-A7A3CC2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 4/14/2012 03:19:13 | Computer Name = JESUITS-A7A3CC2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 4/14/2012 22:28:42 | Computer Name = JESUITS-A7A3CC2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 4/14/2012 22:28:42 | Computer Name = JESUITS-A7A3CC2 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Search service
to connect.

Error - 4/14/2012 22:28:42 | Computer Name = JESUITS-A7A3CC2 | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053


< End of report >
  • 0

#5
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Please download and run Unhide.exe.



Are you experiencing any kind of malware symptoms at all? If so, which?

Is your hidden folders problem fixed after doing the above? If not, which folders are still hidden?
  • 0

#6
paulsiam

paulsiam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
ScreenHunter_004.jpg i ran unhide.exe
The report file is here.
BUT - didn't do anything. I attach a copy of what the drive folders on D look like. Some are dark orange (not hidden attribute) and others are light orange (hidden). Sorry if my terminology is incorrect. By that I mean that if I go to properties, at the bottom of the info screen the attribute is checked as hidden, but greyed out, so that I have no option to change it. Only some of the folders are this way. (please see attachment)

_______________________________
Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html

Program started at: 04/18/2012 07:13:56 AM
Windows Version: Windows XP

Please be patient while your files are made visible again.ScreenHunter_003.jpg

Processing the C:\ drive
Finished processing the C:\ drive. 119780 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 485441 files processed.

Processing the E:\ drive
Finished processing the E:\ drive. 528514 files processed.

The C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: http://www.bleepingc...opic405109.html

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* HideIcons was set to 1! It was set back to 0!

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/18/2012 07:38:55 AM
Execution time: 0 hours(s), 24 minute(s), and 59 seconds(s)

Edited by paulsiam, 17 April 2012 - 06:56 PM.

  • 0

#7
paulsiam

paulsiam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
i might add two more info.

not aware of any malware problems. (Ran Malwarebytes full scan, all drives, no problems)

If i want to make an addition to my start menu, i cannot make it appear if it is from one of those hidden folders. But if I make a shortcut first, and then put the shortcut onto the start menu, it appears. Dont know if that gives any light?

Paul

Edited by paulsiam, 17 April 2012 - 07:30 PM.

  • 0

#8
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#9
paulsiam

paulsiam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
ran combo and here is the log file.

Thanks!Attached File  log.txt   13.29KB   137 downloads

ComboFix 12-04-18.02 - Administrator 04/19/2012 7:25.1.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.874.1.1033.18.3543.2972 [GMT 7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\PPro20g.ocx
.
c:\windows\system32\drivers\i8042prt.sys . . . is missing!!
.
.
((((((((((((((((((((((((( Files Created from 2012-03-19 to 2012-04-19 )))))))))))))))))))))))))))))))
.
.
2012-04-16 00:16 . 2012-04-16 00:17 -------- d-----w- C:\wamp
2012-04-14 02:17 . 2012-04-14 02:17 -------- d-----w- C:\NVTech Download Modules
2012-04-11 09:01 . 2012-04-18 05:41 -------- d-----r- C:\Program Files
2012-04-11 09:00 . 2012-04-11 06:56 -------- d-----w- C:\Documents and Settings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 10:58 . 2011-04-25 16:09 919552 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:58 . 2011-04-25 16:09 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 10:58 . 2011-04-25 16:09 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-29 23:58 . 2009-06-10 10:33 5918720 ----a-w- c:\windows\system32\nvcuda.dll
2012-02-29 23:58 . 2009-06-10 10:33 4309760 ----a-w- c:\windows\system32\nv4_disp.dll
2012-02-29 23:58 . 2009-06-10 10:33 2522944 ----a-w- c:\windows\system32\nvcuvid.dll
2012-02-29 23:58 . 2009-06-10 10:33 2437440 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-02-29 23:58 . 2009-06-10 10:33 2291712 ----a-w- c:\windows\system32\nvapi.dll
2012-02-29 23:58 . 2009-06-10 10:33 18624512 ----a-w- c:\windows\system32\nvoglnt.dll
2012-02-29 23:58 . 2009-06-10 10:33 13417632 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2012-02-29 20:30 . 2009-06-10 01:29 54272 ----a-w- c:\windows\system32\nvwddi.dll
2012-02-29 20:30 . 2009-06-10 01:28 15494464 ----a-w- c:\windows\system32\nvcpl.dll
2012-02-29 20:30 . 2009-06-10 01:28 143680 ----a-w- c:\windows\system32\nvcolor.exe
2012-02-29 20:30 . 2009-06-10 01:28 164160 ----a-w- c:\windows\system32\nvsvc32.exe
2012-02-29 20:30 . 2009-06-10 01:28 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-02-29 12:30 . 2011-04-25 11:36 385024 ----a-w- c:\windows\system32\html.iec
1998-04-26 17:00 . 1998-04-26 17:00 570128 ----a-w- c:\program files\Common Files\dao350.dll
2012-03-13 04:39 . 2012-04-11 03:58 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-06-17 . EA22DA5C7AE7192A12E37A7C546220C6 . 361600 . . [5.1.2600.6009] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2011-06-17 . 1C891C955AAA123C937B82E3AE7610CF . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="c:\program files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE" [2006-10-26 434528]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-26 19522592]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-03-04 638976]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-29 15494464]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-29 108352]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"KB976002-v5"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
MightyFAX Controller.lnk - c:\program files\MightyFax\MFNTCTL.EXE [2012-4-11 491520]
MsgPopup.lnk - c:\program files\MsgPopupEN\MsgPopup.exe [2006-1-3 1282048]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 00:22 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 07:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 04:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks 2010\\QBDBMgrN.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [4/11/2012 09:54 19496]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [3/4/2011 13:23 11352]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [10/15/2009 14:06 223464]
R2 MSSQL$QLOCALINSTANCE;SQL Server (QLOCALINSTANCE);c:\program files\Pearson\Q Local System 2\SSEE\MSSQL.1\MSSQL\Binn\sqlservr.exe [4/14/2006 10:07 28933976]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [4/11/2012 13:56 2348352]
R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [4/11/2012 09:52 2320920]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [3/10/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 20:27 19472]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [8/18/2009 19:50 9472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4/11/2012 09:35 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2012 11:07 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 08:50 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/12/2012 07:31 253088]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/11/2012 09:53 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2012 11:07 136176]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [4/11/2012 10:00 24944]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 13:37 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [10/3/2008 18:54 14848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 05:05]
.
2012-04-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-JESUITS-A7A3CC2-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-04-11 20:44]
.
2012-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-11 04:07]
.
2012-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-11 04:07]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\tb2iqqip.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.radioswissclassic.ch/en/webradio
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
Notify-RailNotification - (no file)
MSConfigStartUp-SDTray - c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-19 07:29
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
c:\windows\system32\zshp2600.exe [2404] 0x89424020
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2000478354-920026266-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,01,1a,a2,5b,eb,43,4b,a1,fe,f7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,22,01,1a,a2,5b,eb,43,4b,a1,fe,f7,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="E8EA0CBD8CD110FA27119AA3DAC585EAA087C564973B17ECC242F28129C92EC34F4C15E682EDD0DFD558760167BF80DB3B212020407F9DC3D919BDACFA69DAB428EAA4ADFCE3C8CB7449DD99A7F0685CAF134580E8FA5484C53F38795F6FF4018BA055EC0C23CA6136F24926140BBF7F673F2FB993C790CDC88B7B388379C37334590032256FAF3BEC75F4108A18104A709C1AB4A7D0AC32CAE8E6EDF4F8914C0214C4419EDDD1E4140660F84CF2E5B6FCB3088C6F5885B9D4571BD5A834AB4079E7851037DB1360C5ED4F33FECBD0B2E125BE939972FD5F186900DB75C365F5437AEA488E25FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A9C6AECB7A5D1407A6A0AC4980AC7933A6A0AC4980AC7933AB9AA262C579B6DF4A8432F075A5A9AEBE70B971576B4B50B53B937C98675CB3BF956B543751A1D58EE4212542400F2EB9704697273D0F6615562B2D8F2BD3DF166072F6D3F8368ECB1DC40F73A6B022E34B0170A79AD87DC21A13908144F57EAA2F3FD39893A41A6D8B1DCDC6B9073E393083D1F84188906B9F1DD0106FAFF2F7297C0C487B7FDF60844D174090EF8EB8BD882600A5E4EE3FF53EAC1F1E4E6F03E97952E83EBF9899D09F32277629F1E60C716865EF963DF21E1375D77283FD4FFD296E451EBE528EAAFDFB8669D89ACB21C3AB14F9ABF23F105713A84867FA666A213BEA10BCEFB945F8E3AC9C0711717B28953DD594DCE033ED7E4229F31857271DA62CBC5E259AC1456E2E74A0AD698BEC5DD344269919675D4699578659339CFC371E83A87D32393934618DF4A046B600D111BE9B9C2BFCCD0DE7C6E2968EACC1019C7409D509B75161E1363A6C9FD6F8D3716F132FDF3C8D892A212EFE84A794B0C5554DE0283D2DB68E6F876811B70FD833B70B6B065D0F04A1407311B155BD84FAA02AA21F3E92078AF158BDBA1AA06ADBA86A426B0FE85D54B7A022B8F1AED16103377780A1E63C3DA60F6C40B4ADA4B38B7A76E5F3D2060AC90ADA3EAC79FDE55DED8A6344B6D1D02DEE47C82FD9BAC65C68A14F21AD84CFF0E2B9EC26D2853447AF5FE17633583657217501A6F0EFE449472D83A078F3F7D7C78D727719F6BE883F4B9AFBAF749F2B31F017ABDD9EA236895BE1715B8197DF37FBFE2B49F5BC9E44F6B00CA2DD83E48F09BF453233573A8B3E50051FF0079D127DC8C0073A283B4962C9D32ADF1DF0115F32EAA2B0202208BC37C03117E3D9A05F0BAA988DBE453E5D91F2845CECF36EEB2A8A082A5D6CA2958300A4DE10100CC1014FE85082D4F68E37FC9647B5C243F86804DECA324CDFD5258F2FC62F726299EE0A0776B9B82BEF6BFAE7A87DE81026AE2DC84F872AA76312322A602A6417AF982B27056FEF74CD65E6"
.
Completion time: 2012-04-19 07:30:57
ComboFix-quarantined-files.txt 2012-04-19 00:30
.
Pre-Run: 148,574,896,128 bytes free
Post-Run: 148,579,397,632 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4376D731EEBA342DA0FDDB4C212459F8
  • 0

#10
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
All of your logs are clean, so I'm quite sure your problem isn't caused by malware.

Let's clean-up the tools we used:

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

If you still need our help, you can start a new topic here. :thumbsup:
  • 0

#11
paulsiam

paulsiam

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 122 posts
i was told to try this at run command, and it worked perfectly. Thought I would pass it on.

attrib -H -S \*.* /S /D
  • 0

#12
Gammo

Gammo

    Member 2k

  • Malware Removal
  • 2,299 posts
I'm glad to hear the problem is resolved. :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP